pc infecté 2013-11-19T20:44:54+00:00
  • Auteur
    Messages
  • Photo du profil de ducgordonducgordon
    Participant
    Post count: 37

    Bonsoir je pense que mon pc est infecté par somoto car comodo ma trouvé un fichier de ce nom
    Mon pc ne peu plus ce mettre en ligne pour les jeux

    Rapport ZHP
    ~ Rapport de ZHPDiag v2013.11.19.41 – Nicolas Coolman (19/11/2013)
    ~ Lancé par HP (19/11/2013 21:26:11)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16428
    MFIE: Mozilla Firefox 25.0.1 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 3Q6C9
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    COMODO Internet Security Premium v6.2.20728.2847
    Malwarebytes Anti-Malware version 1.75.0.1300
    Panda Cloud Cleaner v1.0.68
    Spybot – Search & Destroy v1.6.2
    ZoneAlarm Free Firewall v10.2.068.000
    Windows Defender W7

    —\ Logiciels d’optimisation du système
    CCleaner v4.07 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    Java 7 Update 21

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 4095 MB (55% free)
    System Restore: Activé (Enable)
    System drive C: has 600 GB (87%) free of 685 GB

    —\ Mode de connexion au système
    ~ Computer Name: HP-HP
    ~ User Name: HP
    ~ All Users Names: UpdatusUser, HP, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersHPAppDataRoamingZHP
    ~ %AppData% : C:UsersHPAppDataRoaming
    ~ %Desktop% : C:UsersHPDesktop
    ~ %Favorites% : C:UsersHPFavorites
    ~ %LocalAppData% : C:UsersHPAppDataLocal
    ~ %StartMenu% : C:UsersHPAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 600 Go of 685 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
    E: CD-ROM drive (Not Inserted)
    G: Floppy drive, Flash card reader, USB Key (Not Inserted)
    Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: Modified =>Hijacker.Application
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.E6CB36B85BE59095337427E853A5B65A] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/11/2013 – 21:20:40.) — C:WindowsSystem32wininet.dll [2332160]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/342
    ~ Mes musiques (My Musics) : 5/20
    ~ Mes Favoris (My Favorites) : 1/26
    ~ Mes Documents (My Documents) : 1/42255
    ~ Mon Bureau (My Desktop) : 1/337
    ~ Menu demarrer (Programs) : 1/39
    ~ Hidden Files: Scanned in 00mn 18s

    —\ Processus lancés
    [MD5.095184B28B8414A6D2D09C1CE7C7B86F] – (.Orange – Executable Orange Inside.) — C:UsersHPAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe [1530520] [PID.1928]
    [MD5.66295B0D0FB2292C6D62904F5C3DE0B2] – (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe [561320] [PID.1944]
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2152]
    [MD5.554A50B5310E702029D3A675459108FF] – (.Hewlett-Packard – hpsysdrv.) — C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe [62768] [PID.2884]
    [MD5.63A648C5FEB5DE641E1174ACB6CF78C6] – (.Pas de propriétaire – SmartMenu.) — C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe [568888] [PID.3964]
    [MD5.1B7406B1EEF9924D589A7007C3733877] – (.Pas de propriétaire – Rainlendar2.) — C:Program Files (x86)Rainlendar2Rainlendar2.exe [2598496] [PID.4020]
    [MD5.5516C26A6AF8EB4E2CAB48EC98A74398] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HpHP Software Updatehpwuschd2.exe [54576] [PID.2840]
    [MD5.231DA9B27C7ED740617FD494558A1124] – (.AdTrustMedia – PrivDog Service.) — C:Program Files (x86)AdTrustMediaPrivDog1.7.0.12trustedadssvc.exe [515240] [PID.3896]
    [MD5.CC02FE4520CA886508069245D9A6962F] – (.Microsoft Corporation – Internet Low-Mic Utility Tool.) — C:Program Files (x86)Internet ExplorerIELowutil.exe [222720] [PID.3768]
    [MD5.077D59BA0FD4007E841B6C670862B065] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.5520]
    [MD5.E0B173F23D873286169995D66B9E3CDF] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.5856]
    [MD5.CEED3CE0035F55A08EEEC34B5804723C] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.5892]
    [MD5.5B201C6E792E3CBAA7AE8CAA680BA28F] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8259072] [PID.2896]
    [MD5.47D1F0444CE33A0CA42409A88896CD8D] – (.Hewlett-Packard – HP Advisor.) — C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe [1590840] [PID.4084]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1876]
    [MD5.DC94357F990759316423D021AEEAAF45] – (…) — C:Program Files (x86)ComodoDragondragon_updater.exe [2098880] [PID.1032]
    [MD5.CA793DCC1D5F619021EF1D37CC7A831E] – (.EasyBits Software AS – Shared EasyBits services for Windows.) — C:WindowsSysWOW64ezSharedSvcHost.exe [514232] [PID.1184]
    [MD5.7550D101BF49FDB1F92666A233EE36C4] – (.Hewlett-Packard Company – LightScribe Service.) — c:Program Files (x86)Common FilesLightScribeLSSrvc.exe [73728] [PID.1680]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.1040]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.1980]
    [MD5.BDF850D185B2344C7811B79E49050188] – (.PDF Complete Inc – Dispatcher.) — C:Program Files (x86)PDF Completepdfsvc.exe [635416] [PID.2184]
    [MD5.205E1B699FD3F2F9B036EEA2EC30C620] – (…) — C:WindowsSysWOW64PnkBstrA.exe [76888] [PID.2240]
    [MD5.B94C3C4DCA2093243C76CA218EDE2A97] – (.Microsoft Corporation – Microsoft Application Virtualization Virtua.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [209768] [PID.2488]
    [MD5.0765EE4A7A0D6609BF91CA2E4700E885] – (.TomTom – Windows Service for TomTom HOME.) — C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe [93072] [PID.2564]
    [MD5.BFDB58616FF5EA540A5F58301D50641E] – (.Microsoft Corporation – Microsoft Application Virtualization Client.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [483688] [PID.2668]
    [MD5.794D4B48DFB6E999537C7C3947863463] – (.Safer Networking Ltd. – Spybot-S&D Security Center integration.) — C:Program Files (x86)Spybot – Search & DestroySDWinSec.exe [1153368] [PID.2900]
    [MD5.C523F582AB537293844596CE66D76125] – (.Microsoft Corporation – Microsoft Office Client Virtualization Serv.) — C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.exe [821664] [PID.3192]
    [MD5.7502513F433BE410D9D4A7D0E69D9F74] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [1258856] [PID.740]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersHPAppDataLocalGoogleChromeUser DataDefaultPreferences
    G1 – GCS: Preference [User DataDefault] http://r.orange.fr” onclick=”window.open(this.href);return false;
    ~ Google Browser: 3 Legitimates Filtered in 00mn 04s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultprefs.js
    C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultuser.js
    M2 – MFEP: prefs.js [HP – y1b3lk0d.defaultcrossriderapp4479@crossrider.com] [] Giant Savings v (..) =>Adware.VidSaver
    M2 – MFEP: prefs.js [HP – y1b3lk0d.default{d9d84756-ae9a-4ad7-9a0e-6d914bb7580e}] [] QuickShare Widget v1.0.16.0 (..) =>PUP.QuickShare
    ~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride =
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 05s
    ~ Nombre de lignes (Lines number): 15263

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: flashget urlcatch [64Bits] – {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} . (.www.flashget.com – Flashget CatchUrl Module.) — C:Program Files (x86)FlashGetjccatch.dll
    O2 – BHO: FlashGet GetFlash Class [64Bits] – {F156768E-81EF-470C-9057-481BA8380DBA} . (.www.flashget.com – Flashget GetFlash Module.) — C:Program Files (x86)FlashGetgetflash.dll
    ~ BHO: 11 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Espace Partagé.lnk . (…) — C:ProgramDataShared Space
    O4 – GSDesktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company – HP Support Assistant.) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe =>.Hewlett-Packard Co
    O4 – GSDesktop [Public]: Internet ADSL.lnk – Clé orpheline
    O4 – GSDesktop [Public]: Magic Desktop.lnk . (.EasyBits Software AS – EasyBits Security Shield.) — C:Program Files (x86)EasyBits For KidsezSecShield.exe =>.EasyBits Software AS
    O4 – GSDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSDesktop [Public]: Orange Portail.lnk . (…) — C:Program FilesOrangeOrange Portail.exe
    O4 – GSDesktop [Public]: Panda Cloud Cleaner.lnk . (…) — C:Program Files (x86)Panda SecurityPanda Cloud CleanerPCloudCleaner.exe
    O4 – GSDesktop [Public]: Play HP Games.lnk . (…) — C:Program Files (x86)HP Gamesonplayonplay.exe
    O4 – GSDesktop [Public]: Rainlendar2.lnk . (…) — C:Program Files (x86)Rainlendar2Rainlendar2.exe
    O4 – GSDesktop [Public]: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk . (…) — C:Program Files (x86)Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapterWLANUTL.exe
    O4 – GSProgram [Public]: Magic Desktop.lnk . (.EasyBits Software AS – EasyBits Security Shield.) — C:Program Files (x86)EasyBits For KidsezSecShield.exe =>.EasyBits Software AS
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [UpdatusUser]: ZNsoft Xp.lnk . (.ZNsoft Corporation – Optimisation complète de windows NT, et de.) — C:Program Files (x86)ZNsoft CorporationZNsoft Optimizer XpZNsoft Xp.exe
    O4 – GSDesktop [UpdatusUser]: ZNsoft Xp.lnk . (.ZNsoft Corporation – Optimisation complète de windows NT, et de.) — C:Program Files (x86)ZNsoft CorporationZNsoft Optimizer XpZNsoft Xp.exe
    O4 – GSQuickLaunch [HP]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSQuickLaunch [HP]: Video Converter.lnk . (…) — C:Program Files (x86)VideoConverterVideoConverter.exe
    O4 – GSQuickLaunch [HP]: ZNsoft Xp.lnk . (.ZNsoft Corporation – Optimisation complète de windows NT, et de.) — C:Program Files (x86)ZNsoft CorporationZNsoft Optimizer XpZNsoft Xp.exe
    O4 – GSTaskBar [HP]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [HP]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [HP]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [HP]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [HP]: Aller sur MSN.fr.lnk – Clé orpheline
    O4 – GSDesktop [HP]: Continue vGrabber Installation.lnk . (…) — C:UsersHPAppDataLocalTempICReinstall_setup.exe (.not file.) =>PUP.vGrabber
    O4 – GSDesktop [HP]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [HP]: Video Converter.lnk . (…) — C:Program Files (x86)VideoConverterVideoConverter.exe
    O4 – GSDesktop [HP]: VirtualDJ Home FREE.lnk . (.Atomix Productions – VirtualDJ.) — C:Program Files (x86)VirtualDJvirtualdj_home.exe
    O4 – GSDesktop [HP]: ZNsoft Xp.lnk . (.ZNsoft Corporation – Optimisation complète de windows NT, et de.) — C:Program Files (x86)ZNsoft CorporationZNsoft Optimizer XpZNsoft Xp.exe
    ~ Global Startup: 91 Legitimates Filtered in 00mn 08s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: DSLMON.lnk . (…) — C:Program Files (x86)SAGEMSAGEM F@st 800-840dslmon.exe
    O4 – HKLM..Run: [hpsysdrv] . (.Hewlett-Packard – hpsysdrv.) — c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe =>.Hewlett-Packard Co
    O4 – HKLM..Run: [SmartMenu] . (.Pas de propriétaire – SmartMenu.) — C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe
    O4 – HKLM..Run: [COMODO Internet Security] . (.COMODO – COMODO Internet Security.) — C:Program FilesCOMODOCOMODO Internet Securitycistray.exe
    O4 – HKLM..RunOnce: [NCPluginUpdater] . (.Hewlett-Packard – NCPluginUpdater.) — C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe
    O4 – HKCU..Run: [HPAdvisorDock] . (.Pas de propriétaire – HP Advisor Dock.) — C:Program Files (x86)Hewlett-PackardHP AdvisorDOCKHPAdvisorDock.exe
    O4 – HKCU..Run: [Orange Installer] . (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe
    O4 – HKCU..Run: [OrangeInside] . (.Orange – Executable Orange Inside.) — C:UsersHPAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [Rainlendar2] . (.Pas de propriétaire – Rainlendar2.) — C:Program Files (x86)Rainlendar2Rainlendar2.exe
    O4 – HKLM..Wow6432NodeRun: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
    O4 – HKLM..Wow6432NodeRun: [adiras] . (.Pas de propriétaire – ADI RAS setup Application.) — C:Windowsadirasx64.exe
    O4 – HKLM..Wow6432NodeRun: [tuto4pc_fr_33] Clé orpheline =>PUP.Eorezo
    O4 – HKLM..Wow6432NodeRun: [PrivDogService] . (.AdTrustMedia – PrivDog Service.) — C:Program Files (x86)AdTrustMediaPrivDog1.7.0.12trustedadssvc.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-4071537335-2470887961-3613248203-1000..Run: [HPAdvisorDock] . (.Pas de propriétaire – HP Advisor Dock.) — C:Program Files (x86)Hewlett-PackardHP AdvisorDOCKHPAdvisorDock.exe
    O4 – HKUSS-1-5-21-4071537335-2470887961-3613248203-1000..Run: [Orange Installer] . (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe
    O4 – HKUSS-1-5-21-4071537335-2470887961-3613248203-1000..Run: [OrangeInside] . (.Orange – Executable Orange Inside.) — C:UsersHPAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
    O4 – HKUSS-1-5-21-4071537335-2470887961-3613248203-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-4071537335-2470887961-3613248203-1000..Run: [Rainlendar2] . (.Pas de propriétaire – Rainlendar2.) — C:Program Files (x86)Rainlendar2Rainlendar2.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll,-102 [64Bits] – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
    O9 – Extra button: PrivDog [64Bits] – {2F5C139F-79BD-4C84-A95A-E7140525BC55} . (.AdTrustMedia – PrivDog Extension.) — C:Program FilesAdTrustMediaPrivDog1.7.0.12trustedads.dll
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{072C61BA-F3B4-4864-89AC-386DB4C83CFF}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCCSServicesTcpip..{0CE764F3-5A8F-4C0D-9F24-EBE74D17731A}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCCSServicesTcpip..{BCF5E217-9B06-4918-B133-1BEA19E8D233}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{072C61BA-F3B4-4864-89AC-386DB4C83CFF}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCS1ServicesTcpip..{0CE764F3-5A8F-4C0D-9F24-EBE74D17731A}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCS1ServicesTcpip..{BCF5E217-9B06-4918-B133-1BEA19E8D233}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{072C61BA-F3B4-4864-89AC-386DB4C83CFF}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCS2ServicesTcpip..{0CE764F3-5A8F-4C0D-9F24-EBE74D17731A}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCS2ServicesTcpip..{BCF5E217-9B06-4918-B133-1BEA19E8D233}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [{66E9A659-6846-4DA8-8C24-6E6AACDFE048}] (…) — G:pilote_sagemfast800pilote_sagemfast800setup.exe (.not file.) [0]
    [MD5.519EF0E74D05E0D8FAE420728C0A3FDB] [APT] [{DBDB4E34-4405-4C6C-BB1D-387F154848DA}] (…) — C:UsersHPDownloadsflashget196en.exe [4653240]
    ~ Scheduled Task: 24 Legitimates Filtered in 00mn 05s

    —\ Logiciels installés (O42)
    O42 – Logiciel: PC Registry Shield – (.ShieldApps.) [HKLM][64Bits] — PC Registry Shield_is1 =>Rogue.PCRegistryShield
    O42 – Logiciel: PrivDog – (.privdog.com.) [HKLM][64Bits] — PrivDog
    ~ Logic: 155 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 22/06/2013 – 16:23:39 – [15,218] —-D C:Program Files (x86)PC Registry Shield =>Rogue.PCRegistryShield
    O43 – CFD: 27/07/2012 – 17:58:48 – [0,004] —-D C:ProgramData3037C
    O43 – CFD: 22/05/2013 – 19:48:42 – [1,063] —-D C:UsersHPAppDataRoamingA1Q1B1P1T1C1R1M1P1B
    ~ 270 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 462 Legitimates Filtered in 00mn 58s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 12/11/2013 – 21:20:40 —A- . (…) — C:WindowsSysNativeieuinit.inf [16284]
    O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 12/11/2013 – 21:20:40 —A- . (…) — C:WindowsSystem32ieuinit.inf [16284]
    O44 – LFC:[MD5.F53C9021A60BD01E48CCD3F26639A1FC] – 19/11/2013 – 21:23:00 —A- . (…) — C:WindowsSystem32Driverssfi.dat [1474832]
    ~ Files: 174 Legitimates Filtered in 00mn 35s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.1532F6985F5DD36047D45DE6DE06BE7B] – 18/11/2013 – 22:18:07 —A- – C:WindowsPrefetchADIRASX64.EXE-39B976B0.pf
    O45 – LFCP:[MD5.ECCC934C435C65EBA77D7F5DD39BF582] – 18/11/2013 – 22:18:08 —A- – C:WindowsPrefetchTRUSTEDADSSVC.EXE-4590E66F.pf
    O45 – LFCP:[MD5.4162CBA4D8C68DEE08F047766DC1BB26] – 19/11/2013 – 15:11:58 —A- – C:WindowsPrefetchNOTIFICATIONMAIL_3.3.0_NOTIFI-06EDCB1D.pf
    O45 – LFCP:[MD5.0EE49517673D3DD934EFE71277B304E1] – 19/11/2013 – 15:11:58 —A- – C:WindowsPrefetchOULAUNCHAPP.EXE-255C3C55.pf
    O45 – LFCP:[MD5.F0FA8359C16D375E774BAFC0DFB2538E] – 19/11/2013 – 21:24:12 —A- – C:WindowsPrefetchTSKILL.EXE-833F016E.pf
    O45 – LFCP:[MD5.FFBB7DA8DA1AFB37EBDA35C384828978] – 19/11/2013 – 21:24:12 —A- – C:WindowsPrefetchUNINSTALLMAILNOTIFIERTMP.EXE-2E4CCCCE.pf
    ~ Prefetcher: 139 Legitimates Filtered in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{36931c35-939c-11e2-8b61-d485640e25ee}AutoRuncommand. (…) — F:LaunchU3.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregFlashget [Key] . (.FlashGet.com – FlashGet.) — C:Program Files (x86)FlashGetFlashGet.exe
    ~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.8DBFD1ED1EC1EE6C3977532912B18C21] – 10/01/2007 – 15:56:32 —A- . (.Analog Deivces – USB Firmware loader.) — C:WindowsSystem32Driversadildr.sys [56088]
    O58 – SDL:[MD5.9A3A8614859FB77767B63A82A017CCC6] – 07/02/2007 – 15:50:14 —A- . (.Analog Deivces – USB Firmware loader.) — C:WindowsSysWOW64driversadildr.sys [56088]
    ~ Drivers: 16 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 16/11/2013 – 21:29:26 —A- . (…) — C:UsersHPAppDataLocalMozillaupdatesE7CF176E110C211Bactive-update.xml [57]
    O61 – LFC: 16/11/2013 – 21:29:26 —A- . (…) — C:UsersHPAppDataLocalMozillaupdatesE7CF176E110C211Bupdates.xml [14817]
    O61 – LFC: 18/11/2013 – 21:29:26 —A- . (…) — C:UsersHPAppDataLocalGoogleChromeUser DataLocal State [46176]
    O61 – LFC: 18/11/2013 – 21:29:43 —A- . (…) — C:UsersHPDocumentscc_20131118_210520.reg [37258]
    O61 – LFC: 18/11/2013 – 21:29:44 —A- . (…) — C:UsersHPDocumentsstartup.txt [5140]
    O61 – LFC: 19/11/2013 – 21:29:36 —A- . (…) — C:UsersHPAppDataRoamingZHPLog.txt [89644] =>.Nicolas Coolman
    O61 – LFC: 19/11/2013 – 21:29:36 —A- . (…) — C:UsersHPAppDataRoamingZHPTestsZHPDiag.txt [2783] =>.Nicolas Coolman
    O61 – LFC: 19/11/2013 – 21:29:36 —A- . (…) — C:UsersHPAppDataRoamingZHPZHPDiag.txt [38004] =>.Nicolas Coolman
    O61 – LFC: 19/11/2013 – 21:34:52 —A- . (…) — C:UsersHPDownloadsadwcleaner(1).exe [1085542]
    ~ 2 Fichiers temporaires (Temporary files)
    ~ Files: 342 Legitimates Filtered in 06mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Comodo – Comodo Dragon.) — C:Program Files (x86)ComodoDragondragon.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.DockingPositionDown”, false);
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.SmartbarDisabled”, false); =>Hijacker.SmartBar
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.SmartbarStateMinimaized”, false); =>Hijacker.SmartBar
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.Visibility”, false);
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} [DefaultScope] – (Orange) – http://r.orange.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} – (Yahoo! Search) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.378189889438568FEF3D98588283B3A5] [SPRF][11/11/2013] (…) — C:UsersHPAppDataLocalTempQuarantine.exe [350377]
    ~ Files: 1 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.D2F34AF196CCAF29A124324392FC3DFF] [WIS][27/01/2013] (.Valve Corporation – Steam.) — C:WindowsInstaller192858f.msi [8532992]
    [MD5.D12E504B9C195A84A264A79388B55A88] [WIS][13/05/2013] (.Linkury Inc. – QuickShare Widget.) — C:WindowsInstallerd70d30.msi [8495104] =>PUP.QuickShare
    ~ WIS: 101 Legitimates Filtered in 00mn 26s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SS – | Demand 17/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 20/10/2013 6254152 | (cmdAgent) . (.COMODO.) – C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe
    SS – | Demand 24/09/2013 164056 | (cmdvirth) . (.COMODO.) – C:Program FilesCOMODOCOMODO Internet Securitycmdvirth.exe
    SR – | Auto 11/11/2013 2098880 | (DragonUpdater) . (…) – C:Program Files (x86)ComodoDragondragon_updater.exe
    SR – | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) – C:WindowsSystem32ezSharedSvcHost.exe =>.EasyBits Software AS
    SS – | Demand 04/04/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) – C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe
    SR – | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
    SS – | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
    SR – | Auto 14/07/2009 27136 | C:UsersHPAppDataLocalTemp7zS44D0hpslpsvc64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 19/05/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) – c:Program Files (x86)Common FilesLightScribeLSSrvc.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
    SS – | Demand 16/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SR – | Auto 01/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) – C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe
    SR – | Auto 18/08/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 28/09/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
    SS – | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) – C:Program Files (x86)OrangeOrangeUpdateServiceOUCore.exe
    SR – | Auto 14/10/2009 635416 | (pdfcDispatcher) . (.PDF Complete Inc.) – C:Program Files (x86)PDF Completepdfsvc.exe
    SR – | Auto 10/07/1658 0 | (PnkBstrA) . (…) – C:Windowssystem32PnkBstrA.exe
    SR – | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) – C:Program Files (x86)Spybot – Search & DestroySDWinSec.exe
    SS – | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Demand 21/09/2013 565672 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
    SR – | Auto 22/03/2013 93072 | (TomTomHOMEService) . (.TomTom.) – C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe
    SS – | Demand 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 29s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by HP at 19/11/2013 21:39:00
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by HP at 19/11/2013 21:39:02

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 12996 – (19/11/2013)
    Clés trouvées (Keys found) : 9
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 4
    Fichiers trouvés (Files found) : 2

    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallPC Registry Shield_is1] =>Rogue.PCRegistryShield^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAssociations]:bak_Application =>Hijacker.Agent
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKCUSoftwareClassesMF] =>PUP.MediaFinder
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstallPC Registry Shield_is1] =>Rogue.PCRegistryShield
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:tuto4pc_fr_33 =>PUP.Eorezo^
    C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultextensionscrossriderapp4479@crossrider.com =>Adware.VidSaver^
    C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultextensions{d9d84756-ae9a-4ad7-9a0e-6d914bb7580e} =>PUP.QuickShare^
    C:Program Files (x86)PC Registry Shield =>Rogue.PCRegistryShield^
    C:ProgramDataMicrosoftWindowsStart MenuProgramsPC Registry Shield =>Rogue.PCRegistryShield
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: Modified =>Hijacker.Application^
    C:WindowsInstallerd70d30.msi =>PUP.QuickShare^
    ~ Additionnel Scan: 318506 Items scanned in 00mn 29s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver” onclick=”window.open(this.href);return false; =>Adware.VidSaver
    ~ http://nicolascoolman.webs.com/apps/blog/show/28577022-pup-quickshare” onclick=”window.open(this.href);return false; =>PUP.QuickShare
    ~ http://nicolascoolman.webs.com/apps/blog/show/27632288-toolbar-vgrabber” onclick=”window.open(this.href);return false; =>PUP.vGrabber
    ~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo” onclick=”window.open(this.href);return false; =>PUP.EoRezo
    ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
    ~ http://nicolascoolman.webs.com/apps/blog/show/28445531-pup-mediafinder” onclick=”window.open(this.href);return false; =>PUP.MediaFinder
    ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    ~ MSI: 7 link(s) detected in 00mn 29s

    ~ 2050 Legitimates filtered by white list
    End of the scan (522 lines in 13mn 20s)(0)

  • Photo du profil de ducgordonducgordon
    Participant
    Post count: 37

    Rapport ADW
    # AdwCleaner v3.012 – Rapport créé le 19/11/2013 à 21:21:00
    # Mis à jour le 11/11/2013 par Xplode
    # Système d’exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d’utilisateur : HP – HP-HP
    # Exécuté depuis : C:UsersHPDownloadsadwcleaner(1).exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Fichier Supprimé : C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultuser.js

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREClassesApplicationsiMesh_V11_en_Setup.exe
    Clé Supprimée : HKLMSOFTWAREClassesApplicationsiMeshV11.exe
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingau__rasapi32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingau__rasmancs
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingBingBar_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingHPSF_Tasks_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingHPSF_Tasks_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingiMesh_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingiMesh_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingiMesh_V11_en_Setup_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingiMesh_V11_en_Setup_RASMANCS
    Clé Supprimée : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C9A6357B-25CC-4BCF-96C1-78736985D412}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
    Clé Supprimée : HKLMSoftwareUniblue
    Clé Supprimée : HKLMSoftwareVittalia
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{A047FE02-C91C-41CB-898C-4ED21B86025A}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{AF860F85-54A3-4A28-879B-BF9E6E325776}

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.16428

    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Default_Page_URL]

    -\ Mozilla Firefox v25.0.1 (fr)

    [ Fichier : C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultprefs.js ]

    Ligne Supprimée : user_pref(“extensions.helperbar.DockingPositionDown”, false);
    Ligne Supprimée : user_pref(“extensions.helperbar.SmartbarDisabled”, false);
    Ligne Supprimée : user_pref(“extensions.helperbar.SmartbarStateMinimaized”, false);
    Ligne Supprimée : user_pref(“extensions.helperbar.Visibility”, false);

    -\ Google Chrome v

    [ Fichier : C:UsersHPAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [26689 octets] – [07/09/2013 15:23:50]
    AdwCleaner[R1].txt – [1926 octets] – [07/09/2013 15:58:37]
    AdwCleaner[R2].txt – [1375 octets] – [07/09/2013 16:01:48]
    AdwCleaner[R3].txt – [1495 octets] – [07/09/2013 16:04:55]
    AdwCleaner[R4].txt – [1615 octets] – [07/09/2013 16:08:03]
    AdwCleaner[R5].txt – [1735 octets] – [07/09/2013 18:47:06]
    AdwCleaner[R6].txt – [1855 octets] – [07/09/2013 18:49:45]
    AdwCleaner[R7].txt – [3890 octets] – [19/11/2013 21:19:02]
    AdwCleaner[S0].txt – [24785 octets] – [07/09/2013 15:24:29]
    AdwCleaner[S1].txt – [2000 octets] – [07/09/2013 15:59:10]
    AdwCleaner[S2].txt – [1438 octets] – [07/09/2013 16:02:16]
    AdwCleaner[S3].txt – [1558 octets] – [07/09/2013 16:05:24]
    AdwCleaner[S4].txt – [1678 octets] – [07/09/2013 16:08:33]
    AdwCleaner[S5].txt – [1798 octets] – [07/09/2013 18:47:47]
    AdwCleaner[S6].txt – [3812 octets] – [19/11/2013 21:21:00]

    ########## EOF – C:AdwCleanerAdwCleaner[S6].txt – [3872 octets] ##########

  • Photo du profil de ducgordonducgordon
    Participant
    Post count: 37

    Rapport Malwarebytes

    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org

    Version de la base de données: v2013.11.19.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16428
    HP :: HP-HP [administrateur]

    19/11/2013 21:08:16
    mbam-log-2013-11-19 (21-08-16).txt

    Type d’examen: Examen rapide
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 229720
    Temps écoulé: 7 minute(s), 7 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 1
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations|bak_Application (Hijacker.Application) -> Données: http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=” onclick=”window.open(this.href);return false;%s -> Mis en quarantaine et supprimé avec succès.

    Elément(s) de données du Registre détecté(s): 1
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations|Application (Hijacker.Application) -> Mauvais: (http://www.helpmeopen.com/?n=app&l=%04x&ext=” onclick=”window.open(this.href);return false;%s) Bon: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=” onclick=”window.open(this.href);return false;%s) -> Mis en quarantaine et réparé avec succès

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 1
    C:WindowsInstallerd70d30.msi (PUP.Optional.SmartBar.A) -> Aucune action effectuée.

    (fin)

  • Photo du profil de Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonsoir ducgordon , et bienvenue sur SoSVirus

    1/
    Supprime ton fichier de rapport ZHPDiag.txt présent sur ton bureau
    Vide ta corbeille

    2/
    Télécharge RogueKiller de Tigzy sur le bureau

    /! Prendre la version qui correspond à la machine
    x86 pour une machine en 32bits ===> https://www.sosvirus.net/telecharger/roguekiller-tigzy/” onclick=”window.open(this.href);return false;
    x64 pour une machine en 64bits ===> https://www.sosvirus.net/telecharger/roguekiller-64/” onclick=”window.open(this.href);return false;

    Comment savoir si mon pc est en 32bits ou 64 bits =>
    Touches clavier Windows + Pause
    Dans la fenêtre qui s’ouvre =>
    Type de l’OS + Système d’exploitation 32 bits ou 64bits

    … (A partir d’une clé USB et d’un autre pc si le Rogue empêche l’accès au net ou en mode sans échec avec prise en charge réseau) …

    Quitte tous les programmes en cours
    Lance RogueKiller.exe en cliquant sur l’icône

    Un pre-scan va s’effectuer rapidement
    Quand il sera terminé, clique sur le bouton Scan

    Clique sur le bouton Suppression

    Clique sur le bouton Rapport quand le nettoyage sera terminé

    Envoie une copie du rapport RKreport[1].txt qui va s’afficher
    Il sera enregistré sur le bureau

    /! Si l’affichage des icônes du bureau, seulement dans ce cas, ne se fait pas correctement, clique sur le bouton Racc. RAZ

    Remarque =>
    Il est possible de faire un don au créateur de l’outil par le bouton PayPal – Donate

    Reviens dans ta réponse avec les deux rapports de RogueKiller (Scan & Suppression)

    ;)

  • Photo du profil de ducgordonducgordon
    Participant
    Post count: 37

    Merci pour ton aide voici
    RogueKiller V8.7.8 _x64_ [Nov 14 2013] par Tigzy
    mail : tigzyRKgmailcom
    Remontees : http://www.adlice.com/forum/” onclick=”window.open(this.href);return false;
    Site Web : http://www.sur-la-toile.com/RogueKiller/” onclick=”window.open(this.href);return false;
    Blog : http://tigzyrk.blogspot.com/” onclick=”window.open(this.href);return false;

    Systeme d’exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Demarrage : Mode normal
    Utilisateur : HP [Droits d’admin]
    Mode : Suppression — Date : 11/20/2013 20:56:21
    | ARK || FAK || MBR |

    ¤¤¤ Processus malicieux : 1 ¤¤¤
    [SUSP PATH] adirasx64.exe — C:Windowsadirasx64.exe [-] -> TUÉ [TermProc]

    ¤¤¤ Entrees de registre : 3 ¤¤¤
    [RUN][SUSP PATH] HKLM[…]Wow6432Node[…]Run : adiras (C:Windowsadirasx64.exe [-]) -> SUPPRIMÉ
    [HJ DESK][PUM] HKLM[…]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
    [HJ DESK][PUM] HKLM[…]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

    ¤¤¤ Tâches planifiées : 0 ¤¤¤

    ¤¤¤ Entrées Startup : 0 ¤¤¤

    ¤¤¤ Navigateurs web : 0 ¤¤¤

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

    ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

    ¤¤¤ Ruches Externes: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    –> %SystemRoot%System32driversetchosts

    127.0.0.1 http://www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 http://www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 http://www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 http://www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 http://www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 http://www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 http://www.1001namen.com
    127.0.0.1 http://www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 http://www.100sexlinks.com
    […]

    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: (\.PHYSICALDRIVE0 @ IDE) ST3750528AS ATA Device +++++
    — User —
    [MBR] a711d096cf16156ac07b9e15fc6d536b
    [BSP] 5bfdf54f1d5f7a1615f5618a396b8061 : Windows Vista/7/8 MBR Code
    Partition table:
    0 – [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 – [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206911 | Size: 701733 Mo
    2 – [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1437356032 | Size: 13569 Mo
    User = LL1 … OK!
    User = LL2 … OK!

    Termine : <>
    RKreport[0]_S_11202013_205600.txt

    et encore

    RogueKiller V8.7.8 _x64_ [Nov 14 2013] par Tigzy
    mail : tigzyRKgmailcom
    Remontees : http://www.adlice.com/forum/” onclick=”window.open(this.href);return false;
    Site Web : http://www.sur-la-toile.com/RogueKiller/” onclick=”window.open(this.href);return false;
    Blog : http://tigzyrk.blogspot.com/” onclick=”window.open(this.href);return false;

    Systeme d’exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Demarrage : Mode normal
    Utilisateur : HP [Droits d’admin]
    Mode : Recherche — Date : 11/20/2013 20:56:00
    | ARK || FAK || MBR |

    ¤¤¤ Processus malicieux : 1 ¤¤¤
    [SUSP PATH] adirasx64.exe — C:Windowsadirasx64.exe [-] -> TUÉ [TermProc]

    ¤¤¤ Entrees de registre : 3 ¤¤¤
    [RUN][SUSP PATH] HKLM[…]Wow6432Node[…]Run : adiras (C:Windowsadirasx64.exe [-]) -> TROUVÉ
    [HJ DESK][PUM] HKLM[…]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
    [HJ DESK][PUM] HKLM[…]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

    ¤¤¤ Tâches planifiées : 0 ¤¤¤

    ¤¤¤ Entrées Startup : 0 ¤¤¤

    ¤¤¤ Navigateurs web : 0 ¤¤¤

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

    ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

    ¤¤¤ Ruches Externes: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    –> %SystemRoot%System32driversetchosts

    127.0.0.1 http://www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 http://www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 http://www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 http://www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 http://www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 http://www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 http://www.1001namen.com
    127.0.0.1 http://www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 http://www.100sexlinks.com
    […]

    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: (\.PHYSICALDRIVE0 @ IDE) ST3750528AS ATA Device +++++
    — User —
    [MBR] a711d096cf16156ac07b9e15fc6d536b
    [BSP] 5bfdf54f1d5f7a1615f5618a396b8061 : Windows Vista/7/8 MBR Code
    Partition table:
    0 – [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 – [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206911 | Size: 701733 Mo
    2 – [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1437356032 | Size: 13569 Mo
    User = LL1 … OK!
    User = LL2 … OK!

    Termine : <>

  • Photo du profil de Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonsoir

    Bien joué avec RogueKiller :bravo1:

    Supprime ton fichier de rapport ZHPDiag.txt présent sur ton bureau
    Vide ta corbeille

    Relance ZHPDiag et héberge son nouveau rapport / STP

    A demain ;)

  • Photo du profil de ducgordonducgordon
    Participant
    Post count: 37

    Et voici
    je ne vois pas ce que j’ai fait de bien mais bon voilà…

    ~ Rapport de ZHPDiag v2013.11.20.42 – Nicolas Coolman (20/11/2013)
    ~ Lancé par HP (21/11/2013 21:02:17)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16428
    MFIE: Mozilla Firefox 25.0.1 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 3Q6C9
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    COMODO Internet Security Premium v6.2.20728.2847
    Malwarebytes Anti-Malware version 1.75.0.1300
    Panda Cloud Cleaner v1.0.68
    Spybot – Search & Destroy v1.6.2
    ZoneAlarm Free Firewall v10.2.068.000
    Windows Defender W7

    —\ Logiciels d’optimisation du système
    CCleaner v4.07 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    Java 7 Update 21

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 4095 MB (70% free)
    System Restore: Activé (Enable)
    System drive C: has 600 GB (87%) free of 685 GB

    —\ Mode de connexion au système
    ~ Computer Name: HP-HP
    ~ User Name: HP
    ~ All Users Names: UpdatusUser, HP, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersHPAppDataRoamingZHP
    ~ %AppData% : C:UsersHPAppDataRoaming
    ~ %Desktop% : C:UsersHPDesktop
    ~ %Favorites% : C:UsersHPFavorites
    ~ %LocalAppData% : C:UsersHPAppDataLocal
    ~ %StartMenu% : C:UsersHPAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 600 Go of 685 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
    E: CD-ROM drive (Not Inserted)
    G: Floppy drive, Flash card reader, USB Key (Not Inserted)
    Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: Modified =>Hijacker.Application
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.E6CB36B85BE59095337427E853A5B65A] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/11/2013 – 21:20:40.) — C:WindowsSystem32wininet.dll [2332160]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/342
    ~ Mes musiques (My Musics) : 5/20
    ~ Mes Favoris (My Favorites) : 1/26
    ~ Mes Documents (My Documents) : 1/42255
    ~ Mon Bureau (My Desktop) : 1/347
    ~ Menu demarrer (Programs) : 1/39
    ~ Hidden Files: Scanned in 00mn 12s

    —\ Processus lancés
    [MD5.095184B28B8414A6D2D09C1CE7C7B86F] – (.Orange – Executable Orange Inside.) — C:UsersHPAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe [1530520] [PID.1952]
    [MD5.66295B0D0FB2292C6D62904F5C3DE0B2] – (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe [561320] [PID.1972]
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2148]
    [MD5.554A50B5310E702029D3A675459108FF] – (.Hewlett-Packard – hpsysdrv.) — C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe [62768] [PID.3808]
    [MD5.63A648C5FEB5DE641E1174ACB6CF78C6] – (.Pas de propriétaire – SmartMenu.) — C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe [568888] [PID.4104]
    [MD5.1B7406B1EEF9924D589A7007C3733877] – (.Pas de propriétaire – Rainlendar2.) — C:Program Files (x86)Rainlendar2Rainlendar2.exe [2598496] [PID.4216]
    [MD5.5516C26A6AF8EB4E2CAB48EC98A74398] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HpHP Software Updatehpwuschd2.exe [54576] [PID.4424]
    [MD5.231DA9B27C7ED740617FD494558A1124] – (.AdTrustMedia – PrivDog Service.) — C:Program Files (x86)AdTrustMediaPrivDog1.7.0.12trustedadssvc.exe [515240] [PID.4440]
    [MD5.47D1F0444CE33A0CA42409A88896CD8D] – (.Hewlett-Packard – HP Advisor.) — C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe [1590840] [PID.3228]
    [MD5.077D59BA0FD4007E841B6C670862B065] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.5224]
    [MD5.E0B173F23D873286169995D66B9E3CDF] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.5040]
    [MD5.CEED3CE0035F55A08EEEC34B5804723C] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.2276]
    [MD5.4A5946CF3E24DBFAAB97346A29B9A81A] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8260096] [PID.2120]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1896]
    [MD5.DC94357F990759316423D021AEEAAF45] – (…) — C:Program Files (x86)ComodoDragondragon_updater.exe [2098880] [PID.1140]
    [MD5.CA793DCC1D5F619021EF1D37CC7A831E] – (.EasyBits Software AS – Shared EasyBits services for Windows.) — C:WindowsSysWOW64ezSharedSvcHost.exe [514232] [PID.1216]
    [MD5.7550D101BF49FDB1F92666A233EE36C4] – (.Hewlett-Packard Company – LightScribe Service.) — c:Program Files (x86)Common FilesLightScribeLSSrvc.exe [73728] [PID.1824]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.1868]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.1828]
    [MD5.BDF850D185B2344C7811B79E49050188] – (.PDF Complete Inc – Dispatcher.) — C:Program Files (x86)PDF Completepdfsvc.exe [635416] [PID.2184]
    [MD5.205E1B699FD3F2F9B036EEA2EC30C620] – (…) — C:WindowsSysWOW64PnkBstrA.exe [76888] [PID.2256]
    [MD5.B94C3C4DCA2093243C76CA218EDE2A97] – (.Microsoft Corporation – Microsoft Application Virtualization Virtua.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [209768] [PID.2496]
    [MD5.0765EE4A7A0D6609BF91CA2E4700E885] – (.TomTom – Windows Service for TomTom HOME.) — C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe [93072] [PID.2576]
    [MD5.BFDB58616FF5EA540A5F58301D50641E] – (.Microsoft Corporation – Microsoft Application Virtualization Client.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [483688] [PID.2716]
    [MD5.794D4B48DFB6E999537C7C3947863463] – (.Safer Networking Ltd. – Spybot-S&D Security Center integration.) — C:Program Files (x86)Spybot – Search & DestroySDWinSec.exe [1153368] [PID.2844]
    [MD5.C523F582AB537293844596CE66D76125] – (.Microsoft Corporation – Microsoft Office Client Virtualization Serv.) — C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.exe [821664] [PID.3196]
    [MD5.7502513F433BE410D9D4A7D0E69D9F74] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [1258856] [PID.4132]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersHPAppDataLocalGoogleChromeUser DataDefaultPreferences
    G1 – GCS: Preference [User DataDefault] http://r.orange.fr” onclick=”window.open(this.href);return false;
    ~ Google Browser: 3 Legitimates Filtered in 00mn 04s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultprefs.js
    C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultuser.js
    M2 – MFEP: prefs.js [HP – y1b3lk0d.defaultcrossriderapp4479@crossrider.com] [] Giant Savings v (..) =>Adware.VidSaver
    M2 – MFEP: prefs.js [HP – y1b3lk0d.default{d9d84756-ae9a-4ad7-9a0e-6d914bb7580e}] [] QuickShare Widget v1.0.16.0 (..) =>PUP.QuickShare
    ~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride =
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 04s
    ~ Nombre de lignes (Lines number): 15263

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: flashget urlcatch [64Bits] – {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} . (.www.flashget.com – Flashget CatchUrl Module.) — C:Program Files (x86)FlashGetjccatch.dll
    O2 – BHO: FlashGet GetFlash Class [64Bits] – {F156768E-81EF-470C-9057-481BA8380DBA} . (.www.flashget.com – Flashget GetFlash Module.) — C:Program Files (x86)FlashGetgetflash.dll
    ~ BHO: 11 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Espace Partagé.lnk . (…) — C:ProgramDataShared Space
    O4 – GSDesktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company – HP Support Assistant.) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe =>.Hewlett-Packard Co
    O4 – GSDesktop [Public]: Internet ADSL.lnk – Clé orpheline
    O4 – GSDesktop [Public]: Magic Desktop.lnk . (.EasyBits Software AS – EasyBits Security Shield.) — C:Program Files (x86)EasyBits For KidsezSecShield.exe =>.EasyBits Software AS
    O4 – GSDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSDesktop [Public]: Orange Portail.lnk . (…) — C:Program FilesOrangeOrange Portail.exe
    O4 – GSDesktop [Public]: Panda Cloud Cleaner.lnk . (…) — C:Program Files (x86)Panda SecurityPanda Cloud CleanerPCloudCleaner.exe
    O4 – GSDesktop [Public]: Play HP Games.lnk . (…) — C:Program Files (x86)HP Gamesonplayonplay.exe
    O4 – GSDesktop [Public]: Rainlendar2.lnk . (…) — C:Program Files (x86)Rainlendar2Rainlendar2.exe
    O4 – GSDesktop [Public]: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk . (…) — C:Program Files (x86)Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapterWLANUTL.exe
    O4 – GSProgram [Public]: Magic Desktop.lnk . (.EasyBits Software AS – EasyBits Security Shield.) — C:Program Files (x86)EasyBits For KidsezSecShield.exe =>.EasyBits Software AS
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [UpdatusUser]: ZNsoft Xp.lnk . (.ZNsoft Corporation – Optimisation complète de windows NT, et de.) — C:Program Files (x86)ZNsoft CorporationZNsoft Optimizer XpZNsoft Xp.exe
    O4 – GSDesktop [UpdatusUser]: ZNsoft Xp.lnk . (.ZNsoft Corporation – Optimisation complète de windows NT, et de.) — C:Program Files (x86)ZNsoft CorporationZNsoft Optimizer XpZNsoft Xp.exe
    O4 – GSQuickLaunch [HP]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSQuickLaunch [HP]: Video Converter.lnk . (…) — C:Program Files (x86)VideoConverterVideoConverter.exe
    O4 – GSQuickLaunch [HP]: ZNsoft Xp.lnk . (.ZNsoft Corporation – Optimisation complète de windows NT, et de.) — C:Program Files (x86)ZNsoft CorporationZNsoft Optimizer XpZNsoft Xp.exe
    O4 – GSTaskBar [HP]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [HP]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [HP]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSSystemTools [HP]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [HP]: Aller sur MSN.fr.lnk – Clé orpheline
    O4 – GSDesktop [HP]: Continue vGrabber Installation.lnk . (…) — C:UsersHPAppDataLocalTempICReinstall_setup.exe (.not file.) =>PUP.vGrabber
    O4 – GSDesktop [HP]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSDesktop [HP]: Video Converter.lnk . (…) — C:Program Files (x86)VideoConverterVideoConverter.exe
    O4 – GSDesktop [HP]: VirtualDJ Home FREE.lnk . (.Atomix Productions – VirtualDJ.) — C:Program Files (x86)VirtualDJvirtualdj_home.exe
    O4 – GSDesktop [HP]: ZNsoft Xp.lnk . (.ZNsoft Corporation – Optimisation complète de windows NT, et de.) — C:Program Files (x86)ZNsoft CorporationZNsoft Optimizer XpZNsoft Xp.exe
    ~ Global Startup: 91 Legitimates Filtered in 00mn 06s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: DSLMON.lnk . (…) — C:Program Files (x86)SAGEMSAGEM F@st 800-840dslmon.exe
    O4 – HKLM..Run: [hpsysdrv] . (.Hewlett-Packard – hpsysdrv.) — c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe =>.Hewlett-Packard Co
    O4 – HKLM..Run: [SmartMenu] . (.Pas de propriétaire – SmartMenu.) — C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe
    O4 – HKLM..Run: [COMODO Internet Security] . (.COMODO – COMODO Internet Security.) — C:Program FilesCOMODOCOMODO Internet Securitycistray.exe
    O4 – HKLM..RunOnce: [NCPluginUpdater] . (.Hewlett-Packard – NCPluginUpdater.) — C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe
    O4 – HKCU..Run: [HPAdvisorDock] . (.Pas de propriétaire – HP Advisor Dock.) — C:Program Files (x86)Hewlett-PackardHP AdvisorDOCKHPAdvisorDock.exe
    O4 – HKCU..Run: [Orange Installer] . (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe
    O4 – HKCU..Run: [OrangeInside] . (.Orange – Executable Orange Inside.) — C:UsersHPAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [Rainlendar2] . (.Pas de propriétaire – Rainlendar2.) — C:Program Files (x86)Rainlendar2Rainlendar2.exe
    O4 – HKLM..Wow6432NodeRun: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
    O4 – HKLM..Wow6432NodeRun: [tuto4pc_fr_33] Clé orpheline =>PUP.Eorezo
    O4 – HKLM..Wow6432NodeRun: [PrivDogService] . (.AdTrustMedia – PrivDog Service.) — C:Program Files (x86)AdTrustMediaPrivDog1.7.0.12trustedadssvc.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-4071537335-2470887961-3613248203-1000..Run: [HPAdvisorDock] . (.Pas de propriétaire – HP Advisor Dock.) — C:Program Files (x86)Hewlett-PackardHP AdvisorDOCKHPAdvisorDock.exe
    O4 – HKUSS-1-5-21-4071537335-2470887961-3613248203-1000..Run: [Orange Installer] . (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe
    O4 – HKUSS-1-5-21-4071537335-2470887961-3613248203-1000..Run: [OrangeInside] . (.Orange – Executable Orange Inside.) — C:UsersHPAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
    O4 – HKUSS-1-5-21-4071537335-2470887961-3613248203-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-4071537335-2470887961-3613248203-1000..Run: [Rainlendar2] . (.Pas de propriétaire – Rainlendar2.) — C:Program Files (x86)Rainlendar2Rainlendar2.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll,-102 [64Bits] – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
    O9 – Extra button: PrivDog [64Bits] – {2F5C139F-79BD-4C84-A95A-E7140525BC55} . (.AdTrustMedia – PrivDog Extension.) — C:Program FilesAdTrustMediaPrivDog1.7.0.12trustedads.dll
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{072C61BA-F3B4-4864-89AC-386DB4C83CFF}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCCSServicesTcpip..{0CE764F3-5A8F-4C0D-9F24-EBE74D17731A}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCCSServicesTcpip..{BCF5E217-9B06-4918-B133-1BEA19E8D233}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{072C61BA-F3B4-4864-89AC-386DB4C83CFF}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCS1ServicesTcpip..{0CE764F3-5A8F-4C0D-9F24-EBE74D17731A}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCS1ServicesTcpip..{BCF5E217-9B06-4918-B133-1BEA19E8D233}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{072C61BA-F3B4-4864-89AC-386DB4C83CFF}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCS2ServicesTcpip..{0CE764F3-5A8F-4C0D-9F24-EBE74D17731A}: NameServer = 156.154.70.25,156.154.71.25
    O17 – HKLMSystemCS2ServicesTcpip..{BCF5E217-9B06-4918-B133-1BEA19E8D233}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [{66E9A659-6846-4DA8-8C24-6E6AACDFE048}] (…) — G:pilote_sagemfast800pilote_sagemfast800setup.exe (.not file.) [0]
    [MD5.519EF0E74D05E0D8FAE420728C0A3FDB] [APT] [{DBDB4E34-4405-4C6C-BB1D-387F154848DA}] (…) — C:UsersHPDownloadsflashget196en.exe [4653240]
    ~ Scheduled Task: 24 Legitimates Filtered in 00mn 04s

    —\ Logiciels installés (O42)
    O42 – Logiciel: PC Registry Shield – (.ShieldApps.) [HKLM][64Bits] — PC Registry Shield_is1 =>Rogue.PCRegistryShield
    O42 – Logiciel: PrivDog – (.privdog.com.) [HKLM][64Bits] — PrivDog
    ~ Logic: 155 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 22/06/2013 – 16:23:39 – [15,218] —-D C:Program Files (x86)PC Registry Shield =>Rogue.PCRegistryShield
    O43 – CFD: 27/07/2012 – 17:58:48 – [0,004] —-D C:ProgramData3037C
    O43 – CFD: 22/05/2013 – 19:48:42 – [1,063] —-D C:UsersHPAppDataRoamingA1Q1B1P1T1C1R1M1P1B
    ~ 270 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 462 Legitimates Filtered in 00mn 49s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 12/11/2013 – 21:20:40 —A- . (…) — C:WindowsSysNativeieuinit.inf [16284]
    O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 12/11/2013 – 21:20:40 —A- . (…) — C:WindowsSystem32ieuinit.inf [16284]
    O44 – LFC:[MD5.A711D096CF16156AC07B9E15FC6D536B] – 20/11/2013 – 21:11:38 —A- . (…) — C:PhysicalMBR.bin [512]
    O44 – LFC:[MD5.9C14105E805544F4179AB8E7CD7EC5B1] – 21/11/2013 – 20:58:15 —A- . (…) — C:WindowsSystem32Driverssfi.dat [1474832]
    ~ Files: 176 Legitimates Filtered in 00mn 35s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.4162CBA4D8C68DEE08F047766DC1BB26] – 19/11/2013 – 15:11:58 —A- – C:WindowsPrefetchNOTIFICATIONMAIL_3.3.0_NOTIFI-06EDCB1D.pf
    O45 – LFCP:[MD5.0EE49517673D3DD934EFE71277B304E1] – 19/11/2013 – 15:11:58 —A- – C:WindowsPrefetchOULAUNCHAPP.EXE-255C3C55.pf
    O45 – LFCP:[MD5.6DC563B211CB9F4773AB383FED420A86] – 20/11/2013 – 20:44:12 —A- – C:WindowsPrefetchADIRASX64.EXE-39B976B0.pf
    O45 – LFCP:[MD5.7A149E93E26AEE072509AB28AE1DA7E5] – 20/11/2013 – 20:44:14 —A- – C:WindowsPrefetchTRUSTEDADSSVC.EXE-4590E66F.pf
    O45 – LFCP:[MD5.17CD750C7390EF35177700797AF555BC] – 21/11/2013 – 14:41:13 —A- – C:WindowsPrefetchUNINSTALLMAILNOTIFIERTMP.EXE-2E4CCCCE.pf
    O45 – LFCP:[MD5.212582F06900E9BD07911E7C5BC20A68] – 21/11/2013 – 14:41:15 —A- – C:WindowsPrefetchTSKILL.EXE-833F016E.pf
    ~ Prefetcher: 140 Legitimates Filtered in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{36931c35-939c-11e2-8b61-d485640e25ee}AutoRuncommand. (…) — F:LaunchU3.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregFlashget [Key] . (.FlashGet.com – FlashGet.) — C:Program Files (x86)FlashGetFlashGet.exe
    ~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.8DBFD1ED1EC1EE6C3977532912B18C21] – 10/01/2007 – 15:56:32 —A- . (.Analog Deivces – USB Firmware loader.) — C:WindowsSystem32Driversadildr.sys [56088]
    O58 – SDL:[MD5.9A3A8614859FB77767B63A82A017CCC6] – 07/02/2007 – 15:50:14 —A- . (.Analog Deivces – USB Firmware loader.) — C:WindowsSysWOW64driversadildr.sys [56088]
    ~ Drivers: 16 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 18/11/2013 – 21:05:10 —A- . (…) — C:UsersHPAppDataLocalGoogleChromeUser DataLocal State [46176]
    O61 – LFC: 18/11/2013 – 21:05:27 —A- . (…) — C:UsersHPDocumentscc_20131118_210520.reg [37258]
    O61 – LFC: 18/11/2013 – 21:05:29 —A- . (…) — C:UsersHPDocumentsstartup.txt [5140]
    O61 – LFC: 19/11/2013 – 21:05:20 —A- . (…) — C:UsersHPAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
    O61 – LFC: 19/11/2013 – 21:05:20 —A- . (…) — C:UsersHPAppDataRoamingZHPZHPDiag.txt [39555] =>.Nicolas Coolman
    O61 – LFC: 19/11/2013 – 21:10:38 —A- . (…) — C:UsersHPDownloadsadwcleaner(1).exe [1085542]
    O61 – LFC: 20/11/2013 – 21:10:46 —A- . (…) — C:UsersHPDownloadsRogueKillerX64.exe [4161024]
    O61 – LFC: 21/11/2013 – 21:05:20 —A- . (…) — C:UsersHPAppDataRoamingZHPLog.txt [113741] =>.Nicolas Coolman
    O61 – LFC: 21/11/2013 – 21:05:20 —A- . (…) — C:UsersHPAppDataRoamingZHPTestsZHPDiag.txt [2783] =>.Nicolas Coolman
    ~ 3 Fichiers temporaires (Temporary files)
    ~ Files: 47 Legitimates Filtered in 05mn 54s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    O63 – Logiciel: OTL – (.OldTimer.)
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Comodo – Comodo Dragon.) — C:Program Files (x86)ComodoDragondragon.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.DockingPositionDown”, false);
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.SmartbarDisabled”, false); =>Hijacker.SmartBar
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.SmartbarStateMinimaized”, false); =>Hijacker.SmartBar
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.Visibility”, false);
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} [DefaultScope] – (Orange) – http://r.orange.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} – (Yahoo! Search) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.378189889438568FEF3D98588283B3A5] [SPRF][11/11/2013] (…) — C:UsersHPAppDataLocalTempQuarantine.exe [350377]
    ~ Files: 3 Legitimates Filtered in 00mn 01s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.D2F34AF196CCAF29A124324392FC3DFF] [WIS][27/01/2013] (.Valve Corporation – Steam.) — C:WindowsInstaller192858f.msi [8532992]
    [MD5.D12E504B9C195A84A264A79388B55A88] [WIS][13/05/2013] (.Linkury Inc. – QuickShare Widget.) — C:WindowsInstallerd70d30.msi [8495104] =>PUP.QuickShare
    ~ WIS: 101 Legitimates Filtered in 00mn 25s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SS – | Demand 17/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 20/10/2013 6254152 | (cmdAgent) . (.COMODO.) – C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe
    SS – | Demand 24/09/2013 164056 | (cmdvirth) . (.COMODO.) – C:Program FilesCOMODOCOMODO Internet Securitycmdvirth.exe
    SR – | Auto 11/11/2013 2098880 | (DragonUpdater) . (…) – C:Program Files (x86)ComodoDragondragon_updater.exe
    SR – | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) – C:WindowsSystem32ezSharedSvcHost.exe =>.EasyBits Software AS
    SS – | Demand 04/04/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) – C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe
    SR – | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
    SS – | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
    SR – | Auto 14/07/2009 27136 | C:UsersHPAppDataLocalTemp7zS44D0hpslpsvc64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 19/05/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) – c:Program Files (x86)Common FilesLightScribeLSSrvc.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
    SS – | Demand 16/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SR – | Auto 01/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) – C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe
    SR – | Auto 18/08/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 28/09/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
    SS – | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) – C:Program Files (x86)OrangeOrangeUpdateServiceOUCore.exe
    SR – | Auto 14/10/2009 635416 | (pdfcDispatcher) . (.PDF Complete Inc.) – C:Program Files (x86)PDF Completepdfsvc.exe
    SR – | Auto 10/07/1658 0 | (PnkBstrA) . (…) – C:Windowssystem32PnkBstrA.exe
    SR – | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) – C:Program Files (x86)Spybot – Search & DestroySDWinSec.exe
    SS – | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Demand 21/09/2013 565672 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
    SR – | Auto 22/03/2013 93072 | (TomTomHOMEService) . (.TomTom.) – C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe
    SS – | Demand 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 30s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by HP at 21/11/2013 21:14:54
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by HP at 21/11/2013 21:14:56

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 12996 – (20/11/2013)
    Clés trouvées (Keys found) : 9
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 4
    Fichiers trouvés (Files found) : 2

    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallPC Registry Shield_is1] =>Rogue.PCRegistryShield^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAssociations]:bak_Application =>Hijacker.Agent
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKCUSoftwareClassesMF] =>PUP.MediaFinder
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstallPC Registry Shield_is1] =>Rogue.PCRegistryShield
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:tuto4pc_fr_33 =>PUP.Eorezo^
    C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultextensionscrossriderapp4479@crossrider.com =>Adware.VidSaver^
    C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultextensions{d9d84756-ae9a-4ad7-9a0e-6d914bb7580e} =>PUP.QuickShare^
    C:Program Files (x86)PC Registry Shield =>Rogue.PCRegistryShield^
    C:ProgramDataMicrosoftWindowsStart MenuProgramsPC Registry Shield =>Rogue.PCRegistryShield
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: Modified =>Hijacker.Application^
    C:WindowsInstallerd70d30.msi =>PUP.QuickShare^
    ~ Additionnel Scan: 318648 Items scanned in 00mn 32s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver” onclick=”window.open(this.href);return false; =>Adware.VidSaver
    ~ http://nicolascoolman.webs.com/apps/blog/show/28577022-pup-quickshare” onclick=”window.open(this.href);return false; =>PUP.QuickShare
    ~ http://nicolascoolman.webs.com/apps/blog/show/27632288-toolbar-vgrabber” onclick=”window.open(this.href);return false; =>PUP.vGrabber
    ~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo” onclick=”window.open(this.href);return false; =>PUP.EoRezo
    ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
    ~ http://nicolascoolman.webs.com/apps/blog/show/28445531-pup-mediafinder” onclick=”window.open(this.href);return false; =>PUP.MediaFinder
    ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    ~ MSI: 7 link(s) detected in 00mn 32s

    ~ 1759 Legitimates filtered by white list
    End of the scan (522 lines in 13mn 11s)(0)

  • Photo du profil de Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonsoir

    /! SpyBot S&D n’est plus utilisé (obsolète, plus permorfant)

    1/

    Applique ce correctif =>

    Ouvre le bloc-notes
    Séléctionne et copie dedans le script

    Script ZHPFix
    ShortcutFix
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: Modified =>Hijacker.Application
    [MD5.794D4B48DFB6E999537C7C3947863463] – (.Safer Networking Ltd. – Spybot-S&D Security Center integration.) — C:Program Files (x86)Spybot – Search & DestroySDWinSec.exe [1153368] [PID.2844]
    M2 – MFEP: prefs.js [HP – y1b3lk0d.defaultcrossriderapp4479@crossrider.com] [] Giant Savings v (..) =>Adware.VidSaver
    M2 – MFEP: prefs.js [HP – y1b3lk0d.default{d9d84756-ae9a-4ad7-9a0e-6d914bb7580e}] [] QuickShare Widget v1.0.16.0 (..) =>PUP.QuickShare
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Clé orpheline => CheckPoint ZAForceField
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} Clé orpheline => Toolbar.ZoneAlarm
    O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline => Toolbar.Norton
    O4 – GSDesktop [Public]: Internet ADSL.lnk – Clé orpheline => Orphean Key not necessary
    O4 – GSDesktop [HP]: Aller sur MSN.fr.lnk – Clé orpheline => Orphean Key not necessary
    O4 – GSDesktop [HP]: Continue vGrabber Installation.lnk . (…) — C:UsersHPAppDataLocalTempICReinstall_setup.exe (.not file.) =>PUP.vGrabber
    O4 – HKLM..Wow6432NodeRun: [tuto4pc_fr_33] Clé orpheline =>PUP.Eorezo
    [MD5.00000000000000000000000000000000] [APT] [{66E9A659-6846-4DA8-8C24-6E6AACDFE048}] (…) — G:pilote_sagemfast800pilote_sagemfast800setup.exe (.not file.) [0] => Fichier absent
    O42 – Logiciel: PC Registry Shield – (.ShieldApps.) [HKLM][64Bits] — PC Registry Shield_is1 =>Rogue.PCRegistryShield
    O43 – CFD: 22/06/2013 – 16:23:39 – [15,218] —-D C:Program Files (x86)PC Registry Shield =>Rogue.PCRegistryShield
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.DockingPositionDown”, false); => Hijacker.SmartBar*
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.SmartbarDisabled”, false); =>Hijacker.SmartBar
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.SmartbarStateMinimaized”, false); =>Hijacker.SmartBar
    O69 – SBI: prefs.js [HP – y1b3lk0d.default] user_pref(“extensions.helperbar.Visibility”, false); => Hijacker.SmartBar*
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – => Toolbar.Bing
    [MD5.D12E504B9C195A84A264A79388B55A88] [WIS][13/05/2013] (.Linkury Inc. – QuickShare Widget.) — C:WindowsInstallerd70d30.msi [8495104] =>PUP.QuickShare
    SR – | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) – C:Program Files (x86)Spybot – Search & DestroySDWinSec.exe => Safer Networking Ltd – Spybot S&D
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallPC Registry Shield_is1] =>Rogue.PCRegistryShield^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAssociations]:bak_Application =>Hijacker.Agent
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKCUSoftwareClassesMF] =>PUP.MediaFinder
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstallPC Registry Shield_is1] =>Rogue.PCRegistryShield
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:tuto4pc_fr_33 =>PUP.Eorezo^
    C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultextensionscrossriderapp4479@crossrider.com =>Adware.VidSaver^
    C:UsersHPAppDataRoamingMozillaFirefoxProfilesy1b3lk0d.defaultextensions{d9d84756-ae9a-4ad7-9a0e-6d914bb7580e} =>PUP.QuickShare^
    C:Program Files (x86)PC Registry Shield =>Rogue.PCRegistryShield^
    C:ProgramDataMicrosoftWindowsStart MenuProgramsPC Registry Shield =>Rogue.PCRegistryShield
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: Modified =>Hijacker.Application^
    C:WindowsInstallerd70d30.msi =>PUP.QuickShare^
    EmptyCLSID
    Emptytemp
    EmptyFlash

    Double-clique sur le raccourci du programme “ZHPFix” qui est sur ton bureau

    Dans l’interface du logiciel qui s’est ouvert, clique sur “Importer” pour coller le Script ZHPFix

    Si le script n’est pas conforme
    Un avertissement s’affiche
    Le script doit comporter obligatoirement comme première ligne Script ZHPFix

    Si le script est conforme
    Le texte précédemment copié doit être maintenant affiché automatiquement dans l’interface de ZHPFix

    Vérifie que le script dans ZHPFix correspond aux lignes précédentes
    Clique sur le bouton « GO » pour lancer le nettoyage
    Confirme ce nettoyage en cliquant sur “OUI” dans les deux fenêtres suivantes


    Ce traitement peut durer jusqu’à plusieurs minutes avant le nettoyage proprement dit des lignes du script
    Le nettoyage s’effectue, ne touche à rien pendant cette étape, si le programme demande un redémarrage du pc fait le
    A l’issue un rapport ZHPFix.txt s’affiche dans la zone de rapport de l’interface et dans le bloc note Windows
    Le rapport est aussi sauvegardé sur le Bureau Windows et dans le dossier : CUsernomxxxAppDataRoamingZHPZHPFix.txt

    Poste le contenu de ce rapport par un copier/coller dans ta réponse sur le forum

    Ferme ZHPFix et le bloc note par la croix rouge en haut à droite des deux fenêtres

    2/
    Mises à jour à effectuer =>
    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin => Adobe Systems // Vérif si bien en 11.9.900.152
    Adobe Reader XI => Adobe Systems // Vérif si bien en 11.0.05
    Java 7 Update 21 => Oracle // en 7u45

    Liens => http://forum.pcastuces.com/maj_logiciels_de_securite-f25s25842.htm” onclick=”window.open(this.href);return false;

    Quand tout est complété, reviens avec le rapport de ZHPFix

    ;)

  • Photo du profil de ducgordonducgordon
    Participant
    Post count: 37

    ZHPFix.txtRapport de ZHPFix 2013.11.19.7 par Nicolas Coolman, Update du 19/11/2013
    Fichier d’export Registre :
    Run by HP at 22/11/2013 19:40:53
    High Elevated Privileges : OK
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

    Corbeille vidée (00mn 10s)
    Réparation des raccourcis navigateur

    ========== Logiciels ==========
    SUPPRIMÉ: PC Registry Shield

    ========== Processus mémoire ==========
    SUPPRIMÉ: Memory Process: C:Program Files (x86)Spybot – Search & DestroySDWinSec.exe

    ========== Clés du Registre ==========
    SUPPRIMÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    SUPPRIMÉ: Service: SBSDWSCService
    SUPPRIMÉ: HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C9A6357B-25CC-4BCF-96C1-78736985D412}
    SUPPRIMÉ: HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32
    SUPPRIMÉ: HKCUSoftwareClassesMF
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856
    SUPPRIMÉ:* HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494

    ========== Valeurs du Registre ==========
    SUPPRIMÉ: Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}
    SUPPRIMÉ: Toolbar: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
    SUPPRIMÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
    SUPPRIMÉ RunValue: tuto4pc_fr_33
    SUPPRIMÉ [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAssociations]:bak_Application

    ========== Eléments de donnée du Registre ==========
    SUPPRIMÉ Explorer Association Data Application: http://www.helpmeopen.com/?n=app&ext=” onclick=”window.open(this.href);return false;%s
    SUPPRIMÉ Explorer Association Data Application: http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=” onclick=”window.open(this.href);return false;%s

    ========== Préférences navigateur ==========
    SUPPRIMÉ Mozilla Pref: user_pref(“extensions.helperbar.DockingPositionDown”, false);
    SUPPRIMÉ Mozilla Pref: user_pref(“extensions.helperbar.SmartbarDisabled”, false);
    SUPPRIMÉ Mozilla Pref: user_pref(“extensions.helperbar.SmartbarStateMinimaized”, false);
    SUPPRIMÉ Mozilla Pref: user_pref(“extensions.helperbar.Visibility”, false);

    ========== Dossiers ==========
    SUPPRIMÉ: C:UsersHPAppDataLocal{00B389C9-6B29-4C02-A7EE-BA6954EAA2B6}
    SUPPRIMÉ: C:UsersHPAppDataLocal{01241FD9-EE6E-48D4-9715-46AE9167C503}
    SUPPRIMÉ: C:UsersHPAppDataLocal{03EEC0B7-BD3B-48D8-96ED-732C74C35DF5}
    SUPPRIMÉ: C:UsersHPAppDataLocal{044F1D99-D25A-4EB7-AF7C-39628BDD04DB}
    SUPPRIMÉ: C:UsersHPAppDataLocal{04956819-4DAA-4016-8818-8EF068DD67BE}
    SUPPRIMÉ: C:UsersHPAppDataLocal{04C342F5-AE15-493F-BFC1-E5123E767CA4}
    SUPPRIMÉ: C:UsersHPAppDataLocal{064F4596-8E67-4610-9D25-023AD2879C0B}
    SUPPRIMÉ: C:UsersHPAppDataLocal{06742711-C50C-48C7-8928-55A966214B71}
    SUPPRIMÉ: C:UsersHPAppDataLocal{069481CF-F995-4993-86A4-BFC054741981}
    SUPPRIMÉ: C:UsersHPAppDataLocal{06E7BCAE-4BCC-4D75-B587-ECD23DFE175D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{0783C2E9-FF41-4A3B-AE84-2B3F8FE6F38F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{07E348EF-DD43-47FE-AA05-C68397FDA6F6}
    SUPPRIMÉ: C:UsersHPAppDataLocal{0AE1537C-26F8-487F-A345-A73F1AC11D01}
    SUPPRIMÉ: C:UsersHPAppDataLocal{0CD0A768-3D7D-4940-8AC9-4DF1BE6265A5}
    SUPPRIMÉ: C:UsersHPAppDataLocal{0DEBBA8D-1355-4B70-B8B6-C2AFDB2E5DF2}
    SUPPRIMÉ: C:UsersHPAppDataLocal{112B2196-D396-43F7-95ED-76A016A53176}
    SUPPRIMÉ: C:UsersHPAppDataLocal{11F0A161-3FB2-44E0-A4C6-B2A37D439B70}
    SUPPRIMÉ: C:UsersHPAppDataLocal{12F66083-6A57-44B9-8A02-06080A8F65EE}
    SUPPRIMÉ: C:UsersHPAppDataLocal{13DC0805-2D9C-4A99-9B18-88695AADB226}
    SUPPRIMÉ: C:UsersHPAppDataLocal{15189A5B-F125-4F8F-85A6-C7F1838E5CD8}
    SUPPRIMÉ: C:UsersHPAppDataLocal{173E0A3C-27B1-46D5-A717-DE0F46590F0F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{1750E386-DBF0-42BA-8C79-3C1936FAA260}
    SUPPRIMÉ: C:UsersHPAppDataLocal{18A9245C-7A8A-4432-A9C8-A1771D82F8C9}
    SUPPRIMÉ: C:UsersHPAppDataLocal{19746672-559D-48C4-94EE-3D03778291E8}
    SUPPRIMÉ: C:UsersHPAppDataLocal{1A3E07B0-32B4-444F-B163-6A13BE2A49A4}
    SUPPRIMÉ: C:UsersHPAppDataLocal{1A6632C5-7865-4705-9166-D2F44A221D64}
    SUPPRIMÉ: C:UsersHPAppDataLocal{1BA16248-6950-416D-A8C9-1344E6BD4370}
    SUPPRIMÉ: C:UsersHPAppDataLocal{1BD53456-FA91-4856-9BA4-A15F727CA7BC}
    SUPPRIMÉ: C:UsersHPAppDataLocal{1BDB9A76-97C0-4A77-B7CF-1817EC6F6506}
    SUPPRIMÉ: C:UsersHPAppDataLocal{1C665335-8ADA-49AC-9E29-C7CFF37FBB9B}
    SUPPRIMÉ: C:UsersHPAppDataLocal{1D46FD0C-7C73-457E-8D58-5D593395E505}
    SUPPRIMÉ: C:UsersHPAppDataLocal{1E20F786-1F9D-4F39-99D1-48E75F7930D0}
    SUPPRIMÉ: C:UsersHPAppDataLocal{1EB9FD7B-F000-4A20-BD32-71EA05D653F6}
    SUPPRIMÉ: C:UsersHPAppDataLocal{1EE648D9-0F58-4626-832C-962A8717AA9D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{20676732-F989-4BBC-BB36-D97B58C7191A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{214F6987-5118-4D05-A01D-BCAB2F2EB431}
    SUPPRIMÉ: C:UsersHPAppDataLocal{22C662E7-079C-4F3E-AE92-5900CE89AB5D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{2593D7AF-E562-42E4-9DB7-A6A9E89FCF18}
    SUPPRIMÉ: C:UsersHPAppDataLocal{268F382B-F1D6-4FEE-8D71-05E5DDF4F8D2}
    SUPPRIMÉ: C:UsersHPAppDataLocal{27621BB6-16DE-4908-861D-AD87AAEB5497}
    SUPPRIMÉ: C:UsersHPAppDataLocal{27AD7614-3746-4B88-8415-2124D7C105C8}
    SUPPRIMÉ: C:UsersHPAppDataLocal{291A2302-99D1-4C3D-A2A1-F4BD0937A14C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{29FDC035-98C9-4FC4-A03C-72635ADC7299}
    SUPPRIMÉ: C:UsersHPAppDataLocal{2A25F731-1397-4754-A082-03DC1AFC0DB8}
    SUPPRIMÉ: C:UsersHPAppDataLocal{2B0035A5-C38C-4721-87A8-A4A025578D00}
    SUPPRIMÉ: C:UsersHPAppDataLocal{2B9AC810-47C1-4845-ACA1-6671D3FACFEC}
    SUPPRIMÉ: C:UsersHPAppDataLocal{2F50A8F5-9231-412D-86AE-3E6C50607D21}
    SUPPRIMÉ: C:UsersHPAppDataLocal{31D951D7-A760-489A-A756-E089DA81FA7A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{3238B3B8-F7BC-4A62-B6A4-CC74CBC26D4B}
    SUPPRIMÉ: C:UsersHPAppDataLocal{32A8410B-3E87-440A-BAF8-2BA780F7203E}
    SUPPRIMÉ: C:UsersHPAppDataLocal{348C9132-257E-4617-AD6F-891F19FA18E6}
    SUPPRIMÉ: C:UsersHPAppDataLocal{359915EF-7086-426B-8755-3401D5C3FC79}
    SUPPRIMÉ: C:UsersHPAppDataLocal{36F313A6-1F88-4A59-87E2-2F4B45C17DDF}
    SUPPRIMÉ: C:UsersHPAppDataLocal{38303EE3-89C6-4F33-882E-5EC83F118DE1}
    SUPPRIMÉ: C:UsersHPAppDataLocal{3A197263-93B8-4E78-943D-681D10A147A2}
    SUPPRIMÉ: C:UsersHPAppDataLocal{3A44B57A-2F3B-4F36-91DC-135287F32BED}
    SUPPRIMÉ: C:UsersHPAppDataLocal{3AA910B6-5277-406F-B4DD-B3B1ABDC1EFC}
    SUPPRIMÉ: C:UsersHPAppDataLocal{3B0336EE-516F-441F-8156-6642AB5E325E}
    SUPPRIMÉ: C:UsersHPAppDataLocal{3B6D1D06-EE07-420F-BE7F-2DCB78C3BF77}
    SUPPRIMÉ: C:UsersHPAppDataLocal{3C4B4BCD-7965-4CFE-8C77-597AAC5EF008}
    SUPPRIMÉ: C:UsersHPAppDataLocal{3E291C6B-B90B-4DF3-A529-15AE3BB01211}
    SUPPRIMÉ: C:UsersHPAppDataLocal{3EC763FA-7A11-417C-8996-580CF815B1AA}
    SUPPRIMÉ: C:UsersHPAppDataLocal{409E36E3-D616-4918-BDEC-5A717C94E87E}
    SUPPRIMÉ: C:UsersHPAppDataLocal{40E93532-A429-406D-95D4-429B3FA14A24}
    SUPPRIMÉ: C:UsersHPAppDataLocal{40F05A71-0BC6-4EA0-AE56-7F04CFA9BA0C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{42CB6D46-B6A8-434E-A87E-C714CD587228}
    SUPPRIMÉ: C:UsersHPAppDataLocal{44FE4F27-E45D-4853-B5DB-ECDFA7FFD86A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{45287357-4F7B-44EE-92C0-C80C538F27E2}
    SUPPRIMÉ: C:UsersHPAppDataLocal{47FBC5D8-EED2-4AEA-B578-EC2631660F7D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{4811980D-B0E6-479D-9063-C59D578CAC7D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{484787CE-ECB5-4431-A094-B383BAF5E5E2}
    SUPPRIMÉ: C:UsersHPAppDataLocal{49781B9C-318A-4C94-B955-3C00DF6F6FAA}
    SUPPRIMÉ: C:UsersHPAppDataLocal{49E9B125-8761-48C8-A19C-30F5E9BB8E54}
    SUPPRIMÉ: C:UsersHPAppDataLocal{4A51C689-ABE7-4110-899F-75941957E9E8}
    SUPPRIMÉ: C:UsersHPAppDataLocal{4A6BEEE8-0D12-42A5-B4AD-20FFB9946F79}
    SUPPRIMÉ: C:UsersHPAppDataLocal{4D25A5D2-75F3-451F-AF7E-72A2567378FD}
    SUPPRIMÉ: C:UsersHPAppDataLocal{4DAE60AD-61FE-4C43-9491-2C7AEB6CC202}
    SUPPRIMÉ: C:UsersHPAppDataLocal{4E2E09D8-7472-42EC-8D01-53F6D6248555}
    SUPPRIMÉ: C:UsersHPAppDataLocal{4EFC864D-059E-4F61-A03C-8ABDCAF691C8}
    SUPPRIMÉ: C:UsersHPAppDataLocal{4FEAA6B3-E47B-4111-AAAF-6617CC8DF522}
    SUPPRIMÉ: C:UsersHPAppDataLocal{51D2BC5B-5749-456C-8722-B56D4932C689}
    SUPPRIMÉ: C:UsersHPAppDataLocal{51F394B5-FC98-4760-8EDB-41D96070E4C3}
    SUPPRIMÉ: C:UsersHPAppDataLocal{5231DF42-DDDC-4BB0-A9E4-CFC5B8BFC159}
    SUPPRIMÉ: C:UsersHPAppDataLocal{53320B85-C37F-41DE-80A5-7385C2BD729D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{53840379-16C0-4FEB-B81C-7372A20B4517}
    SUPPRIMÉ: C:UsersHPAppDataLocal{55AB94F0-8D06-4D87-B230-377F573E371C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{55EA9DF6-18DE-4C8B-94AF-07B2BC732FB5}
    SUPPRIMÉ: C:UsersHPAppDataLocal{588EF2C2-A96D-4E61-B997-D09EB7BACE38}
    SUPPRIMÉ: C:UsersHPAppDataLocal{589FC963-B6AF-4843-A9AE-6BAA89B928C4}
    SUPPRIMÉ: C:UsersHPAppDataLocal{5AEE2F54-60D5-4700-B7B4-32CC37ECD221}
    SUPPRIMÉ: C:UsersHPAppDataLocal{5C8AA6E8-2637-4D19-AD89-802B7D268AB2}
    SUPPRIMÉ: C:UsersHPAppDataLocal{5D745915-DBDC-44D5-A523-73D666C59547}
    SUPPRIMÉ: C:UsersHPAppDataLocal{5E3FFCE6-7B99-48C4-BA0F-1CF402C3BD62}
    SUPPRIMÉ: C:UsersHPAppDataLocal{6170FE9F-CF0C-4503-9EE3-D4D124EEF864}
    SUPPRIMÉ: C:UsersHPAppDataLocal{62E110CF-FFCA-4171-AB22-C5B3C5088E11}
    SUPPRIMÉ: C:UsersHPAppDataLocal{63A7F1FD-8875-4019-8A75-2397656F8B6A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{641C0FBB-4088-4FF0-AE92-433C636A53DE}
    SUPPRIMÉ: C:UsersHPAppDataLocal{646545BF-3854-4750-8793-04E9B960E1EB}
    SUPPRIMÉ: C:UsersHPAppDataLocal{65861CC3-72DD-42EF-8966-27C0235476DE}
    SUPPRIMÉ: C:UsersHPAppDataLocal{66C61B24-9670-4C0D-B9CF-D04F83B2D1BA}
    SUPPRIMÉ: C:UsersHPAppDataLocal{67DB9A90-6919-4ED3-9803-ED1C7CEA369C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{6816C372-D9A1-4FCF-A904-F9E2E9CD8B50}
    SUPPRIMÉ: C:UsersHPAppDataLocal{691EC2A1-08D5-44C1-9A72-61AA9E65C966}
    SUPPRIMÉ: C:UsersHPAppDataLocal{6D7A0627-6740-424A-BFA1-FB929FC08779}
    SUPPRIMÉ: C:UsersHPAppDataLocal{6DD6DFD4-B1FF-4675-9F10-8EAD2A40D06F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{6DF9F04F-3CD0-4719-BB14-40C01D8658A9}
    SUPPRIMÉ: C:UsersHPAppDataLocal{6E5F2D4B-3A17-4C7E-A2DE-FF06582DF0FC}
    SUPPRIMÉ: C:UsersHPAppDataLocal{6EB51B70-50F5-46A2-AFA6-178877F9C87C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{6EF57ACF-09A4-4162-9908-E22967AB6DED}
    SUPPRIMÉ: C:UsersHPAppDataLocal{6FE1A812-8392-4033-BD17-64A902B574C4}
    SUPPRIMÉ: C:UsersHPAppDataLocal{710B740B-4D47-4F2D-A515-8D2539554B0F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{710E9FB2-34E9-4EBD-930A-14DE7AB5F396}
    SUPPRIMÉ: C:UsersHPAppDataLocal{72C5741F-A01F-46CB-957C-7F2FC27A16BF}
    SUPPRIMÉ: C:UsersHPAppDataLocal{732AEB6F-AC1E-4BB8-8B45-DDDC6A2CD96C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{73A85BC0-3E40-4AD9-BC70-E053C9B95992}
    SUPPRIMÉ: C:UsersHPAppDataLocal{73ADC509-4A4E-4EB4-8948-0EF440B13037}
    SUPPRIMÉ: C:UsersHPAppDataLocal{73F632A5-3059-48B6-BF54-E2D0789D8A81}
    SUPPRIMÉ: C:UsersHPAppDataLocal{74A2A664-D79A-4886-88AA-386338557274}
    SUPPRIMÉ: C:UsersHPAppDataLocal{74A90BA0-34BE-4118-8446-70A6D4937E78}
    SUPPRIMÉ: C:UsersHPAppDataLocal{74E67900-A52A-4FB6-BFD2-CAEF3B5C0122}
    SUPPRIMÉ: C:UsersHPAppDataLocal{756E6738-1B95-470A-91AC-AD15A386FA9E}
    SUPPRIMÉ: C:UsersHPAppDataLocal{75A55637-246A-4D8F-A429-DD9749901098}
    SUPPRIMÉ: C:UsersHPAppDataLocal{7707F02A-C51E-4849-80B2-E0BB14E290F1}
    SUPPRIMÉ: C:UsersHPAppDataLocal{779F32D8-9318-4E7F-95E8-219B8B7C9A03}
    SUPPRIMÉ: C:UsersHPAppDataLocal{7835F78F-6739-44BE-8A43-11A0A245772B}
    SUPPRIMÉ: C:UsersHPAppDataLocal{789B78B6-85E3-4A65-ADA8-19D3482B10AA}
    SUPPRIMÉ: C:UsersHPAppDataLocal{795BD4E3-9CDB-4851-858E-73AC5C3DF5FB}
    SUPPRIMÉ: C:UsersHPAppDataLocal{79FC5F74-D973-4BBC-82E4-A52DB822BEC5}
    SUPPRIMÉ: C:UsersHPAppDataLocal{79FD54D7-1C88-4E2F-9CBF-BD69F48B940C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{7A8318F3-D18F-4DAF-AB37-02805ABBB92A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{7B7C81FF-FEDD-441A-93C3-2AABC8D9DD69}
    SUPPRIMÉ: C:UsersHPAppDataLocal{7BA924B4-3B61-49BF-98D9-10B52B9BA7D7}
    SUPPRIMÉ: C:UsersHPAppDataLocal{7BE58FCD-F7A7-4CDC-91FF-EFDBD17748A5}
    SUPPRIMÉ: C:UsersHPAppDataLocal{7D9C60AC-E914-47C8-9769-2E7DF970D61F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{7DC73797-F653-41E9-87C2-26FEB6E53175}
    SUPPRIMÉ: C:UsersHPAppDataLocal{7E5FE1A9-B74B-4316-A910-F8418BFE8CF3}
    SUPPRIMÉ: C:UsersHPAppDataLocal{7E77B45E-048F-4C89-AA96-A17B876EE661}
    SUPPRIMÉ: C:UsersHPAppDataLocal{7ECC71E2-D3CA-4D27-9AD4-01AC145E4E56}
    SUPPRIMÉ: C:UsersHPAppDataLocal{816BCDDE-ED4D-405F-A51A-E650D86E6CCF}
    SUPPRIMÉ: C:UsersHPAppDataLocal{82866C7F-B51C-4E7D-A182-116900333779}
    SUPPRIMÉ: C:UsersHPAppDataLocal{829B4353-B768-4047-BEE9-49B00977F2DA}
    SUPPRIMÉ: C:UsersHPAppDataLocal{82AFBE9E-3887-4047-88A5-11709C9710ED}
    SUPPRIMÉ: C:UsersHPAppDataLocal{8307CDA3-15AF-4CAE-9266-6A0CD426A5E8}
    SUPPRIMÉ: C:UsersHPAppDataLocal{836EF545-872A-490E-9CD7-DB6105371BFC}
    SUPPRIMÉ: C:UsersHPAppDataLocal{850264EA-D317-45C8-A0F4-FEA2C796BD95}
    SUPPRIMÉ: C:UsersHPAppDataLocal{857A51DB-E9BA-4E5D-A696-B33D658B285A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{85CD05F3-716B-47F0-B7CD-8EA58B25B1AA}
    SUPPRIMÉ: C:UsersHPAppDataLocal{86290AE3-2BAD-4855-8408-8BAF10E998F3}
    SUPPRIMÉ: C:UsersHPAppDataLocal{86EA1A59-EF8D-48F6-AA94-8041BCDB18EA}
    SUPPRIMÉ: C:UsersHPAppDataLocal{89B61278-2F38-4949-986E-D83A370B9CE5}
    SUPPRIMÉ: C:UsersHPAppDataLocal{8A98B77E-59D7-413C-A95D-65738222DCAA}
    SUPPRIMÉ: C:UsersHPAppDataLocal{8BC83A5F-C40D-43C3-9CBB-EDE0B40BB8E1}
    SUPPRIMÉ: C:UsersHPAppDataLocal{8C0EBAA3-4E92-4771-AE38-5360027F05C8}
    SUPPRIMÉ: C:UsersHPAppDataLocal{8DAAB7A5-7701-4034-8E34-DDC881743E8D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{8F04300D-F9C1-4886-A71A-29737D7CA110}
    SUPPRIMÉ: C:UsersHPAppDataLocal{8F6C94B7-62CB-4F29-9ED0-15899C1BD83A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{8FC975DF-B436-4563-8216-6BE28111A066}
    SUPPRIMÉ: C:UsersHPAppDataLocal{900AC3D6-E2A4-4A41-8454-7689369BE100}
    SUPPRIMÉ: C:UsersHPAppDataLocal{911030C9-E623-49F0-8B46-82BCE5CEF894}
    SUPPRIMÉ: C:UsersHPAppDataLocal{9112658C-D7FF-473C-9AF9-0AC09DF311A3}
    SUPPRIMÉ: C:UsersHPAppDataLocal{92C661A4-A6BB-496D-93F8-FBECEB1E0D8D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{937CE991-0CAB-4CD3-9651-67667A6E0C42}
    SUPPRIMÉ: C:UsersHPAppDataLocal{93815362-67EB-4091-B0F8-012AB335EA19}
    SUPPRIMÉ: C:UsersHPAppDataLocal{93BD8A97-D1B3-467D-BB69-0CF1AC251198}
    SUPPRIMÉ: C:UsersHPAppDataLocal{9542EF90-BB72-41C9-9856-1605D18673EA}
    SUPPRIMÉ: C:UsersHPAppDataLocal{95C32B38-1F28-4331-ABA7-38A55DCEEAE9}
    SUPPRIMÉ: C:UsersHPAppDataLocal{9718E9CF-E278-49E2-9686-B68D16A4CFA9}
    SUPPRIMÉ: C:UsersHPAppDataLocal{97811D52-C1D9-4E4C-9C1D-BFB427F6CB2F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{99554469-CC32-46A9-9F98-B962D14D9803}
    SUPPRIMÉ: C:UsersHPAppDataLocal{9A111E86-D810-4333-B965-0E7CCDD18D78}
    SUPPRIMÉ: C:UsersHPAppDataLocal{9A584E83-88BF-4B14-98B1-93F73DE5F143}
    SUPPRIMÉ: C:UsersHPAppDataLocal{9B7543C7-C1A7-4127-881C-27773121A1A7}
    SUPPRIMÉ: C:UsersHPAppDataLocal{9B9CD1D8-3660-4D90-B5BE-8FF6ECB8E3C6}
    SUPPRIMÉ: C:UsersHPAppDataLocal{9CDF48FC-A4CD-4FE8-9286-5B0E205201C8}
    SUPPRIMÉ: C:UsersHPAppDataLocal{9E4C4CC5-608B-4CCE-A780-425E8941E358}
    SUPPRIMÉ: C:UsersHPAppDataLocal{9E7AC48A-2D42-4B02-9C2A-B8281630A021}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A0342659-E6A2-484F-B5A3-28F72EC06FE1}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A054EE32-2363-4057-8C6A-F1E16F5DB5B3}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A14173BA-317E-4DD2-9B00-454435AEE813}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A189C413-1EC4-4104-AFF3-7F07228D6B5C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A1CAFAB3-2863-4B43-BDBB-B07FDB03604A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A412C818-759E-4F57-8AAC-4CBB01E8E497}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A5ADEB1F-528F-4049-99A7-2967CA77B4BF}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A601A98C-DFE0-44FB-936D-9FD71D35CA9F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A64AFD2B-F82A-4D72-9755-1D0FC651619B}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A7284D85-456E-4F4F-AB37-7B720B338B90}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A77E9FD2-C818-4C6D-83A0-98C5D87CD64B}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A7FEDD74-0702-4B27-B601-ADCC8C896EB6}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A8F3E934-B5C7-42A1-8214-DF6AB382A79B}
    SUPPRIMÉ: C:UsersHPAppDataLocal{A90C60A3-FE52-43D4-9D5A-EF620D3B6A03}
    SUPPRIMÉ: C:UsersHPAppDataLocal{AB608928-320A-4B5E-8FFC-5CA343B5828B}
    SUPPRIMÉ: C:UsersHPAppDataLocal{AD8789FE-0794-4ABF-AFA7-D36CBACFC4FE}
    SUPPRIMÉ: C:UsersHPAppDataLocal{B04F467F-FF55-495D-BA7D-6C5C0D8B3BE3}
    SUPPRIMÉ: C:UsersHPAppDataLocal{B187C170-108E-4F8E-98E1-984D832C86CC}
    SUPPRIMÉ: C:UsersHPAppDataLocal{B22DAB20-3E32-4DDA-BD7C-88E4565E94FC}
    SUPPRIMÉ: C:UsersHPAppDataLocal{B5468742-F8B9-4C58-A8D2-566E32E20A20}
    SUPPRIMÉ: C:UsersHPAppDataLocal{B5C6282A-C388-44B3-8DB1-C81A28622937}
    SUPPRIMÉ: C:UsersHPAppDataLocal{B5ED61C9-912A-473B-A36D-F5A8AF4A039E}
    SUPPRIMÉ: C:UsersHPAppDataLocal{B7C7B3B9-4A76-4290-A2B4-0599C74498DD}
    SUPPRIMÉ: C:UsersHPAppDataLocal{B8F19C9A-B998-4883-92E9-4F9BEACB810C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{B8FC3A88-43F6-4052-8E0E-F24054E36813}
    SUPPRIMÉ: C:UsersHPAppDataLocal{BAC43C2F-E251-4B88-8F39-3199F820A863}
    SUPPRIMÉ: C:UsersHPAppDataLocal{BDA74DB4-5236-40BC-88FA-5BA74B5AA8AD}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C0D0057A-F62A-42C1-AF71-1EBCA5C85DEE}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C0E3B98F-8A70-41ED-BF0D-C841D6FB155A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C295B6F8-F021-46E2-9F20-474D4E7C4363}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C359A4EB-9239-462A-A49F-E9C99CD2415F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C3B9041E-0872-4D54-B390-746F5C39E5BE}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C49291FC-3C49-44A3-A9CA-97DED8449426}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C5382F87-687D-4528-BA99-132409063E1D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C603CC4D-5E3E-47A8-8CD6-9B0D695C6D7A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C6765F47-2493-44B6-A990-B3BE8FB5DCB8}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C86F14B3-5DAE-4A64-8C57-1903A1983DDF}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C87A54BC-6DA5-44CD-8640-027F528BA47C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C8E7B4D6-DE11-4C7B-90DE-19C4FEED449D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{C922E93A-2905-4FE2-8528-32422FF05D16}
    SUPPRIMÉ: C:UsersHPAppDataLocal{CB50C053-25A6-415A-90B7-DF1DAC78EF6A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{CBA7CFFE-A08F-49AF-A544-6002382A2F11}
    SUPPRIMÉ: C:UsersHPAppDataLocal{CC296F52-7612-4336-B5CB-DEDE2C2CD881}
    SUPPRIMÉ: C:UsersHPAppDataLocal{CD932756-01E8-4174-8A70-6FDA2401809E}
    SUPPRIMÉ: C:UsersHPAppDataLocal{CDAD9DE2-0B10-40F3-B3E3-221E148F5EF9}
    SUPPRIMÉ: C:UsersHPAppDataLocal{CF8B56BF-A718-4A47-96C5-F0759904DEE5}
    SUPPRIMÉ: C:UsersHPAppDataLocal{CFBFB5ED-9731-491F-B01C-21D4BD4EA787}
    SUPPRIMÉ: C:UsersHPAppDataLocal{D01B13D0-19CD-4C9B-A0BC-150DEC7335A5}
    SUPPRIMÉ: C:UsersHPAppDataLocal{D048BA2A-6974-4D95-999C-B8CDCA452E1D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{D09C8E4A-8B5A-49EC-9096-2383B8E9326E}
    SUPPRIMÉ: C:UsersHPAppDataLocal{D5685B50-AF15-4DDE-B565-B39290E45E08}
    SUPPRIMÉ: C:UsersHPAppDataLocal{D5EA135B-2988-4379-885E-EEAF6FE3D685}
    SUPPRIMÉ: C:UsersHPAppDataLocal{D5F2FCA5-9CE6-46C8-9063-0EB6D488B91B}
    SUPPRIMÉ: C:UsersHPAppDataLocal{D609F980-46D7-4FB2-BEE3-AA0A542ACE1F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{D7F90763-F474-4584-8514-3A73D7490C68}
    SUPPRIMÉ: C:UsersHPAppDataLocal{D84670D8-599E-4274-A8EA-BFAF04055254}
    SUPPRIMÉ: C:UsersHPAppDataLocal{D9749393-9C86-4138-A8C0-4A1613E098C9}
    SUPPRIMÉ: C:UsersHPAppDataLocal{D9B7180E-D372-4208-BAD1-89A8E686E10B}
    SUPPRIMÉ: C:UsersHPAppDataLocal{DA322216-AE42-46C1-9CB0-B3B991DAF14D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{DAEB6496-22E7-4D5D-8D64-E188B458CD27}
    SUPPRIMÉ: C:UsersHPAppDataLocal{DF053056-C326-42B9-A201-88B9FC4BD76D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{E1AACA1A-6ACE-45F8-AC4D-5F177A0EF8E7}
    SUPPRIMÉ: C:UsersHPAppDataLocal{E1AB7A01-D3BB-44FC-ADDA-E87704650E13}
    SUPPRIMÉ: C:UsersHPAppDataLocal{E500D5BF-4A5C-4DBC-AA8B-E4C9BAE90C5F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{E503A15E-945A-4F81-8E10-A9F1A8CD32E4}
    SUPPRIMÉ: C:UsersHPAppDataLocal{E59E1417-476F-4043-A680-3205387266BA}
    SUPPRIMÉ: C:UsersHPAppDataLocal{E5C2FC8F-0B89-4F7D-8EA1-8280C58C3987}
    SUPPRIMÉ: C:UsersHPAppDataLocal{E70C669D-8A5E-429B-8F88-61217F31754C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{E71C6930-DB0D-4B71-AA0D-DC0161C97DFF}
    SUPPRIMÉ: C:UsersHPAppDataLocal{E78F4ABF-1BCC-4530-B44D-F3A5EF13EA56}
    SUPPRIMÉ: C:UsersHPAppDataLocal{E94A65C2-39F5-4331-9E7D-D4CF44FDCAB1}
    SUPPRIMÉ: C:UsersHPAppDataLocal{EA4D6B74-1005-4782-BEED-1618FE8C09FB}
    SUPPRIMÉ: C:UsersHPAppDataLocal{EAD3F52B-F065-4A6B-A9C7-44E3012C061A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{EB8BA92B-6EB7-496B-BA8D-66EA41B3ADF7}
    SUPPRIMÉ: C:UsersHPAppDataLocal{EBBA4444-D599-4499-AE25-2D2418875C23}
    SUPPRIMÉ: C:UsersHPAppDataLocal{EC9C639A-9D81-401C-AFB2-D6A11B574589}
    SUPPRIMÉ: C:UsersHPAppDataLocal{EEE12DC2-4CC2-4F70-8B80-436C0E0C31BB}
    SUPPRIMÉ: C:UsersHPAppDataLocal{EF575EF0-27BE-42B2-8D12-076604135886}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F135764E-11DF-43B5-B5A9-2B786DDB0345}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F260C9ED-DA17-4ABE-B06E-122657C96F4A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F2923C6F-F0EF-4537-996B-8255C15AD32A}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F33085DA-8021-446B-895B-7CF3B4596E61}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F412BE87-0DD9-4ECF-A3D0-E9C9CA612BE0}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F434AA0A-368D-47B3-8B19-2AAD6F9B2B8C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F4ADFE57-7951-4B39-854C-73B2CB4C088F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F4BE71F4-D3FE-4ACD-AC32-BA5F6255359F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F54EFD50-D32F-465B-BBBF-F98D856DBEF5}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F643E43C-67B3-492C-B6C0-186FE079FC0B}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F7923325-38AB-469E-8A32-19E90AE73877}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F8444EA5-B9D3-4D84-B546-7A1E6807B41F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F8CFDFF9-FFB4-470B-977C-2E172266476D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F9111DDF-1B3A-4DC6-8B76-9567488F6A14}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F98BDEBB-2CDB-49B0-AE08-2549BC2A4067}
    SUPPRIMÉ: C:UsersHPAppDataLocal{F9CC73A2-C950-40BB-AB4B-F7048624980C}
    SUPPRIMÉ: C:UsersHPAppDataLocal{FA103729-380F-49FA-979F-20F0071AC497}
    SUPPRIMÉ: C:UsersHPAppDataLocal{FA324C06-3AC6-4E57-B63C-EDA5D7CCC637}
    SUPPRIMÉ: C:UsersHPAppDataLocal{FA55F9C6-2841-4BB1-8F6D-822F62C192DE}
    SUPPRIMÉ: C:UsersHPAppDataLocal{FB15B9E4-159C-4F0F-AC17-BA2974EFC2DD}
    SUPPRIMÉ: C:UsersHPAppDataLocal{FC4EE8CC-E97B-4EAF-8389-C91B42E5DB4D}
    SUPPRIMÉ: C:UsersHPAppDataLocal{FC7E6707-E6BE-4537-8F0F-A54D6563856F}
    SUPPRIMÉ: C:UsersHPAppDataLocal{FE5BF2F5-A73B-464B-988C-CA0DE3C30083}
    SUPPRIMÉ: C:UsersHPAppDataLocal{FEC84377-ADB8-477C-8B91-F8E58DF00771}
    SUPPRIMÉS Temporaires Windows (16)
    SUPPRIMÉS Flash Cookies (0)

    ========== Fichiers ==========
    SUPPRIMÉ:* c:program files (x86)spybot – search & destroysdwinsec.exe
    SUPPRIMÉ: c:usershpdesktopcontinue vgrabber installation.lnk
    SUPPRIMÉ: C:WindowsInstallerd70d30.msi
    SUPPRIMÉS Temporaires Windows (22) (6 025 971 octets)
    SUPPRIMÉS Flash Cookies (0) (0 octets)

    ========== Tache planifiée ==========
    SUPPRIMÉ: {66E9A659-6846-4DA8-8C24-6E6AACDFE048}

    ========== Récapitulatif ==========
    1 : Processus mémoire
    8 : Clés du Registre
    5 : Valeurs du Registre
    2 : Eléments de donnée du Registre
    280 : Dossiers
    5 : Fichiers
    1 : Logiciels
    4 : Préférences navigateur
    1 : Tache planifiée

    End of clean in 03mn 33s

    ========== Chemin de fichier rapport ==========
    C:UsersHPAppDataRoamingZHPZHPFix[R1].txt – 22/11/2013 19:41:03 [24195]

  • Photo du profil de Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Re

    Ou en es tu avec ton problème d’origine “Somoto” ?

    A demain, pour terminer si c’est Ok pour ta machine

    :dodo10: ;)

  • Photo du profil de ducgordonducgordon
    Participant
    Post count: 37

    Pour exemple je ne peux toujours pas me connecter à belote multijoueur de facebook.

    c’est l’un des défauts visible

  • Photo du profil de Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonjour Ducgordon

    … je ne peux toujours pas me connecter à belote multijoueur de Facebook …

    Ceci n’est plus lié à tes infections !
    De plus les jeux sur FB sont aléatoires en terme de fonctionnement :(

    Tu cites => “ne peut me connecter à la …… de Facebook”
    Cela peu être bcps de choses diverses =>
    – Serveurs de FB surchargés/coupés
    – Pas d’autorisation de ton pare-feu) // Contrôler que tu n’as qu’un seul pare-feu actif

    :hein:

Le sujet ‘pc infecté’ est fermé à de nouvelles réponses.