Redirection et pub 2014-05-06T17:26:33+00:00
  • Auteur
    Messages
  • Anonyme
    Post count: 0

    De rien ;)

    Bonne fin de semaine :hello:

  • lauralex
    Participant
    Post count: 26

    Merci beaucoup pour votre aide

  • Anonyme
    Post count: 0

    il faut les activer ou pas?

    Ouep :) et on en aura terminé.

    • Pour supprimer les outils de désinfections utilisés :
    • Télécharges Delfix sur ton Bureau.
    • Lance Delfix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche les cases suivantes :
      • Supprimer les outils de désinfection
      • Purger la restauration système

    [fin2desinf:1kkux338][/fin2desinf:1kkux338]

  • lauralex
    Participant
    Post count: 26

    Le pc à l’air mieux plus de pub, j’ai juste un message à propos de cookies il faut les activer ou pas?
    Merci

  • Anonyme
    Post count: 0

    :hello:

    Désinstalle Adobe Reader et installe la dernière version : http://get.adobe.com/fr/reader/” onclick=”window.open(this.href);return false;

    Comment va le PC, encore des soucis ?

  • lauralex
    Participant
    Post count: 26

    Voilà

    Shortcut: https://antimalware.top/www/?a=d&i=p8OunKQI6L” onclick=”window.open(this.href);return false;

  • Anonyme
    Post count: 0

    :hello:

    Héberge le rapport sur SosUpload stp : https://antimalware.top/” onclick=”window.open(this.href);return false; et communique le lien de téléchargement généré :)

  • lauralex
    Participant
    Post count: 26

    Pardon ça a mis du temps à charger….
    je ne peux pas mettre le rapport car le contenu est trop important comment je fais stp?

  • Anonyme
    Post count: 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome:

    • Désactive ton antivirus
    • Télécharge Shortcut_Module (de g3n-h@ckm@n) sur ton bureau.

      Note : Enregistrer votre travail avant de continuer !

    • Lance Shortcut_Module,
    • Clic sur Nettoyer

      Note : Patiente le temps du scan

    • Après le redémarrage relance l’outil et clique sur le petit “R” pour ouvrir le rapport , puis poste son contenu
  • lauralex
    Participant
    Post count: 26

    Bonjour,

    Je pense que mon pc est infecté car quand je navigue sur internet il me redirige vers d’autres pages mais surotut il y a toujours des pubs à l’intérieurs des pages (pas qui s’ouvre ailleurs) !
    J’ai lu qu’il fallait faire des scans alors je vous joints les rapports:

    Adw:

    [spoiler:25irwzp7]# AdwCleaner v3.207 – Rapport créé le 06/05/2014 à 18:08:48
    # Mis à jour le 05/05/2014 par Xplode
    # Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Nom d'utilisateur : loralex – PC-DE-LORALEX
    # Exécuté depuis : C:UsersloralexDesktopadwcleaner (1).exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDatasoafewEb
    Dossier Supprimé : C:Program FilessoafewEb
    Dossier Supprimé : C:UsersAdministrateurAppDataLocaltorch
    Dossier Supprimé : C:UsersInvitéAppDataLocalBabylon
    Dossier Supprimé : C:UsersInvitéAppDataLocalmoovida air
    Dossier Supprimé : C:UsersInvitéAppDataLocalTextual Content Provider
    Dossier Supprimé : C:UsersInvitéAppDataLocaltorch
    Dossier Supprimé : C:UsersInvitéAppDataLocalwidestream6 Air
    Dossier Supprimé : C:UsersInvitéAppDataLocalTempBabylon
    Dossier Supprimé : C:UsersInvitéAppDataLocalLowBabylonToolbar
    Dossier Supprimé : C:UsersInvitéAppDataLocalLowConduit
    Dossier Supprimé : C:UsersInvitéAppDataLocalLowConduitEngine
    Dossier Supprimé : C:UsersInvitéAppDataLocalLowPriceGong
    Dossier Supprimé : C:UsersInvitéAppDataLocalLowSweetIM
    Dossier Supprimé : C:UsersInvitéAppDataLocalLowvmntoolbar
    Dossier Supprimé : C:UsersInvitéAppDataRoamingBabylon
    Dossier Supprimé : C:UsersInvitéAppDataRoamingOfferBox
    Dossier Supprimé : C:UsersInvitéAppDataLocalGoogleChromeUser DataDefaultExtensionsbjeikeheijdjdfjbmknpefojickbkmom
    Dossier Supprimé : C:UsersInvitéAppDataLocalGoogleChromeUser DataDefaultExtensionseppeebfgcgojgpffkdcpiljephjaboki
    Dossier Supprimé : C:UsersInvitéAppDataLocalGoogleChromeUser DataDefaultExtensionskngejcchcedjdemdaeneneeahmjnpaec
    Dossier Supprimé : C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsdbimmdaonomhopofmbjjcmijhokcipol
    Dossier Supprimé : C:UsersInvitéAppDataLocalGoogleChromeUser DataDefaultExtensionsdbimmdaonomhopofmbjjcmijhokcipol
    Dossier Supprimé : C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsepdnhilkipolljnjahoohnncmpmagccn
    Dossier Supprimé : C:UsersInvitéAppDataLocalGoogleChromeUser DataDefaultExtensionsepdnhilkipolljnjahoohnncmpmagccn
    Dossier Supprimé : C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsglhnbleoklgpoibjkomlobbalibmkjkk
    Dossier Supprimé : C:UsersInvitéAppDataLocalGoogleChromeUser DataDefaultExtensionsglhnbleoklgpoibjkomlobbalibmkjkk
    Dossier Supprimé : C:UsersloralexAppDataLocalGoogleChromeUser DataDefaultExtensionsglhnbleoklgpoibjkomlobbalibmkjkk
    Fichier Supprimé : C:UsersInvitéAppDataRoamingMozillaFirefoxProfilesg2o67urq.default.autoreg

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v9.0.8112.16545

    -\ Mozilla Firefox v3.5.7 (fr)

    [ Fichier : C:UsersInvitéAppDataRoamingMozillaFirefoxProfilesg2o67urq.defaultprefs.js ]

    Ligne Supprimée : user_pref(“browser.babylon.HPOnNewTab”, “search.babylon.com”);
    Ligne Supprimée : user_pref(“browser.startup.homepage”, “hxxp://search.babylon.com/home”);
    Ligne Supprimée : user_pref(“keyword.URL”, “hxxp://search.babylon.com/?babsrc=adbartrp&q=”);
    Ligne Supprimée : user_pref(“browser.search.defaultenginename”, “Search the web (Babylon)”);
    Ligne Supprimée : user_pref(“browser.search.defaulturl”, “hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch”);
    Ligne Supprimée : user_pref(“browser.search.selectedEngine”, “Search the web (Babylon)”);
    Ligne Supprimée : user_pref(“browser.search.order.1”, “Search the web (Babylon)”);

    [ Fichier : C:UsersloralexAppDataRoamingMozillaFirefoxProfilesnngfphl8.defaultprefs.js ]

    -\ Google Chrome v34.0.1847.131

    [ Fichier : C:UsersInvitéAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée [Extension] : glhnbleoklgpoibjkomlobbalibmkjkk

    [ Fichier : C:UsersloralexAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée [Extension] : glhnbleoklgpoibjkomlobbalibmkjkk

    *************************

    AdwCleaner[R0].txt – [2517 octets] – [25/04/2014 20:19:04]
    AdwCleaner[R1].txt – [4438 octets] – [06/05/2014 18:05:56]
    AdwCleaner[S0].txt – [2515 octets] – [25/04/2014 20:22:27]
    AdwCleaner[S1].txt – [4405 octets] – [06/05/2014 18:08:48]

    ########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [4465 octets] ##########[/spoiler:25irwzp7]

    Malware:
    [spoiler:25irwzp7]Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Date de l'examen: 06/05/2014
    Heure de l'examen: 19:00:15
    Fichier journal: m.txt
    Administrateur: Oui

    Version: 2.00.1.1004
    Base de données Malveillants: v2014.05.06.07
    Base de données Rootkits: v2014.03.27.01
    Licence: Essai
    Protection contre les malveillants: Activé(e)
    Protection contre les sites Web malveillants: Activé(e)
    Chameleon: Désactivé(e)

    Système d'exploitation: Windows Vista Service Pack 2
    Processeur: x86
    Système de fichiers: NTFS
    Utilisateur: loralex

    Type d'examen: Examen “Menaces”
    Résultat: Terminé
    Objets analysés: 294724
    Temps écoulé: 15 min, 16 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Désactivé(e)
    Shuriken: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Clés du Registre: 26
    Adware.DoubleD, HKUS-1-5-21-554854158-507584152-3863558443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTEXPLORERBARS{B72681C0-A222-4b21-A0E2-53A5A5CA3D411}, Mis en quarantaine, [d15e52fcf982e056c54047f36999d32d],
    Adware.DoubleD, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTEXPLORERBARS{B72681C0-A222-4B21-A0E2-53A5A5CA3D411}, Mis en quarantaine, [d15e52fcf982e056c54047f36999d32d],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTEXPLORERBARS{CAC89FF9-34A9-4431-8CFE-292A47F843BC}, Mis en quarantaine, [85aa65e9a4d791a5a8b89f9aea18738d],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTEXPLORERBARS{CAC89FF9-34A9-4431-8CFE-292A47F843BC}, Mis en quarantaine, [85aa65e9a4d791a5a8b89f9aea18738d],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{CAC89FF9-34A9-4431-8CFE-292A47F843BC}, Mis en quarantaine, [85aa65e9a4d791a5a8b89f9aea18738d],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{CAC89FF9-34A9-4431-8CFE-292A47F843BC}, Mis en quarantaine, [85aa65e9a4d791a5a8b89f9aea18738d],
    Adware.DoubleD, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTINTERNET EXPLORERSEARCHSCOPES{342168F8-AE4A-41E8-A6B5-8FB9FECBEF37}, Mis en quarantaine, [b07fff4f1665f2448f5fe752758dc43c],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}, Mis en quarantaine, [59d6aba3463546f0a4b6ba7fb151a45c],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}, Mis en quarantaine, [59d6aba3463546f0a4b6ba7fb151a45c],
    PUP.Optional.ConduitTB.A, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{30F9B915-B755-4826-820B-08FBA6BD249D}, Mis en quarantaine, [68c794ba0c6f3ff7a70db9661ee4a957],
    PUP.Optional.ConduitTB.A, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{30F9B915-B755-4826-820B-08FBA6BD249D}, Mis en quarantaine, [68c794ba0c6f3ff7a70db9661ee4a957],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{42C7C39F-3128-4A17-BDB7-91C46032B5B9}, Mis en quarantaine, [e847aca2463568cebda02a0f05fda65a],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{42C7C39F-3128-4A17-BDB7-91C46032B5B9}, Mis en quarantaine, [e847aca2463568cebda02a0f05fda65a],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}, Mis en quarantaine, [78b75bf3a1da53e3134cc57428dafb05],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}, Mis en quarantaine, [78b75bf3a1da53e3134cc57428dafb05],
    Adware.DoubleD, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}, Mis en quarantaine, [69c629252e4d6cca0a028fab5aa841bf],
    Adware.DoubleD, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}, Mis en quarantaine, [69c629252e4d6cca0a028fab5aa841bf],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}, Mis en quarantaine, [1a153618ec8f1323e57d07321ae8bb45],
    Adware.Agent, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}, Mis en quarantaine, [1a153618ec8f1323e57d07321ae8bb45],
    PUP.Optional.SweetPacks, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{EEE6C35C-6118-11DC-9C72-001320C79847}, Mis en quarantaine, [9a95cc8284f7eb4b36a674afb44ee51b],
    PUP.Optional.SweetPacks, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{EEE6C35C-6118-11DC-9C72-001320C79847}, Mis en quarantaine, [9a95cc8284f7eb4b36a674afb44ee51b],
    Adware.DoubleD, HKLMSOFTWAREAPPDATALOWSOFTWAREInternet Today, Mis en quarantaine, [250a1b33d6a5a195d73c25e5f0139e62],
    Adware.DoubleD, HKUS-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTINTERNET EXPLORERMENUEXT&Funband Serach, Mis en quarantaine, [68c74b031e5dd16535d87e8034cea858],
    PUP.Optional.BabylonToolBar.A, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREBabylonToolbar, Mis en quarantaine, [e7480a441467979ff5055256e71cde22],
    PUP.Optional.DataMngr.A, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREDataMngr, Mis en quarantaine, [c56a5ef064170c2a0b152b7a31d27987],
    PUP.Optional.PriceGong.A, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREAPPDATALOWSOFTWAREPriceGong, Mis en quarantaine, [f93672dc4d2e1f174126fc8d16ecf30d],

    Valeurs du Registre: 5
    Adware.DoubleD, HKLMSOFTWAREMOZILLAFIREFOXEXTENSIONS{40f1eb95-4de4-4f36-a826-054ee36bb905}, Mis en quarantaine, [052ac787e893d85eb73cc9709e6404fc],
    Adware.DoubleD, HKLMSOFTWAREMOZILLAFIREFOXEXTENSIONS|{40F1EB95-4DE4-4F36-A826-054EE36BB905}, C:Program FilesGameztar Toolbar2.1.3.6670FFToolbar, Mis en quarantaine, [052ac787e893d85eb73cc9709e6404fc]
    Malware.Trace, HKLMSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONINTERNET SETTINGS5.0USER AGENTPOST PLATFORM|SRS_IT_E8790472B576585132A896, Mis en quarantaine, [aa85ec6277043cfa31d6bf5647bc33cd],
    Adware.DoubleD, HKLMSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONINTERNET SETTINGSUSER AGENTPOST PLATFORM|VB_gameztar, Mis en quarantaine, [5cd3bc9219624aece726799ce91adf21],
    Adware.DoubleD, HKUS-1-5-21-554854158-507584152-3863558443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN|VideoBarApp, C:Program FilesGameztar Toolbar2.1.3.6670mvbapp.exe, Mis en quarantaine, [141bd7772b5089ad4e9221e4c53e16ea]

    Données du Registre: 0
    (No malicious items detected)

    Dossiers: 0
    (No malicious items detected)

    Fichiers: 30
    Adware.Hotbar, C:Tempxvid-win32.exe, Mis en quarantaine, [4de20648d7a41125f172553944bca35d],
    PUP.Optional.MultiPlug.A, C:UsersloralexAppDataLocalTempdown.6464.ytab_setup.exe, Mis en quarantaine, [e94662ecf28988aed8aeeae4e91a5aa6],
    PUP.Optional.MultiPlug.A, C:UsersloralexAppDataLocalTemp{1798F407-4ED3-4411-A6FA-06F1CC7BD6F1}AddonsextIE_setup.exe, Mis en quarantaine, [46e9b5998af173c353339b3359aa0df3],
    PUP.Optional.MultiPlug.A, C:UsersloralexAppDataLocalTemp{1798F407-4ED3-4411-A6FA-06F1CC7BD6F1}Addonsext_setup.exe, Mis en quarantaine, [51de70deb9c2f83ecdb98d417b88ae52],
    Adware.QuestBrowse, C:WindowsTempQUE572A.tmpupgrade.exe, Mis en quarantaine, [81ae8ac4fe7d53e3e9dd0fde9d66f30d],
    Adware.QuestBrowse, C:WindowsTempQUEC4A4.tmpupgrade.exe, Mis en quarantaine, [64cbff4fc9b2da5c9f05559830d3827e],
    PUP.Optional.Somoto, C:UsersloralexDownloadsVLCMediaPlayerSetup-3LVuJHL.exe, Mis en quarantaine, [77b83816e596b284d024fe6048bc768a],
    PUP.BundleInstaller.DW, C:UsersloralexDownloadsSexy.Dance.4.(2012).FRENCH.DVDRip (1).exe, Mis en quarantaine, [f738df6f790249ed06381ae824dde31d],
    PUP.BundleInstaller.DW, C:UsersloralexDownloadsSexy.Dance.4.(2012).FRENCH.DVDRip.exe, Mis en quarantaine, [bd7277d74536b2842c12d23022df6a96],
    PUP.BundleInstaller.DW, C:UsersloralexDownloadsSexy_Dance_4 (1).exe, Mis en quarantaine, [49e6024cdf9ca393b48a6e94d031a55b],
    PUP.BundleInstaller.DW, C:UsersloralexDownloadsSexy_Dance_4.exe, Mis en quarantaine, [80af1f2f5a21f93d87b7aa584bb64ab6],
    PUP.Optional.InstallCore.A, C:UsersloralexDownloadsfree-dwg-viewer-6-3-0-18-es-en-win-setup.exe, Mis en quarantaine, [fd32d07eec8fd75f37aee234ee13d62a],
    PUP.Optional.OpenCandy, C:UsersloralexDownloadsFreemakeVideoConverterSetup.exe, Mis en quarantaine, [8ca38ac418631f17371c8c7fb44d0ef2],
    PUP.Optional.Installrex, C:UsersloralexDownloadsRather Be – Clean Bandit feat Jess Glynne Lyrics.mp3.exe, Mis en quarantaine, [8da2af9f8bf0999df9b6a4c6dd247d83],
    PUP.Optional.Installrex, C:UsersloralexDownloadsRather_Be_-_Clean_Bandit_feat_Jess_Glynne_Lyrics.mp3.exe, Mis en quarantaine, [ae81331b8af1cb6b129df07aab56cb35],
    PUP.Optional.Installrex, C:UsersloralexDownloadsKaty Perry – Dark Horse %28Audio%29 ft. Juicy J.exe, Mis en quarantaine, [87a84608f586b77f10e0ed5bf30e01ff],
    PUP.Optional.InstalleRex, C:UsersloralexDownloadsCorneille_-_Les_sommets_de_nos_vies_Clip_Officiel.mp3.exe, Mis en quarantaine, [75bada74f5864cea99b0e363e021619f],
    PUP.Optional.Tarma, C:UsersloralexDownloadsHAYCE_LEMSI_ONE-ONE_clip_officiel.mp3.exe, Mis en quarantaine, [4fe02d2139426ccadd2bca85976a649c],
    PUP.Optional.VIT, C:UsersloralexDownloadsinstaller_microsoft_office_visio_professional_2010_English.exe, Mis en quarantaine, [f738123c3744a88e85d80b0703fe6a96],
    PUP.Optional.Installrex, C:UsersloralexDownloadsKaty_Perry_-_Dark_Horse_Audio_ft_Juicy_J.mp3 (1).exe, Mis en quarantaine, [3ef1c08e710a54e2dd1380c81ee3da26],
    PUP.Optional.Installrex, C:UsersloralexDownloadsKaty_Perry_-_Dark_Horse_Audio_ft_Juicy_J.mp3.exe, Mis en quarantaine, [8fa0e6688cef22140ce485c319e88977],
    PUP.Optional.Installrex, C:UsersloralexDownloadsMusique_de_pub_Lacoste_JO_2014_YouampMe_Flume_remix.mp3.exe, Mis en quarantaine, [64cb6ae4700b989e9916096116ebe020],
    PUP.Optional.Softonic, C:UsersloralexDownloadsSoftonicDownloader_pour_autodwg-dwgsee.exe, Mis en quarantaine, [161990be38437eb8193f0bf708f952ae],
    PUP.Optional.OutBrowse, C:UsersloralexDownloadssetup (1).exe, Mis en quarantaine, [8ba464eabcbf0036a6e7e092b948b24e],
    PUP.Optional.OptimumInstaller.A, C:UsersloralexDownloadsSetup.exe, Mis en quarantaine, [3df26be30774ff371847fa51966bfa06],
    PUP.Optional.OneClickDownloader.A, C:UsersloralexDownloadsstreamhunter_download.exe, Mis en quarantaine, [e04fa0ae0873072fb9f2c44bd52cfb05],
    PUP.Optional.InstalleRex, C:UsersloralexDownloadsStromae РFormidable %28ceci n%27est pas une le̤on%29.exe, Mis en quarantaine, [77b88ec0ccaff1452722232353ae738d],
    PUP.Optional.Bubbledock.A, C:UsersloralexAppDataRoamingBubble Dock.boostrap.log, Mis en quarantaine, [0c23bf8f57242b0ba6e48fff30d2d030],
    Malware.Trace, C:UsersloralexFavoritesMyQuickFinder.url, Mis en quarantaine, [4ce3014da1da7bbb9a8f6e580af8fa06],
    PUP.Optional.Searchqu.A, C:UsersloralexAppDataRoamingMozillaExtensions{1FD91A9C-410C-4090-BBCC-55D3450EF433}, Mis en quarantaine, [72bd6de1e49752e49f15198c4cb7946c],

    Secteurs physiques: 0
    (No malicious items detected)

    (end)[/spoiler:25irwzp7]

    ZHP:
    [spoiler:25irwzp7]~ Rapport de ZHPDiag v2014.5.5.55 – Nicolas Coolman (05/05/2014)
    ~ Lancé par loralex (06/05/2014 19:10:35)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v9.0.8112.16421
    MFIE: Mozilla Firefox v3.5.7 (fr)
    GCIE: Google Chrome v34.0.1847.131 (Defaut)
    OBIE: Safari v5.34.57.2

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Vista, OEM_COA_NSLP channel
    Windows ID Activation : OK
    ~ Windows Partial Key : G4VJ6
    Windows License : OK
    Windows Automatic Updates : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2018
    Malwarebytes Anti-Malware version 2.0.1.1004

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 13 Plugin
    Adobe Reader X

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 2806 MB (49% free)
    System Restore: Activé (Enable)
    System drive C: has 87 GB (29%) free of 298 GB

    —\ Mode de connexion au système
    ~ Computer Name: PC-DE-LORALEX
    ~ User Name: loralex
    ~ All Users Names: loralex, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersloralexAppDataRoamingZHP
    ~ %AppData% : C:UsersloralexAppDataRoaming
    ~ %Desktop% : C:UsersloralexDesktop
    ~ %Favorites% : C:UsersloralexFavorites
    ~ %LocalAppData% : C:UsersloralexAppDataLocal
    ~ %StartMenu% : C:UsersloralexAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 87 Go of 298 Go)
    D: Floppy drive, Flash card reader, USB Key (Not Inserted)
    F: Floppy drive, Flash card reader, USB Key (Not Inserted)
    G: Floppy drive, Flash card reader, USB Key (Not Inserted)
    H: CD-ROM drive (Not Inserted)
    I: Floppy drive, Flash card reader, USB Key (Not Inserted)
    K: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 45 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.D07D4C3038F3578FFCE1C0237F2A1253] – (.Microsoft Corporation – Explorateur Windows.) (.10/04/2009 – 23:27:38.) — C:WindowsExplorer.exe [2926592]
    [MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.19/01/2008 – 08:33:37.) — C:WindowsSystem32Wininit.exe [96768]
    [MD5.62077F806BC59CBD5A404338D710D133] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.08/03/2014 – 00:02:07.) — C:WindowsSystem32wininet.dll [1129472]
    [MD5.898E7C06A350D4A1A64A9EA264D55452] – (.Microsoft Corporation – Application d'ouverture de session Windows.) (.10/04/2009 – 23:28:14.) — C:WindowsSystem32Winlogon.exe [314368]
    [MD5.3911B972B55FEA0478476B2E777B29FA] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.21/04/2011 – 14:58:27.) — C:Windowssystem32DriversAFD.sys [273408]
    [MD5.1F05B78AB91C9075565A9D8A4B880BC4] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.10/04/2009 – 23:32:28.) — C:Windowssystem32Driversatapi.sys [19944]
    [MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.19/01/2008 – 06:28:02.) — C:Windowssystem32DriversCdfs.sys [70144]
    [MD5.6B4BFFB9BECD728097024276430DB314] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.10/04/2009 – 21:39:18.) — C:Windowssystem32DriversCdrom.sys [67072]
    [MD5.622C41A07CA7E6DD91770F50D532CB6C] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:59:03.) — C:Windowssystem32DriversDfsC.sys [75264]
    [MD5.062452B7FFD68C8C042A6261FE8DFF4A] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.10/04/2009 – 21:42:44.) — C:Windowssystem32DriversHDAudBus.sys [561152]
    [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.19/01/2008 – 06:49:18.) — C:Windowssystem32Driversi8042prt.sys [54784]
    [MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.19/01/2008 – 06:56:28.) — C:Windowssystem32DriversIpNat.sys [100864]
    [MD5.1E94971C4B446AB2290DEB71D01CF0C2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 14:24:40.) — C:Windowssystem32DriversMRxSmb.sys [106496]
    [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] – (.Microsoft Corporation – MBT Transport driver.) (.10/04/2009 – 21:45:38.) — C:Windowssystem32DriversnetBT.sys [185856]
    [MD5.2C1121F2B87E9A6B12485DF53CD848C7] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.03/03/2013 – 20:07:52.) — C:Windowssystem32Driversntfs.sys [1082232]
    [MD5.8A79FDF04A73428597E2CAF9D0D67850] – (.Microsoft Corporation – Pilote de port parallèle.) (.19/01/2008 – 06:49:33.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.19/01/2008 – 06:56:34.) — C:Windowssystem32DriversRasl2tp.sys [76288]
    [MD5.E8BD98D46F2ED77132BA927FCCB47D8B] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.02/11/2006 – 10:03:00.) — C:Windowssystem32Driversrdpdr.sys [242688]
    [MD5.7B75299A4D201D6A6533603D6914AB04] – (.Microsoft Corporation – SMB Transport driver.) (.10/04/2009 – 21:45:24.) — C:Windowssystem32Driverssmb.sys [66560]
    [MD5.76B06EB8A01FC8624D699E7045303E54] – (.Microsoft Corporation – TDI Translation Driver.) (.10/04/2009 – 21:45:58.) — C:Windowssystem32Driverstdx.sys [72192]
    [MD5.786DB5771F05EF300390399F626BF30A] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/08/2012 – 12:47:42.) — C:Windowssystem32Driversvolsnap.sys [224640]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 37/5275
    ~ Mes musiques (My Musics) : 11/1009
    ~ Mes Videos (My Videos) : 1/26
    ~ Mes Favoris (My Favorites) : 1/23
    ~ Mes Documents (My Documents) : 2/5746
    ~ Mon Bureau (My Desktop) : 1/3042
    ~ Menu demarrer (Programs) : 1/39
    ~ Hidden Files: Scanned in 00mn 21s

    —\ Processus lancés
    [MD5.143ECB242AF6ECE366AB477828E29D44] – (…) — C:Program FilesOrangeOrange InstallerOrangeInstaller.exe [561320] [PID.2256]
    [MD5.B9D46F4AF090D265ACAB0BB4D9D8C864] – (.Orange – Assistance Livebox.) — C:Program FilesOrangeAssistance LiveboxAssistanceLivebox.exe [146832] [PID.2272]
    [MD5.FE6E15CC578C3278755CDDFF70C2787D] – (.Logitech Inc. – ImageStudio Tray Application.) — C:Program FilesLogitechVideoLogiTray.exe [217088] [PID.2748]
    [MD5.B93C4070F24E46B0097648C276B5039E] – (.Hewlett-Packard Co. – Hewlett-Packard Product Assistant.) — C:Program FilesHPHP Software UpdatehpwuSchd2.exe [49152] [PID.2756]
    [MD5.47C1DE0A890613FFCFF1D67648EEDF90] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [937920] [PID.2764]
    [MD5.FF70A439B01C1373AB396275BF93E1AA] – (.Analog Devices, Inc. – SMax4PNP.) — C:Program FilesAnalog DevicesCoresmax4pnp.exe [868352] [PID.2924]
    [MD5.0B692C328AF648AD478A967C21DD7936] – (.Pas de propriétaire – AgentMon Application.) — C:Program FilesVTechDownloadManagerSystemAgentMonitor.exe [391040] [PID.3164]
    [MD5.62671FD60D37214538CC44D0D603BC21] – (.Wondershare – Wondershare Studio.) — C:Program FilesCommon FilesWondershareWondershare Helper CompactWSHelper.exe [1980416] [PID.3284]
    [MD5.3E364978E4C74D3BCEA29FB41743CB5A] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [3873704] [PID.3488]
    [MD5.CE8D6FF5BEDDA023F7A1BB3FA34130DE] – (.Nero AG – Nero Home.) — C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [143360] [PID.3724]
    [MD5.BF08674925F151BD4537B89A493E3E0C] – (.Microsoft Corporation – Media Center Tray Applet.) — C:Windowsehomeehtray.exe [125952] [PID.3748]
    [MD5.182E32D1CB932FAF9E9076A55D0706AE] – (.Orange – MailNotifier.) — C:Program FilesOrangeMailNotifierMailNotifier.exe [883800] [PID.3976]
    [MD5.41AD6110110A2E89957F831DCBFAF892] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes Anti-Malwarembam.exe [6963512] [PID.3988]
    [MD5.1BA45CDEF852381DA4A95D056DDB4B48] – (.Hewlett-Packard Co. – HP Digital Imaging Monitor.) — C:Program FilesHPDigital Imagingbinhpqtra08.exe [210520] [PID.4040]
    [MD5.0F4195B9B348DE5CF9B822F81704B20E] – (.Microsoft Corporation – Media Center Media Status Aggregator Servic.) — C:Windowsehomeehmsas.exe [37376] [PID.2712]
    [MD5.4D7659E640A60CF69DF6911CDDCF9788] – (.Nero AG – Nero Home.) — C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe [905216] [PID.900]
    [MD5.6080A176D09435FC8E6E800996656E18] – (.Microsoft Corporation – Console IME.) — C:Windowssystem32conime.exe [69120] [PID.3852]
    [MD5.EF5C04A14534EBB3D5D6DBBC295639EE] – (.Orange – Assistance Livebox.) — C:Program FilesOrangeAssistance LiveboxdistST2.exe [14088080] [PID.2064]
    [MD5.C77194C94AA796FD237FDDC3A0E420E5] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [7871488] [PID.3532]
    [MD5.862BB4CBC05D80C5B45BE430E5EF872F] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [3408896] [PID.1316]
    [MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [50344] [PID.1620]
    [MD5.11A52CF7B265631DEEB24C6149309EFF] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program FilesCommon FilesAdobeARM1.0armsvc.exe [64952] [PID.2220]
    [MD5.30E3850F303EAE5C364782EA78579CC9] – (.Apple Inc. – MobileDeviceService.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [55624] [PID.2244]
    [MD5.0E08BDD7326E657D59DB40BAD23D8169] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe [1809720] [PID.2600]
    [MD5.A8E7F3DB083EB0839DFC1C763CDD2594] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes Anti-Malwarembamservice.exe [857912] [PID.2732]
    [MD5.C4EBBBD7165BE535F0BFD06B80601D91] – (.Nero AG – Nero Home.) — C:Program FilesCommon FilesAheadLibNMIndexingService.exe [262144] [PID.4964]
    [MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] – (.Microsoft Corporation – Programme d’installation de modules Windows.) — C:WindowsservicingTrustedInstaller.exe [39424] [PID.4540]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersloralexAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 11 Legitimates Filtered in 00mn 31s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersloralexAppDataRoamingMozillaFirefoxProfilesnngfphl8.defaultprefs.js
    M3 – MFPP: Plugins – [loralex] — C:UsersloralexAppDataRoamingMozillaFirefoxProfilesnngfphl8.defaultsearchpluginslive-search.xml
    M2 – MFEP: prefs.js [loralex – nngfphl8.default{a7c6cf7f-112c-4500-a7ea-39801a327e5f}] [] FireFTP v1.0.6 (..)
    ~ Firefox Browser: 55 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [LogitechVideoRepair] . (.Logitech Inc. – Logitech QuickCam Startup Application.) — C:Program FilesLogitechVideoISStart.exe
    O4 – HKLM..Run: [LogitechVideoTray] . (.Logitech Inc. – ImageStudio Tray Application.) — C:Program FilesLogitechVideoLogiTray.exe
    O4 – HKLM..Run: [HP Software Update] . (.Hewlett-Packard Co. – Hewlett-Packard Product Assistant.) — C:Program FilesHPHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Run: [SoundMAXPnP] . (.Analog Devices, Inc. – SMax4PNP.) — C:Program FilesAnalog DevicesCoresmax4pnp.exe
    O4 – HKLM..Run: [AgentMonitor] . (.Pas de propriétaire – AgentMon Application.) — C:Program FilesVTechDownloadManagerSystemAgentMonitor.exe
    O4 – HKLM..Run: [AppleSyncNotifier] . (.Apple Inc. – AppleSyncNotifier.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
    O4 – HKLM..Run: [Wondershare Helper Compact.exe] . (.Wondershare – Wondershare Studio.) — C:Program FilesCommon FilesWondershareWondershare Helper CompactWSHelper.exe
    O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [MsnMsgr] ~”C:Program FilesWindows LiveMessengerMsnMsgr.exe (.not file.)
    O4 – HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG – Nero Home.) — C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
    O4 – HKCU..Run: [ehTray.exe] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WindowsehomeehTray.exe
    O4 – HKCU..Run: [Facebook Update] . (.Facebook Inc. – Programme d'installation de Facebook.) — C:UsersloralexAppDataLocalFacebookUpdateFacebookUpdate.exe
    O4 – HKCU..Run: [orangeinside] . (.Orange – Executable Orange Inside.) — C:UsersloralexAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
    O4 – HKCU..Run: [Orange Installer] . (…) — C:Program FilesOrangeOrange InstallerOrangeInstaller.exe
    O4 – HKCU..Run: [MailNotifier] . (.Orange – MailNotifier.) — C:Program FilesOrangeMailNotifierMailNotifier.exe
    O4 – HKCU..Run: [LogitechSoftwareUpdate] . (.Logitech Inc. – Logitech Software Update.) — C:Program FilesLogitechVideoManifestEngine.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-554854158-507584152-3863558443-1000..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-554854158-507584152-3863558443-1000..Run: [MsnMsgr] ~”C:Program FilesWindows LiveMessengerMsnMsgr.exe (.not file.)
    O4 – HKUSS-1-5-21-554854158-507584152-3863558443-1000..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG – Nero Home.) — C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
    O4 – HKUSS-1-5-21-554854158-507584152-3863558443-1000..Run: [ehTray.exe] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WindowsehomeehTray.exe
    O4 – HKUSS-1-5-21-554854158-507584152-3863558443-1000..Run: [Facebook Update] . (.Facebook Inc. – Programme d'installation de Facebook.) — C:UsersloralexAppDataLocalFacebookUpdateFacebookUpdate.exe
    O4 – HKUSS-1-5-21-554854158-507584152-3863558443-1000..Run: [orangeinside] . (.Orange – Executable Orange Inside.) — C:UsersloralexAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
    O4 – HKUSS-1-5-21-554854158-507584152-3863558443-1000..Run: [Orange Installer] . (…) — C:Program FilesOrangeOrange InstallerOrangeInstaller.exe
    O4 – HKUSS-1-5-21-554854158-507584152-3863558443-1000..Run: [MailNotifier] . (.Orange – MailNotifier.) — C:Program FilesOrangeMailNotifierMailNotifier.exe
    O4 – HKUSS-1-5-21-554854158-507584152-3863558443-1000..Run: [LogitechSoftwareUpdate] . (.Logitech Inc. – Logitech Software Update.) — C:Program FilesLogitechVideoManifestEngine.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} ((no name)) – https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ((no name)) – http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) – http://www.photoweb.fr/telechargement/telechargement-photoweb-5.5.6.0.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) – http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} ((no name)) – https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) – http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) – http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab” onclick=”window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{344AD49A-E233-45A5-A2D9-B2E1284BEB91}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{84ED39B9-788C-46ED-A931-8D1B2A09E1B0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{AE0304E1-DC9D-4278-923E-5D772FB0AE91}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{344AD49A-E233-45A5-A2D9-B2E1284BEB91}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{84ED39B9-788C-46ED-A931-8D1B2A09E1B0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{AE0304E1-DC9D-4278-923E-5D772FB0AE91}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{344AD49A-E233-45A5-A2D9-B2E1284BEB91}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{84ED39B9-788C-46ED-A931-8D1B2A09E1B0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{344AD49A-E233-45A5-A2D9-B2E1284BEB91}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{84ED39B9-788C-46ED-A931-8D1B2A09E1B0}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:Windowssystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l'interface utilisateur du.) — C:WindowsSystem32browseui.dll
    ~ STS/SSO: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.107EA08E72D280B8D5DE1A5DC2E5CBE1] [APT] [{F3F79A0D-5650-416E-BF07-135B718FA13C}] (.SoftwareNetz.) — C:Windowssnui.exe [181344]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-554854158-507584152-3863558443-1000Core [1082]
    O39 – APT: – (..) — C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-554854158-507584152-3863558443-1000UA [1104]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1052]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1056]
    ~ Scheduled Task: 18 Legitimates Filtered in 00mn 05s

    —\ Logiciels installés (O42)
    O42 – Logiciel: soafewEb – (.SaafEwweb.) [HKLM] — {497C131E-2032-051B-B32A-C69A960FBB13} =>PUP.SafeWeb
    ~ Logic: 22 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareWSVCUPlugin]
    ~ Key Software: 287 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 20/12/2010 – 20:15:37 – [] —-D C:Program FilesDoodle Jump PC
    O43 – CFD: 02/11/2013 – 13:25:04 – [] —-D C:Program FilesEssentielb
    O43 – CFD: 18/10/2009 – 12:42:04 – [] —-D C:Program FilesPressePapier
    O43 – CFD: 19/03/2012 – 20:47:48 – [] —-D C:ProgramData3096
    O43 – CFD: 05/04/2014 – 16:28:36 – [] —-D C:ProgramDatae0e0c47e12164d55
    O43 – CFD: 05/04/2014 – 16:27:40 – [] —-D C:ProgramDataInstallMate =>PUP.Tarma
    O43 – CFD: 03/01/2014 – 16:13:49 – [] -SH-D C:ProgramData{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
    O43 – CFD: 29/06/2013 – 17:16:39 – [0] —-D C:ProgramData䇘8㺈80
    O43 – CFD: 29/06/2013 – 12:02:58 – [0] —-D C:ProgramData䇘¿㺈¿0
    O43 – CFD: 26/03/2013 – 19:37:36 – [0] —-D C:ProgramData䇘Í㺈Í0
    O43 – CFD: 07/07/2013 – 16:41:50 – [0] —-D C:ProgramData䇘ý㺈ý0
    O43 – CFD: 29/06/2013 – 12:35:48 – [0] —-D C:ProgramData䇘ƨ㺈ƨ0
    O43 – CFD: 07/07/2013 – 14:34:33 – [0] —-D C:ProgramData䇘ƴ㺈ƴ0
    O43 – CFD: 28/06/2013 – 18:47:12 – [0] —-D C:ProgramData䇘ǂ㺈ǂ0
    O43 – CFD: 25/03/2013 – 19:11:20 – [0] —-D C:ProgramData䇘DŽ㺈DŽ0
    O43 – CFD: 27/06/2013 – 18:10:27 – [0] —-D C:ProgramData䇘LJ㺈LJ0
    O43 – CFD: 03/07/2013 – 15:26:17 – [0] —-D C:ProgramData䇘ǎ㺈ǎ0
    O43 – CFD: 26/03/2013 – 22:12:24 – [0] —-D C:ProgramData䇘Ǧ㺈Ǧ0
    O43 – CFD: 26/06/2013 – 21:11:50 – [0] —-D C:ProgramData䇘Ǩ㺈Ǩ0
    O43 – CFD: 30/03/2013 – 12:06:07 – [0] —-D C:ProgramData䇘ǭ㺈ǭ0
    O43 – CFD: 03/07/2013 – 15:49:30 – [0] —-D C:ProgramData䇘Ƕ㺈Ƕ0
    O43 – CFD: 06/07/2013 – 08:43:44 – [0] —-D C:ProgramData䇘ǿ㺈ǿ0
    O43 – CFD: 29/03/2013 – 20:43:26 – [0] —-D C:ProgramData䇘ȋ㺈ȋ0
    O43 – CFD: 30/06/2013 – 15:18:39 – [0] —-D C:ProgramData䇘ȓ㺈ȓ0
    O43 – CFD: 26/06/2013 – 18:19:16 – [0] —-D C:ProgramData䈰$㺘$
    O43 – CFD: 12/01/2014 – 17:28:31 – [] —-D C:UsersloralexAppDataRoamingShareaza
    O43 – CFD: 05/03/2014 – 13:38:47 – [0] —-D C:UsersloralexAppDataRoaming{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
    O43 – CFD: 06/08/2008 – 13:07:28 – [] —-D C:UsersloralexAppDataLocalShareaza
    O43 – CFD: 20/12/2010 – 20:15:11 – [] —-D C:UsersloralexAppDataRoamingMicrosoftWindowsStart MenuProgramsDoodle Jump PC
    O43 – CFD: 02/11/2013 – 13:25:05 – [] —-D C:UsersloralexAppDataRoamingMicrosoftWindowsStart MenuProgramsEssentielb
    ~ Program Folder: 248 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] – 23/04/2014 – 09:04:39 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [24184]
    O44 – LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] – 25/04/2014 – 19:20:40 —A- . (.SQLite Development Team – SQLite Dynamic Link Library (No TCL).) — C:WindowsSystem32sqlite3.dll [536576]
    ~ Files: 27 Legitimates Filtered in 00mn 35s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    ~ MWPS: 18 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:02/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:02/11/2006 – 08:09:45 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:02/11/2006 – 08:09:41 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:02/11/2006 – 08:09:29 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:02/11/2006 – 08:09:35 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:02/11/2006 – 08:09:38 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:02/11/2006 – 08:09:40 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:02/11/2006 – 08:09:31 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:02/11/2006 – 08:09:20 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:02/11/2006 – 08:09:23 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:02/11/2006 – 08:09:24 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:02/11/2006 – 08:09:26 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:02/11/2006 – 08:09:22 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 16 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 06/05/2014 – 19:13:34 —A- . (…) — C:UsersloralexDesktopadwcleaner (1).exe [1316991]
    ~ 325 Fichiers temporaires (Temporary files)
    ~ 1898 Fichiers cookies (Cookies files)
    ~ Files: 5 Legitimates Filtered in 00mn 30s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 23/04/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    ~ Legacy: 82 Legitimates Filtered in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: < .html> [HKCU..openCommand] (.Not Key.)
    O67 – Shell Spawning: < .com> <>[HKU..openCommand] (.Not Key.)
    O67 – Shell Spawning: < .exe> <>[HKU..openCommand] (.Not Key.)
    ~ FASS Keys: 13 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Apple Inc. – Safari.) — C:Program FilesSafariSafari.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {4B8E3E6C-6CD6-4E03-9399-3AE5F072A589} – (Yahoo! Search) – http://search.yahoo.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} – (Orange) – http://r.orange.fr” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][06/05/2014] (…) — C:UsersloralexDesktopadwcleaner (1).exe [1316991]
    [MD5.E2DAB3F3FB34846A56381846EC8E5323] [SPRF][22/03/2013] (.Acresso Software Inc. – InstallScript Setup Launcher.) — C:UsersloralexDesktopdwgsee.exe [22073232]
    [MD5.DC38B1B71CB7FF8F4241333B9EC84F03] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Fileslfbmp13n.dll [57344]
    [MD5.6CBA9ECE3186ADEAE144A79E3AC769FE] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Fileslfcmp13n.dll [401408]
    [MD5.BDD316D6479220B8FA2A911262898640] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Fileslfeps13n.dll [65536]
    [MD5.8B83DC9053B8164731B15AF455CBD9A9] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Fileslffax13n.dll [98304]
    [MD5.A63B94BB949D5E836F144A0A754E5451] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Fileslfgif13n.dll [69632]
    [MD5.1E1FDE2FF4B0197EF8A36259244CF142] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Fileslfpcd13n.dll [49152]
    [MD5.9D9CA493D0864DF83D282E2393FE5825] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Fileslfpcx13n.dll [53248]
    [MD5.AD6D6FAC370748775FB9FB33A398BFF9] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Fileslfpng13n.dll [159744]
    [MD5.4A3A0CE4ED63580116A7354E06B42CDF] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Fileslfpsd13n.dll [55808]
    [MD5.BBBE68D622945FF8BC9CE847975B2389] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Fileslftga13n.dll [53248]
    [MD5.333F810C00745C05EDF17D6580A4601E] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Fileslftif13n.dll [155648]
    [MD5.9788C72C2EC7011E6CC40CFDD5CE2251] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Filesltclr13n.dll [1693696]
    [MD5.55D16BEB62D0B6C54CE315F7063FA7A1] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Filesltdis13n.dll [299008]
    [MD5.F56BA445D7D36EB4DDBFE4477BAD594D] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Filesltefx13n.dll [206336]
    [MD5.BF1727ED495670881E18E346D162CA3D] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Filesltfil13n.dll [163840]
    [MD5.209B65395E75CD957E14B8EC3C742A7B] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Filesltimg13n.dll [450560]
    [MD5.CEFC7E62D25BDC3A4501062718D0A65F] [SPRF][20/11/2006] (.LEAD Technologies, Inc. – LEADTOOLS(r) DLL for Win32.) — C:WindowsDownloaded Program Filesltkrn13n.dll [462848]
    [MD5.EF490EFE4C627C125D7034A5878FF7C1] [SPRF][13/08/2007] (.Computer Associates – pest cleaning module.) — C:WindowsDownloaded Program FilesPPClean.exe [476160]
    [MD5.54D6DC8C06E8533792EA900956CD8BD5] [SPRF][13/08/2007] (.CA – eTrust PestPatrol version 5 SDK.) — C:WindowsDownloaded Program Filesppctl.dll [800272]
    [MD5.803B43D713AC2C8CF556583E238DDE6F] [SPRF][13/08/2007] (…) — C:WindowsDownloaded Program Filesppsrindex.dat [30763]
    ~ Files: 35 Legitimates Filtered in 00mn 01s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “059103D1F2AE2884A90A9464776548A2” . (.SweetIM for Messenger 3.3.) — C:WindowsInstaller{1D301950-EA2F-4882-9AA0-49467756842A}ARPPRODUCTICON.exe =>PUP.SweetIM
    ~ Update Products: 1 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Auto 27/07/2009 133104 | (gupdate1ca0eb4c144bc90) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 27/07/2009 133104 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 29/04/2009 182768 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Demand 02/11/2013 553288 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
    SR – | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 23/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
    SR – | Disabled 10/07/1658 0 | (avast! Firewall) . (…) – C:Program FilesAlwil SoftwareAvast5afwServ.exe
    SR – | Demand 19/01/2008 21504 | C:Program FilesHPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 19/01/2008 21504 | C:Program FilesHPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 19/01/2008 21504 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Demand 23/12/2006 262144 | (NMIndexingService) . (.Nero AG.) – C:Program FilesCommon FilesAheadLibNMIndexingService.exe
    SR – | Auto 19/01/2008 21504 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Auto 19/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 19/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 14s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by loralex at 06/05/2014 19:14:42
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys tcpip.sys NETIO.SYS
    ~ MBR: 8 Legitimates Filtered in 00mn 02s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by loralex at 06/05/2014 19:14:44
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13045 – (05/05/2014)
    Clés trouvées (Keys found) : 2
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 0

    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{497C131E-2032-051B-B32A-C69A960FBB13}] =>PUP.SafeWeb^
    [HKLMSoftwareClassesCLSID{1a03f196-9617-4ca0-842b-a83ceecb022b}] =>PUP.SweetIM
    C:ProgramDataInstallMate =>PUP.Tarma^
    ~ Additionnel Scan: 348948 Items scanned in 00mn 47s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.byethost7.com/wordpress/pup-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
    ~ MSI: 2 link(s) detected in 00mn 00s

    ~ 941 Legitimates filtered by white list
    End of the scan (522 lines in 04mn 57s)(0)[/spoiler:25irwzp7]

    En vous remerciant pour votre aide,
    Laura

Le sujet ‘Redirection et pub’ est fermé à de nouvelles réponses.