Répondre à : fichiers clé usb transformés en raccourcis 2016-09-08T13:15:41+00:00
vincent
Post count: 0

voici le rapport:

~ Rapport de ZHPDiag v2013.11.9.20 – Nicolas Coolman (09/11/2013)
~ Lancé par Vincent (09/11/2013 20:36:22)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
GCIE: Google Chrome v30.0.1599.101 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : CGKHQ
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2007
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.2 – Français

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4076 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 355 GB (78%) free of 453 GB

—\ Mode de connexion au système
~ Computer Name: VINCENT-VAIO
~ User Name: Vincent
~ All Users Names: Vincent, tounet, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersVincentAppDataRoamingZHP
~ %AppData% : C:UsersVincentAppDataRoaming
~ %Desktop% : C:UsersVincentDesktop
~ %Favorites% : C:UsersVincentFavorites
~ %LocalAppData% : C:UsersVincentAppDataLocal
~ %StartMenu% : C:UsersVincentAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 355 Go of 453 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 02:10:19.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/3903
~ Mes musiques (My Musics) : 51/483
~ Mes Videos (My Videos) : 2/25
~ Mes Favoris (My Favorites) : 1/63
~ Mes Documents (My Documents) : 1/879
~ Mon Bureau (My Desktop) : 9/3502
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 05s

—\ Processus lancés
[MD5.7373E5ACAFDBEBCDB7864C3C4574F257] – (.Sony Corporation – VAIO Care.) — C:Program FilesSonyVAIO CareVCSpt.exe [55152] [PID.3052]
[MD5.AC32E0F47BB9083BB4164171A4C562A2] – (.Sony Corporation – Media Check Tool.) — C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe [600928] [PID.2140]
[MD5.6912D02CC912B980C8C12F9CDADB8763] – (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote Clipper.) — C:Program Files (x86)EvernoteEvernoteEvernoteClipper.exe [956416] [PID.1452]
[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] – (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [249064] [PID.6124]
[MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] – (.Hewlett-Packard Co. – HP Digital Imaging Monitor.) — C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe [275768] [PID.4728]
[MD5.21293443961A4E2597453EE7A9347F22] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe [54840] [PID.4284]
[MD5.A3A82800FF19B26B94D2327A2F11067E] – (.Adobe Systems Inc. – AcroTray.) — C:Program Files (x86)AdobeAcrobat 10.0Acrobatacrotray.exe [821144] [PID.5680]
[MD5.736E57247F12EACECDB224B8D1F7F187] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3568312] [PID.2948]
[MD5.043FE3C9088BEADC6A9FFC033C84F20F] – (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe [227712] [PID.2248]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] – (…) — ysWOW64RunDll32.exe [0] [PID.4532]
[MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] – (.Hewlett-Packard Co. – HP CUE Status Root.) — C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe [168960] [PID.588]
[MD5.CCC250711E6B5F998DC1B7393233A755] – (.Broadcom Corporation. – Bluetooth Headset Skype Proxy.) — C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe [13600] [PID.3004]
[MD5.9843F58DF3E2908D1FED4DF4B8747E51] – (.Hewlett-Packard Co. – HP CUE Alert Popup Window Objects.) — C:Program Files (x86)HPDigital Imagingbinhpqbam08.exe [559104] [PID.1572]
[MD5.883008A9B5BFF94A153D99DBA54CB5C1] – (.Hewlett-Packard – GPCore COM object.) — C:Program Files (x86)HPDigital Imagingbinhpqgpc01.exe [362496] [PID.1576]
[MD5.3E399A1328181C2A352472369DE2A93A] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [844752] [PID.6276]
[MD5.0C3C47124215C5E566F92C3F2E31D86A] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8192512] [PID.2664]
[MD5.7A189530FD0CFD415DBE41123F8A6A59] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1368]
[MD5.34400005DE52842C4D6D4EE978B4D7CE] – (.Adobe Systems Incorporated – Adobe Photoshop Elements 8.0 (component).) — C:Program Files (x86)AdobeElements Organizer 8.0PhotoshopElementsFileAgent.exe [169312] [PID.1760]
[MD5.3DEBBECF665DCDDE3A95D9B902010817] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [55144] [PID.2108]
[MD5.80E85394D8CD7F84340B1C6F4B9D698F] – (.Sony Corporation – Device Information Provider.) — C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe [367456] [PID.2544]
[MD5.A6A7AD767BF5141665F5C675F671B3E1] – (.Protexis Inc. – PsiService PsiService.) — C:Program Files (x86)Common FilesProtexisLicense ServicePsiService_2.exe [185632] [PID.2608]
[MD5.39B1D0A636A400304565D4521FAD6D77] – (.Microsoft Corporation – Microsoft Application Virtualization Virtua.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [207528] [PID.2996]
[MD5.65CC4779A29C3E82B987BD4961790DFF] – (.Sony Corporation – VAIO Media plus Digital Media Server.) — C:Program Files (x86)Common FilesSony SharedSOHLibSOHDms.exe [423280] [PID.3056]
[MD5.F47D75CEE1844EEF4A9EA6EE768828FB] – (.Sony Corporation – VAIO Media plus Device Searcher.) — C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe [67952] [PID.2116]
[MD5.63F6D08C54D5B3C1B12A6172032055C7] – (.ArcSoft, Inc. – MgiSvr.) — C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe [104960] [PID.2532]
[MD5.A60605FC66552B421EE1F3D4EBB9A4E0] – (.Sony Corporation – VAIO Event Service (Service Module).) — C:Program Files (x86)SonyVAIO Event ServiceVESMgr.exe [217968] [PID.2636]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] – (.Microsoft Corporation – COM Surrogate.) — C:WindowsSysWOW64DllHost.exe [7168] [PID.2644]
[MD5.7BEBF6A5285FFC03C34A7297A4E177CB] – (.Sony Corporation – VCM Intelligent Analyzing Manager.) — C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe [537456] [PID.3124]
[MD5.1D702FFC1B8CDCF76FBCA7740CE510D8] – (.Sony Corporation – VAIO Event Service (Service Sub Module).) — C:Program Files (x86)SonyVAIO Event ServiceVESMgrSub.exe [120176] [PID.3160]
[MD5.E005B04DFCA99F5880C5111933194CA9] – (.Sony Corporation – VCM Intelligent Network Service Manager.) — C:Program FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe [384880] [PID.3272]
[MD5.77C5A741A7452812F278EF2C18478862] – (.Microsoft Corporation – Microsoft Application Virtualization Client.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [523944] [PID.3376]
[MD5.C3E69DB0A4E59564230E053232F39AC7] – (.Sony Corporation – VAIO Media plus Content Importer.) — C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe [108400] [PID.3572]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] – (.Microsoft Corporation – Microsoft Office Client Virtualization Serv.) — C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.exe [822504] [PID.4264]
[MD5.96EFA2698D6B9E2931609A3EA73FC5DC] – (.Sony Corporation – VAIO Content Folder Watcher.) — C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe [851824] [PID.5336]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13336] [PID.6140]
[MD5.213822072085B5BBAD9AF30AB577D817] – (.InterVideo – RegMgr Module.) — C:Program Files (x86)Common FilesInterVideoRegMgriviRegMgr.exe [112152] [PID.2436]
~ Processes Running: Scanned in 00mn 02s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersVincentAppDataLocalGoogleChromeUser DataDefaultPreferences
~ Google Browser: 13 Legitimates Filtered in 00mn 10s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = ;*.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 – Toolbar: Google Toolbar [64Bits] – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Achat de fournitures HP.lnk . (.Hewlett-Packard Development Company L.P. – Shop for HP Supplies.) — C:Program Files (x86)HPHPSSUPPLYhpqSSupply.exe
O4 – GSDesktop [Public]: Cardiac Auscultation.lnk . (.Adobe Systems, Inc. – Adobe Projector.) — C:Program Files (x86)LittmannCardiac AuscultationCardiac Auscultation.exe
O4 – GSProgram [Public]: iGoogle.lnk . (…) — C:Program Files (x86)SonyMFUiGoogle.exe (.not file.)
O4 – GSTaskBar [Vincent]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSDesktop [Vincent]: Downloads.lnk . (…) — C:UsersVincentDownloads
O4 – GSDesktop [Vincent]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Vincent]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
~ Global Startup: 78 Legitimates Filtered in 00mn 03s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: Bluetooth.lnk . (…) — C:Program Files (x86)WIDCOMMBluetooth SoftwareBTTray.exe (.not file.)
O4 – GSStartup [Public]: Evernote Clipper.lnk . (…) — C:WindowsInstaller{F761359C-9CED-45AE-9A51-9D6605CD55C4}Evernote.ico
O4 – GSStartup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. – HP Digital Imaging Monitor.) — C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe =>.Hewlett-Packard Co
O4 – GSStartup [Vincent]: OneNote 2010 – Capture d’écran et lancement.lnk . (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe =>.Microsoft Corporation
O4 – HKLM..Wow6432NodeRun: [PMBVolumeWatcher] . (.Sony Corporation – Media Check Tool.) — C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [Adobe Acrobat Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeAcrobat 10.0AcrobatAcrobat_sl.exe
O4 – HKLM..Wow6432NodeRun: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. – AcroTray.) — C:Program Files (x86)AdobeAcrobat 10.0AcrobatAcrotray.exe
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-18..RunOnce: [SPReview] . (.Microsoft Corporation – SP Reviewer.) — C:WindowsSystem32SPReviewSPReview.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~2Office14ONBttnIE.dll (.not file.)
O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~2Office14ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{1B5E2928-3CE9-4218-B31A-B947B4325E55}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{20F9D14D-FD94-489D-9687-9EEC88FF269A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{1B5E2928-3CE9-4218-B31A-B947B4325E55}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{20F9D14D-FD94-489D-9687-9EEC88FF269A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{1B5E2928-3CE9-4218-B31A-B947B4325E55}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{20F9D14D-FD94-489D-9687-9EEC88FF269A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: Cardiac Auscultation 1.0 – (.medical concepts Bonn.) [HKLM][64Bits] — Cardiac Auscultation
O42 – Logiciel: Yahoo! Toolbar – (…) [HKLM][64Bits] — Yahoo! Companion
~ Logic: 143 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKLMSoftwareWow6432NodeACT]
~ Key Software: 182 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 27/09/2013 – 20:05:34 – [585,519] —-D C:Program Files (x86)Littmann
~ Program Folder: 174 Legitimates Filtered in 00mn 38s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.53892C29324485B61E6275DACEA8D145] – 09/11/2013 – 11:35:09 —A- . (…) — C:Windowswininit.ini [90]
O44 – LFC:[MD5.74884C2D7D29A50B5E8D6EF97E93CE76] – 09/11/2013 – 18:39:50


. (…) — C:UsbFix [Clean 2] VINCENT-VAIO.txt [12071]
O44 – LFC:[MD5.FB22FFD007DF5BCD08D759867CF7A123] – 09/11/2013 – 19:10:00 —A- . (…) — C:UsbFix [Clean 3] VINCENT-VAIO.txt [18428]
O44 – LFC:[MD5.64EA6DA3151EDF80D3F211A44D6225CB] – 30/10/2013 – 15:24:34 —A- . (…) — C:Windowswin.ini [545]
~ Files: 38 Legitimates Filtered in 00mn 03s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.9D77A808C5ECD283551851E50375557C] – 09/11/2013 – 19:42:54 —A- – C:WindowsPrefetchINSTUP.EXE-DCA24DB4.pf
O45 – LFCP:[MD5.856EEC9B4F4DB2AC700033E3AEBC5EA5] – 09/11/2013 – 19:43:22 —A- – C:WindowsPrefetchVCMMGRNOTIFICATION64.EXE-1E7174BF.pf
O45 – LFCP:[MD5.9902F2D98DE1E81E723DAEED30812A0D] – 09/11/2013 – 20:25:11 —A- – C:WindowsPrefetchVCSYSTRAY.EXE-6744AB5E.pf
O45 – LFCP:[MD5.87F7CDBBC970449F0A7CA6B9F3C6E8D7] – 09/11/2013 – 20:30:11 —A- – C:WindowsPrefetchVPMLM.EXE-0A0DD004.pf
~ Prefetcher: 123 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 09/11/2013 – 18:38:38 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
~ Drivers: 18 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 09/11/2013 – 20:38:02 —A- . (…) — C:UsersVincentAppDataLocalGoogleChromeUser DataLocal State [56618]
O61 – LFC: 09/11/2013 – 20:38:13 —A- . (…) — C:UsersVincentAppDataLocalZHPFixReport.txt [583] =>.Nicolas Coolman
O61 – LFC: 09/11/2013 – 20:38:42 —A- . (…) — C:UsersVincentAppDataRoamingMicrosoftTemplatesDocument ThemesOuvrir le bloc-notes.onetoc2 [4936] =>.Microsoft Corporation
O61 – LFC: 09/11/2013 – 20:38:42 —A- . (…) — C:UsersVincentAppDataRoamingMicrosoftTemplatesDocument ThemesTheme ColorsOuvrir le bloc-notes.onetoc2 [3656] =>.Microsoft Corporation
O61 – LFC: 09/11/2013 – 20:38:42 —A- . (…) — C:UsersVincentAppDataRoamingMicrosoftTemplatesDocument ThemesTheme EffectsOuvrir le bloc-notes.onetoc2 [3656] =>.Microsoft Corporation
O61 – LFC: 09/11/2013 – 20:38:42 —A- . (…) — C:UsersVincentAppDataRoamingMicrosoftTemplatesDocument ThemesTheme FontsOuvrir le bloc-notes.onetoc2 [3656] =>.Microsoft Corporation
O61 – LFC: 09/11/2013 – 20:38:43 —A- . (…) — C:UsersVincentAppDataRoamingMicrosoftTemplatesOuvrir le bloc-notes.onetoc2 [4960] =>.Microsoft Corporation
O61 – LFC: 09/11/2013 – 20:38:43 —A- . (…) — C:UsersVincentAppDataRoamingMicrosoftTemplatesSmartArt GraphicsOuvrir le bloc-notes.onetoc2 [3656] =>.Microsoft Corporation
O61 – LFC: 09/11/2013 – 20:38:46 —A- . (…) — C:UsersVincentAppDataRoamingZHPLog.txt [21762] =>.Nicolas Coolman
O61 – LFC: 09/11/2013 – 20:38:46 —A- . (…) — C:UsersVincentAppDataRoamingZHPTestsZHPDiag.txt [2921] =>.Nicolas Coolman
O61 – LFC: 09/11/2013 – 20:38:46 —A- . (…) — C:UsersVincentAppDataRoamingZHPZHPFix[R1].txt [583] =>.Nicolas Coolman
O61 – LFC: 09/11/2013 – 20:38:46 —A- . (…) — C:UsersVincentDownloadsadwcleaner.exe [1073262]
O61 – LFC: 09/11/2013 – 20:38:52 —A- . (.Marie-Christine Alessi.) — C:UsersVincentDownloadsPhysiologie_de_l_Hemostase (2).ppt [4788736]
O61 – LFC: 09/11/2013 – 20:38:53 —A- . (.Marie-Christine Alessi.) — C:UsersVincentDownloadsPhysiologie_de_l_Hemostase (3).ppt [4788736]
O61 – LFC: 09/11/2013 – 20:38:53 —A- . (.Marie-Christine Alessi.) — C:UsersVincentDownloadsPhysiologie_de_l_Hemostase (4).ppt [4788736]
O61 – LFC: 09/11/2013 – 20:38:54 —A- . (.aziza k.) — C:UsersVincentDownloadsSUJET CORRECTION HISTO 3 EMBRYO 1 .doc [73216]
~ 2 Fichiers temporaires (Temporary files)
~ Files: 340 Legitimates Filtered in 01mn 08s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
~ Legacy: 130 Legitimates Filtered in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {30B59420-BDE4-4DE4-B8EB-404131A7E165} – (Zinio) – http://services.zinio.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {3A17F58E-C20B-4406-AAE5-DE5521B8AD09} – (Shopping.com) – http://fr.shopping.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6C8CA959-A3EA-4001-B09E-C58404C5A006} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} – (Orange) – http://r.orange.fr” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {9290D8AB-A8A2-4D5F-8E37-28581C4D3B7D} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false; =>Toolbar.eBay
O69 – SBI: SearchScopes [HKCU] {B9C9515B-3909-4D6F-BCB4-A7EC2E5315E5} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKUS.DEFAULT] {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} – (BasicServe) – http://www.basicserve.com” onclick=”window.open(this.href);return false; =>Adware.BasicScan
O69 – SBI: SearchScopes [HKUSS-1-5-18] {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} – (BasicServe) – http://www.basicserve.com” onclick=”window.open(this.href);return false; =>Adware.BasicScan
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.34C97E06F9EABCD890F845F93DFECEBC] [SPRF][13/08/2011] (…) — C:ProgramDataezsidmv.dat [56]
[MD5.F0EF201A8A7A7311E03281F39B320A99] [SPRF][22/08/2013] (…) — C:ProgramDataKGyGaAvL.sys [952]
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (…) — C:UsersVincentAppDataLocalTempQuarantine.exe [350259]
~ Files: 4 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “{2EF82C96-3B0E-4C71-B29E-2B91EB81E2C8}” |In – Public – P6 – TRUE | .(…) — C:ProgramDataeSafeeGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
~ Firewall: 227 Legitimates Filtered in 00mn 01s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][14/05/2009] (.Builds the Destinations MSI – Builds the Destinations MSI.) — C:WindowsInstaller1d8a281.msi [459264]
[MD5.F5C07345246EC3F11E069B174509F0D0] [WIS][14/08/2010] (.Google Inc. – Google Toolbar for Internet Explorer.) — C:WindowsInstaller3182d.msi [28160] =>Toolbar.Google
~ WIS: 126 Legitimates Filtered in 00mn 51s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
SR – | Auto 09/10/2009 169312 | (AdobeActiveFileMonitor8.0) . (.Adobe Systems Incorporated.) – C:Program Files (x86)AdobeElements Organizer 8.0PhotoshopElementsFileAgent.exe
SS – | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 09/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 08/06/2010 952096 | (btwdins) . (.Broadcom Corporation..) – C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
SR – | Auto 05/03/2010 1425168 | (EvtEng) . (.Intel(R) Corporation.) – C:Program FilesIntelWiFibinEvtEng.exe
SS – | Demand 14/08/2010 867080 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
SS – | Auto 14/08/2010 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 14/08/2010 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 20/08/2012 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SR – | Demand 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 04/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SS – | Demand 08/12/2011 934760 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 04/01/2007 112152 | (IviRegMgr) . (.InterVideo.) – C:Program Files (x86)Common FilesInterVideoRegMgriviRegMgr.exe
SR – | Auto 14/07/2009 27136 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SR – | Auto 01/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) – C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe
SR – | Auto 19/07/2010 159336 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
SS – | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) – C:Program Files (x86)OrangeOrangeUpdateServiceOUCore.exe
SR – | Auto 01/06/2010 367456 | (PMBDeviceInfoProvider) . (.Sony Corporation.) – C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe
SR – | Auto 14/07/2009 27136 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SR – | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) – C:Program Files (x86)Common FilesProtexisLicense ServicePsiService_2.exe
SR – | Auto 05/03/2010 831760 | (RegSrvc) . (.Intel(R) Corporation.) – C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
SS – | Disabled 25/05/2010 252416 | (SampleCollector) . (.Sony Corporation.) – C:Program FilesSonyVAIO CareVCPerfService.exe
SS – | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SR – | Auto 20/06/2010 108400 | (SOHCImp) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe
SR – | Auto 18/06/2010 423280 | (SOHDms) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDms.exe
SR – | Auto 20/06/2010 67952 | (SOHDs) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe
SR – | Demand 06/06/2010 304496 | (SpfService) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformSPFSpfService64.exe
SR – | Auto 18/09/2008 104960 | (uCamMonitor) . (.ArcSoft, Inc..) – C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe
SR – | Auto 31/05/2010 217968 | (VAIO Event Service) . (.Sony Corporation.) – C:Program Files (x86)SonyVAIO Event ServiceVESMgr.exe
SR – | Auto 21/06/2010 575856 | (VAIO Power Management) . (.Sony Corporation.) – C:Program FilesSonyVAIO Power ManagementSPMService.exe
SR – | Auto 17/06/2010 851824 | (VCFw) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe
SR – | Auto 09/06/2010 537456 | (VcmIAlzMgr) . (.Sony Corporation.) – C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe
SR – | Auto 09/06/2010 384880 | (VcmINSMgr) . (.Sony Corporation.) – C:Program FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe
SS – | Demand 09/06/2010 101232 | (VcmXmlIfHelper) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper64.exe
SR – | Auto 08/06/2010 836608 | (VSNService) . (.Sony Corporation.) – C:Program FilesSonyVAIO Smart NetworkVSNService.exe
SR – | Demand 27/10/2011 1429608 | (VUAgent) . (.Sony Corporation.) – C:Program FilesSonyVAIO Update CommonVUAgent.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 53s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by Vincent at 09/11/2013 20:40:24
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Vincent at 09/11/2013 20:40:26

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12993 – (09/11/2013)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstallYahoo! Companion] =>Toolbar.Yahoo
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:WindowsInstaller3182d.msi =>Toolbar.Google^
~ Additionnel Scan: 408058 Items scanned in 00mn 27s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/34702976-toolbar-ebay” onclick=”window.open(this.href);return false; =>Toolbar.eBay
~ http://nicolascoolman.webs.com/apps/blog/show/26712089-adware-basicscan” onclick=”window.open(this.href);return false; =>Adware.BasicScan
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity” onclick=”window.open(this.href);return false; =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo” onclick=”window.open(this.href);return false; =>Toolbar.Yahoo
~ MSI: 6 link(s) detected in 00mn 27s

~ 1671 Legitimates filtered by white list
End of the scan (494 lines in 04mn 31s)(0)