Répondre à : Aide pour désinfection / Ordi lente en titi 2016-09-08T13:19:15+00:00
Sanounette25
Participant
Nombre d'articles : 6

voici les 2 autre rapport. Je manquait d’espace pour mettre les 3 , donc voici les 2 autres ici:

Spoiler for 1cvag318

~ Rapport de ZHPDiag v2013.11.18.39 – Nicolas Coolman (2013-11-18)
~ Lancé par pooh (2013-11-18 21:47:04)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found

—\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 24.0
GCIE: Google Chrome v31.0.1650.57 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

—\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300

—\ Logiciels d'optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 25

—\ Informations sur le système
~ Processor: x86 Family 17 Model 3 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2814 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 186 GB (79%) free of 233 GB

—\ Mode de connexion au système
~ Computer Name: POOH-D86015DC3F
~ User Name: pooh
~ All Users Names: SUPPORT_388945a0, pooh, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:Documents and SettingspoohApplication DataZHP
~ %AppData% : C:Documents and SettingspoohApplication Data
~ %Desktop% : C:Documents and SettingspoohBureau
~ %Favorites% : C:Documents and SettingspoohFavoris
~ %LocalAppData% : C:Documents and SettingspoohLocal SettingsApplication Data
~ %StartMenu% : C:Documents and SettingspoohMenu Démarrer
~ %Windir% : C:WINDOWS
~ %System% : C:WINDOWSsystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 186 Go of 233 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.2008-04-13 – 18:34:04.) — C:WINDOWSExplorer.exe [1037824]
[MD5.F8A2979A0A33389A1D2BA4C967F6EDD6] – (.Microsoft Corporation – Internet Extensions for Win32.) (.2013-10-13 – 02:25:45.) — C:WINDOWSsystem32wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d'ouverture de session Windows NT.) (.2008-04-13 – 18:34:30.) — C:WINDOWSsystem32Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.2011-08-17 – 08:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.2008-04-13 – 10:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.2008-04-13 – 11:14:22.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.2008-04-13 – 10:40:48.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.2008-04-13 – 17:57:40.) — C:WINDOWSsystem32DriversFips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.2008-04-13 – 08:36:06.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.2008-04-13 – 18:00:54.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.2008-04-13 – 10:41:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.2008-04-13 – 10:57:16.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.2008-04-13 – 11:19:44.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.2011-07-15 – 08:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.2008-04-13 – 11:21:02.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.2008-04-13 – 11:15:54.) — C:WINDOWSsystem32Driversntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.2008-04-13 – 18:09:42.) — C:WINDOWSsystem32DriversParport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.2008-04-13 – 11:19:44.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.2008-04-13 – 10:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.2008-04-13 – 17:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.2008-04-13 – 17:56:06.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/108
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 2/3923
~ Mon Bureau (My Desktop) : 1/432
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 09s

—\ Processus lancés
[MD5.9902DFEB0943B70B7358C7B598DE377D] – (.ATI Technologies Inc. – ATI External Event Utility EXE Module.) — C:WINDOWSsystem32Ati2evxx.exe [602112] [PID.816]
[MD5.F9BEED56D7FCDBD4924AC1E628261882] – (.O2Micro International – O2 Flash Memory Service.) — C:WINDOWSsystem32DRIVERSo2flash.exe [72224] [PID.1800]
[MD5.59982DBADF1451C370438C90FEA008CB] – (.LULU Software – Soda PDF 3D Reader Helper Service.) — C:Program FilesSoda PDF 3D ReaderHelperService.exe [1352024] [PID.1888]
[MD5.5B675A95F12A13297D09412B52772B96] – (.LULU Software – Soda PDF 3D Reader Conversion Service.) — C:Program FilesSoda PDF 3D ReaderConversionService.exe [874328] [PID.1944]
[MD5.74AEE81CAF5328B55F262D120C64E9E6] – (.LULU Software Limited – Soda PDF 5 Helper Service.) — C:Program FilesSoda PDF 5HelperService.exe [1097544] [PID.1888]
[MD5.7577D2730D0DFF623D6656CF56718D6F] – (.LULU Software Limited – Soda PDF 5 Conversion Service.) — C:Program FilesSoda PDF 5ConversionService.exe [794440] [PID.1944]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.1464]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512] [PID.1524]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe [532040] [PID.1560]
[MD5.02B17D3C9665E3A49BFCED6DDB773B73] – (.Atheros Communications, Inc. – Atheros Client Utility.) — C:Program FilesQualcomm AtherosACU.exe [474848] [PID.1820]
[MD5.BB1F9614D427716D0D9E9FEFC34CC9A4] – (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe [1434920] [PID.2076]
[MD5.D63797E8E7781EE1500A810CB6194FA6] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesFichiers communsJavaJava Updatejusched.exe [253816] [PID.2092]
[MD5.395BCC9122E705F6586217E32CD01CC9] – (.Hewlett-Packard Co. – ScanToPCActivationApp.) — C:Program FilesHPHP Deskjet 3050A J611 seriesBinScanToPCActivationApp.exe [1837672] [PID.2192]
[MD5.93AD0B78C7357A05F50E594EC7C22300] – (…) — [0] [PID.0]
[MD5.6B87742F27B087AF7FD4ADC2DB685DE0] – (.Advanced Micro Devices Inc. – Catalyst Control Center: Monitoring program.) — C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe [49152] [PID.2620]
[MD5.4C08FB7ACB28689B586D986D3F5826CF] – (.ATI Technologies Inc. – Catalyst Control Centre: Host application.) — C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe [49152] [PID.2784]
[MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:WINDOWSsystem32wuauclt.exe [53784] [PID.3512]
[MD5.636D97B3BAF854511FF3F4093E895FED] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [863184] [PID.2224]
[MD5.74A5D624BD4387DA07766A4315915ED0] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8259072] [PID.3932]
[MD5.135724D3F79E261B63628D75A6DD0817] – (.Hewlett-Packard Co. – HPNetworkCommunicator.) — C:Program FilesHPHP Deskjet 3050A J611 seriesBinHPNetworkCommunicator.exe [673384] [PID.3436]
~ Processes Running: Scanned in 00mn 01s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:Documents and SettingspoohApplication DataMozillaFirefoxProfiles23prefs.js
C:Documents and SettingspoohApplication DataMozillaFirefoxProfiles7f0ksuhi.defaultprefs.js
M2 – MFEP: prefs.js [pooh – 7f0ksuhi.default{0113D088-8ED1-468C-B225-585A9C53B5E3}] [] TopArcadeHits v1.0 (..) =>PUP.ToparcadeHits
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = =>Hijacker.Proxy
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32userinit.exe,
F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1

—\ Browser Helper Objects de navigateur (O2)
O2 – BHO: Soda PDF 3D Reader Helper – {2FE0F895-6D1D-4c80-A20D-18E42DE9B631} . (.LULU Software – Soda PDF 3D Reader Helper.) — C:Program FilesSoda PDF 3D ReaderPDFIEHelper.dll
O2 – BHO: Soda PDF 5 IE Helper – {C737F472-1193-4281-BF53-A00B67AB3E19} . (.LULU Software Limited – Soda PDF Helper.) — C:Program FilesSoda PDF 5PDFIEHelper.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: Soda PDF 3D Reader Toolbar – [HKLM]{64C9D46E-8F8B-4158-9780-A6581C7439B1} . (.LULU Software – Soda PDF 3D Reader Toolbar.) — C:Program FilesSoda PDF 3D ReaderPDFIEPlugin.dll
O3 – Toolbar: Soda PDF 5 IE Toolbar – [HKLM]{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} . (.LULU Software Limited – Soda PDF 5 Toolbar.) — C:Program FilesSoda PDF 5PDFIEPlugin.dll
O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSProgram [AllUsers]: MSN.lnk . (.Microsoft Corporation – Win32 Cabinet Self-Extractor.) — C:Program FilesMSNMSNCoreFilesInstallmsnsusii.exe =>.Microsoft Corporation
O4 – GSProgram [AllUsers]: Save.ca Print-At-Home.lnk . (…) — C:Program FilesSave.ca Print-At-HomeSave.ca Print-At-Home.exe
O4 – GSProgram [pooh]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [pooh]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
~ Global Startup: 9 Legitimates Filtered in 00mn 00s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [ACU] . (.Atheros Communications, Inc. – Atheros Client Utility.) — C:Program FilesQualcomm AtherosACU.exe
O4 – HKLM..Run: [EM_EXEC] . (.Logitech Inc. – Control Center.) — C:Program FilesMouseWaresystemEM_exeC.exe
O4 – HKLM..Run: [SynTPEnh] . (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 – HKLM..Run: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Run: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesFichiers communsJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Run: [MSConfig] . (.Microsoft Corporation – Utilitaire de configuration système.) — C:WINDOWSpchealthhelpctrBinariesMSCONFIG.exe
O4 – HKCU..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [HP Deskjet 3050A J611 series (NET)] . (.Hewlett-Packard Co. – ScanToPCActivationApp.) — C:Program FilesHPHP Deskjet 3050A J611 seriesBinScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 – HKCU..Run: [TBHostSupport] . (.Conduit Ltd. – TBHostSupport.) — C:Documents and SettingspoohLocal SettingsApplication DataTBHostSupportTBHostSupport.dll =>Toolbar.Conduit
O4 – HKUSS-1-5-21-776561741-796845957-725345543-1003..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKUSS-1-5-21-776561741-796845957-725345543-1003..Run: [HP Deskjet 3050A J611 series (NET)] . (.Hewlett-Packard Co. – ScanToPCActivationApp.) — C:Program FilesHPHP Deskjet 3050A J611 seriesBinScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 – HKUSS-1-5-21-776561741-796845957-725345543-1003..Run: [TBHostSupport] . (.Conduit Ltd. – TBHostSupport.) — C:Documents and SettingspoohLocal SettingsApplication DataTBHostSupportTBHostSupport.dll =>Toolbar.Conduit
~ Application: Scanned in 00mn 00s

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) – http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366553998531” onclick=”window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{261A4445-3180-479C-86FF-A2244605656C}: DhcpNameServer = 192.168.0.1
O17 – HKLMSystemCS1ServicesTcpip..{261A4445-3180-479C-86FF-A2244605656C}: DhcpNameServer = 192.168.0.1
O17 – HKLMSystemCS2ServicesTcpip..{261A4445-3180-479C-86FF-A2244605656C}: DhcpNameServer = 192.168.0.1
O17 – HKLMSystemCS3ServicesTcpip..{261A4445-3180-479C-86FF-A2244605656C}: DhcpNameServer = 192.168.0.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
O18 – Filter: text/webviewhtml – {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. – ATI External Event Utility DLL Module.) — C:WINDOWSsystem32Ati2evxx.dll
O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: Soda PDF 3D Reader Helper Service (Soda PDF 3D Reader Helper Service) . (.LULU Software – Soda PDF 3D Reader Helper Service.) – C:Program FilesSoda PDF 3D ReaderHelperService.exe
O23 – Service: Soda PDF 3D Reader Service (Soda PDF 3D Reader Service) . (.LULU Software – Soda PDF 3D Reader Conversion Service.) – C:Program FilesSoda PDF 3D ReaderConversionService.exe
O23 – Service: Soda PDF 5 Helper Service (Soda PDF 5 Helper Service) . (.LULU Software Limited – Soda PDF 5 Helper Service.) – C:Program FilesSoda PDF 5HelperService.exe
O23 – Service: Soda PDF 5 Service (Soda PDF 5 Service) . (.LULU Software Limited – Soda PDF 5 Conversion Service.) – C:Program FilesSoda PDF 5ConversionService.exe
O23 – Service: (vToolbarUpdater15.5.0) . (…) – C:Program FilesFichiers communsAVG Secure SearchvToolbarUpdater15.5.0ToolbarUpdater.exe (.not file.) =>Toolbar.AVGSearch
~ Services: 9 Legitimates Filtered in 00mn 04s

—\ Enumération Active Desktop & MHTML Editor (O24)
O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and SettingspoohLocal SettingsApplication DataMicrosoftWallpaper1.bmp
O24 – Desktop General: WallPaper – .(…) – C:Documents and SettingspoohLocal SettingsApplication DataMicrosoftWallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt1.job [462]
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt2.job [462]
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt3.job [462]
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt4.job [462]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: CCC – (…) [HKLM] — {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 – Logiciel: MouseWare 9.60 – (…) [HKLM] — {5809E7CF-4DCF-11D4-9875-00105ACE7734}
~ Logic: 94 Legitimates Filtered in 00mn 01s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareELIGCHK]
[HKCUSoftwareMGS]
[HKCUSoftwareTorrent2Exe.com]
[HKLMSoftwareVBMZ]
~ Key Software: 193 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 2013-07-14 – 06:30:04 – [3,702] —-D C:Program FilesMouseWare
O43 – CFD: 2013-09-16 – 19:50:41 – [579,835] —-D C:Documents and SettingsAll UsersApplication DataMGS
O43 – CFD: 2013-11-11 – 16:16:49 – [0,437] —-D C:Documents and SettingspoohLocal SettingsApplication DataTBHostSupport
O43 – CFD: 2013-11-13 – 11:21:41 – [0,185] —-D C:Documents and SettingspoohLocal SettingsApplication DataWhiteListing
~ Program Folder: 183 Legitimates Filtered in 02mn 53s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.A7109245B13848C9AFCBE1785C56F197] – 2013-11-11 – 07:27:37 —A- . (…) — C:WINDOWSsystem32d3d9caps.dat [1324]
O44 – LFC:[MD5.566104DDDD9922F76BA284A32EB5334C] – 2013-11-11 – 16:14:10 —A- . (…) — C:logFileUI.txt [2220]
O44 – LFC:[MD5.8954FC457F5B412A9BA4590620DAF429] – 2013-11-15 – 06:50:28 —A- . (…) — C:WINDOWSimsins.BAK [1393]
O44 – LFC:[MD5.0711F28F80A37294CDA0F3BCCAE4D81B] – 2013-11-15 – 06:50:32 —A- . (…) — C:WINDOWSupdspapi.log [19256]
O44 – LFC:[MD5.3061DBEB251E09B86428F3619803C619] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWSFaxSetup.log [204236]
O44 – LFC:[MD5.77F44A2DF13ECED92690CEF21BCA1E87] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWSMedCtrOC.log [13889]
O44 – LFC:[MD5.13A810CBCA2811296610AA4F1AEA4094] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWScomsetup.log [63894]
O44 – LFC:[MD5.06C07D3FE766DBECBBE9EE3724468A44] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWSiis6.log [268482]
O44 – LFC:[MD5.CD0D73BECD6EA616DEEB5C6EFC8209DC] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWSimsins.log [1393]
O44 – LFC:[MD5.5810E86ED1A7FB0B58E4C4DA69951FC0] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWSmsgsocm.log [9923]
O44 – LFC:[MD5.8E2F58BC65A641FBED380CFBD0782DFC] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWSmsmqinst.log [70170]
O44 – LFC:[MD5.C80E8ABE2826C9AAA1342D457832B1FA] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWSnetfxocm.log [33563]
O44 – LFC:[MD5.6BF5216C93CD3418D4DAFBE97EA5E89E] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWSntdtcsetup.log [40812]
O44 – LFC:[MD5.1F1B25CAB331F1DBEF83B144471DD372] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWSocgen.log [108568]
O44 – LFC:[MD5.380A941E2CEF21B9E6B266E8E2579543] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWSocmsn.log [11004]
O44 – LFC:[MD5.A42FE553A761E76B565D8FC5AB3BD760] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWStabletoc.log [9019]
O44 – LFC:[MD5.206F08B93539110999BA3128500C60CF] – 2013-11-15 – 06:50:33 —A- . (…) — C:WINDOWStsoc.log [92545]
O44 – LFC:[MD5.86CD421C3B96DED57FAC29CE613B1FBA] – 2013-11-15 – 09:05:42 —A- . (…) — C:WINDOWSsystem.ini [237]
O44 – LFC:[MD5.29672E765C7341A175779BAF745B14AC] – 2013-11-15 – 09:05:42 —A- . (…) — C:WINDOWSwin.ini [487]
O44 – LFC:[MD5.4A7E424F7A9586EC6E77D63F8CE7D880] – 2013-11-18 – 21:35:06 —A- . (…) — C:WINDOWSsystem32ativvaxx.cap [173776]
O44 – LFC:[MD5.0DB0333771E2AD13A4C214D0767874AF] – 2013-11-18 – 21:35:31 —A- . (…) — C:WINDOWSwiaservc.log [50]
O44 – LFC:[MD5.7A034EEAE0F1DBC719AB6E5586C7C706] – 2013-11-18 – 21:35:33 —A- . (…) — C:WINDOWSwiadebug.log [159]
~ Files: 44 Legitimates Filtered in 00mn 07s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.52FB5F45396AFE874137FE72347DE891] – 2013-11-11 – 16:11:56 —A- – C:WINDOWSPrefetchUNINSTALL.BROWSERSAFEGUARD.EX-0EAA432A.pf =>PUP.BrowserSafeguard
O45 – LFCP:[MD5.A424F43BE1A982259C8450DEFD367140] – 2013-11-11 – 16:13:21 —A- – C:WINDOWSPrefetchOPTPROCRASH.EXE-3384F337.pf =>PUP.OptimizerPro
O45 – LFCP:[MD5.6824C3B776E4474108A85F56ED7FC6C5] – 2013-11-11 – 16:13:35 —A- – C:WINDOWSPrefetchCLTMNGSVC.EXE-147F4578.pf
O45 – LFCP:[MD5.947E39D8ECD80FDC84AC5400A27E0229] – 2013-11-11 – 16:13:35 —A- – C:WINDOWSPrefetchNSV14.EXE-0204DC40.pf
O45 – LFCP:[MD5.38649D604980581A9AF0D732B3736627] – 2013-11-11 – 16:13:35 —A- – C:WINDOWSPrefetchSPRUNNER.EXE-0FC6701B.pf
O45 – LFCP:[MD5.0B01CD5E81B07DBA1A3D4139215B8812] – 2013-11-11 – 16:13:43 —A- – C:WINDOWSPrefetchUNINST.EXE-2D0F7494.pf
O45 – LFCP:[MD5.E4B6D849C49A00DD879F635C7CE6772C] – 2013-11-11 – 16:14:00 —A- – C:WINDOWSPrefetchUNINSTALLERUI.EXE-0C949C4B.pf
O45 – LFCP:[MD5.30396756D25C30925F98BD199933BD97] – 2013-11-11 – 16:14:34 —A- – C:WINDOWSPrefetchNS32.TMP-00CF89F7.pf
O45 – LFCP:[MD5.F7F4F38EB4C6CB48C4E0AC6D556CBAEE] – 2013-11-11 – 16:14:34 —A- – C:WINDOWSPrefetchNS33.TMP-3A9B1837.pf
O45 – LFCP:[MD5.3A84B35EDAFA7DA55CC12B174374BD02] – 2013-11-11 – 16:14:34 —A- – C:WINDOWSPrefetchWAJAMUPDATERV3.EXE-0928E761.pf =>PUP.Wajam
O45 – LFCP:[MD5.D7457E06CD8E82DEFDEEE7FDBE4C099A] – 2013-11-13 – 11:21:47 —A- – C:WINDOWSPrefetchTBMESSAGINGHOST.EXE-2D4D0094.pf
O45 – LFCP:[MD5.8E8A13C2112E00D9108D30E3DA37B21C] – 2013-11-15 – 06:45:33 —A- – C:WINDOWSPrefetch31.0.1650.57_30.0.1599.101_CH-2E7366D7.pf
O45 – LFCP:[MD5.0266F580B34255250ACA502C83951890] – 2013-11-15 – 09:05:37 —A- – C:WINDOWSPrefetchEM_EXEC.EXE-30AED3C1.pf
O45 – LFCP:[MD5.83F16B3E5AFB28767B62BF991665A20B] – 2013-11-15 – 09:05:46 —A- – C:WINDOWSPrefetchACU.EXE-0E6D4A68.pf
O45 – LFCP:[MD5.7BC8B06F111707916E8630C8ABE53414] – 2013-11-18 – 17:45:19 —A- – C:WINDOWSPrefetchTBMESSAGINGHOST.EXE-3109E222.pf
O45 – LFCP:[MD5.A834802E72EF0346516040B887E4668F] – 2013-11-18 – 20:50:22 —A- – C:WINDOWSPrefetch_IU14D2N.TMP-0DDD20C7.pf
~ Prefetcher: 130 Legitimates Filtered in 00mn 01s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Image File Execution Options (IFEO) (O50)
O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
~ IFEO: Scanned in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.CC2A21CF8675E7C6226065D2916B58DE] – 2004-05-04 – 23:04:56 —A- . (.Windows (R) 2000 DDK provider – Alert-Thread Driver 2.0.) — C:WINDOWSsystem32Driversalertdrv.sys [4211]
O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 2004-08-05 – 05:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
~ Drivers: 7 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 2013-11-15 – 21:50:49 —A- . (…) — C:Documents and SettingspoohApplication Datavlcml.xspf [304]
O61 – LFC: 2013-11-15 – 21:50:49 —A- . (…) — C:Documents and SettingspoohApplication Datavlcvlcrc [80401]
O61 – LFC: 2013-11-15 – 21:50:49 -SHA- . (…) — C:Documents and SettingspoohBureauThumbs.db [227840]
O61 – LFC: 2013-11-15 – 21:50:49 -SHA- . (…) — C:Documents and SettingspoohBureaudavidThumbs.db [81408]
O61 – LFC: 2013-11-15 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Google Profile.ico [181623]
O61 – LFC: 2013-11-15 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4GPUCachedata_2 [1056768]
O61 – LFC: 2013-11-15 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Managed Mode Settings [8]
O61 – LFC: 2013-11-15 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecent508031722.lnk [849]
O61 – LFC: 2013-11-15 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecent508031725.lnk [849]
O61 – LFC: 2013-11-15 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecent508031726b.lnk [854]
O61 – LFC: 2013-11-15 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecentPrintemps-Été 2013.lnk [584]
O61 – LFC: 2013-11-15 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecentSan25.lnk [464]
O61 – LFC: 2013-11-15 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecentTyler 2011-2012.lnk [648]
O61 – LFC: 2013-11-15 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecenttylertiger.lnk [921]
O61 – LFC: 2013-11-16 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4GPUCachedata_1 [270336]
O61 – LFC: 2013-11-18 – 21:50:48 —A- . (…) — C:Documents and SettingspoohApplication DataMozillaFirefoxProfiles23prefs.js [2]
O61 – LFC: 2013-11-18 – 21:50:48 —A- . (…) — C:Documents and SettingspoohApplication DataMozillaFirefoxProfiles7f0ksuhi.defaultprefs.js [11282]
O61 – LFC: 2013-11-18 – 21:50:49 —A- . (…) — C:Documents and SettingspoohApplication DataZHPLog.txt [39218] =>.Nicolas Coolman
O61 – LFC: 2013-11-18 – 21:50:49 —A- . (…) — C:Documents and SettingspoohApplication DataZHPTestsZHPDiag.txt [3231] =>.Nicolas Coolman
O61 – LFC: 2013-11-18 – 21:50:49 —A- . (…) — C:Documents and SettingspoohApplication DataZHPZHPDiag.txt [59482] =>.Nicolas Coolman
O61 – LFC: 2013-11-18 – 21:50:49 —A- . (…) — C:Documents and SettingspoohBureauZHPDiag.lnk [1531] =>.Nicolas Coolman
O61 – LFC: 2013-11-18 – 21:50:49 —A- . (…) — C:Documents and SettingspoohBureauZHPFix.lnk [1636] =>.Nicolas Coolman
O61 – LFC: 2013-11-18 – 21:50:49 —A- . (…) — C:Documents and SettingspoohBureauaudrey1.bmp [2359350]
O61 – LFC: 2013-11-18 – 21:50:49 —A- . (…) — C:Documents and SettingspoohBureaumbam-log-2013-11-18 (21-08-59).txt [25498]
O61 – LFC: 2013-11-18 – 21:50:49 -S-A- . (…) — C:Documents and SettingspoohIETldCacheindex.dat [262144]
O61 – LFC: 2013-11-18 – 21:50:50 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataCertificate Revocation Lists [263468]
O61 – LFC: 2013-11-18 – 21:50:50 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataLocal State [16283]
O61 – LFC: 2013-11-18 – 21:50:50 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Archived History [57344]
O61 – LFC: 2013-11-18 – 21:50:50 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Archived History-journal [512]
O61 – LFC: 2013-11-18 – 21:50:50 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Bookmarks [34150]
O61 – LFC: 2013-11-18 – 21:50:50 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Bookmarks.bak [34150]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Cookies [1569792]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Cookies-journal [16384]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Extension Rules00937.ldb [207]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Extension RulesCURRENT [16]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Extension RulesLOG [148]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Extension RulesLOG.old [358]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Extension StateCURRENT [16]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Extension StateLOG [142]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Extension StateLOG.old [47]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Extension StateMANIFEST-000004 [50]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Favicons [1103872]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Favicons-journal [16384]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4File SystemOriginsCURRENT [16]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4File SystemOriginsLOG [148]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4File SystemOriginsLOG.old [148]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4File SystemOriginsMANIFEST-000152 [203]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4GPUCachedata_0 [45056]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4databasesDatabases.db [7168]
O61 – LFC: 2013-11-18 – 21:50:58 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4databasesDatabases.db-journal [5672]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4History [323584]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4History Provider Cache [38179]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4History-journal [16384]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Last Session [671323]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Last Tabs [285806]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttp_googleads.g.doubleclick.net_0.localstorage [3072]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttp_googleads.g.doubleclick.net_0.localstorage-journal [512]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttp_montreal.radionrj.ca_0.localstorage [3072]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttp_montreal.radionrj.ca_0.localstorage-journal [3608]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttps_plus.google.com_0.localstorage [3072]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttps_plus.google.com_0.localstorage-journal [3608]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttps_talkgadget.google.com_0.localstorage [3072]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttps_talkgadget.google.com_0.localstorage-journal [512]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttps_www.google.ca_0.localstorage [3072]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttps_www.google.ca_0.localstorage-journal [3608]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttps_www.google.co.in_0.localstorage [3072]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttps_www.google.co.in_0.localstorage-journal [512]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttps_www.google.com_0.localstorage [3072]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Local Storagehttps_www.google.com_0.localstorage-journal [3608]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Login Data [30720]
O61 – LFC: 2013-11-18 – 21:50:59 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Login Data-journal [16384]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Network Action Predictor [330752]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Network Action Predictor-journal [16384]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Origin Bound Certs [38912]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Origin Bound Certs-journal [16384]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Preferences [89203]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4QuotaManager [15360]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4QuotaManager-journal [6704]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Session Storage01744.ldb [1622]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Session Storage01746.ldb [829879]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Session StorageCURRENT [16]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Session StorageLOG [277]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Session StorageLOG.old [743]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Session StorageMANIFEST-001745 [164]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Shortcuts [12288]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Shortcuts-journal [16384]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Top Sites [36864]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Top Sites-journal [16384]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4TransportSecurity [1596]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Visited Links [131072]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Web Data [325632]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataProfile 4Web Data-journal [16384]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Bloom [7596400]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Bloom Prefix Set [1341400]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Cookies [6144]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Cookies-journal [4640]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Csd Whitelist [135236]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Download [1139112]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Download Whitelist [19536]
O61 – LFC: 2013-11-18 – 21:51:00 —A- . (…) — C:Documents and SettingspoohLocal SettingsApplication DataGoogleChromeUser DataSafe Browsing Extension Blacklist [6828]
O61 – LFC: 2013-11-18 – 21:51:24 —A- . (…) — C:Documents and SettingspoohMes documentsDownloadsadwcleaner.exe [1085542]
O61 – LFC: 2013-11-18 – 21:51:24 -SHA- . (…) — C:Documents and SettingspoohMes documentsDownloadsThumbs.db [275456]
O61 – LFC: 2013-11-18 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecentAdwCleaner.lnk [403]
O61 – LFC: 2013-11-18 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecentAdwCleaner[S2].lnk [582]
O61 – LFC: 2013-11-18 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecentLogs.lnk [1010]
O61 – LFC: 2013-11-18 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecentZHPDiag.lnk [476] =>.Nicolas Coolman
O61 – LFC: 2013-11-18 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecentaudrey1.lnk [476]
O61 – LFC: 2013-11-18 – 21:51:25 —A- . (…) — C:Documents and SettingspoohRecentmbam-log-2013-11-18 (21-08-59).lnk [593]
O61 – LFC: 2014-02-27 – 21:50:47 -S-A- . (…) — C:Documents and SettingspoohApplication DataMicrosoftCryptoRSAS-1-5-21-776561741-796845957-725345543-1003ff3d601d623b17e06218cf9079d86410_96699fcc-8c74-4765-83d9-e880597943f2 [1305]
~ 19 Fichiers temporaires (Temporary files)
~ 3 Fichiers cookies (Cookies files)
~ Files: 661 Legitimates Filtered in 00mn 53s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 2008-11-06 – C:WINDOWSsystem32DRIVERSo2flash.exe (O2FLASH) .(.O2Micro International – O2 Flash Memory Service.) – LEGACY_O2FLASH
O64 – Services: CurCS – 2012-12-21 – C:Program FilesSoda PDF 3D ReaderHelperService.exe (Soda PDF 3D Reader Helper Service) .(.LULU Software – Soda PDF 3D Reader Helper Service.) – LEGACY_SODA_PDF_3D_READER_HELPER_SERVICE
O64 – Services: CurCS – 2012-12-21 – C:Program FilesSoda PDF 3D ReaderConversionService.exe (Soda PDF 3D Reader Service) .(.LULU Software – Soda PDF 3D Reader Conversion Service.) – LEGACY_SODA_PDF_3D_READER_SERVICE
O64 – Services: CurCS – 2013-06-12 – C:Program FilesSoda PDF 5HelperService.exe (Soda PDF 5 Helper Service) .(.LULU Software Limited – Soda PDF 5 Helper Service.) – LEGACY_SODA_PDF_5_HELPER_SERVICE
O64 – Services: CurCS – 2013-06-12 – C:Program FilesSoda PDF 5ConversionService.exe (Soda PDF 5 Service) .(.LULU Software Limited – Soda PDF 5 Conversion Service.) – LEGACY_SODA_PDF_5_SERVICE
~ Legacy: 146 Legitimates Filtered in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (@ieframe.dll,-12512) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {1BF60324-10F2-414A-A381-780E6F4952A4} – (VisualBee V.12 Customized Web Search) – http://search.conduit.com” onclick=”window.open(this.href);return false; =>Adware.VisualBeeToolbar
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (@ieframe.dll,-12512) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6E2647C3-969E-461B-9332-33B3AF0C22CE} – (Search Spin V6 Customized Web Search) – http://search.conduit.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3CB2046045E8424AEAC0E07C31D08D8F] [SPRF][2013-01-18] (…) — C:Documents and SettingsAll UsersApplication Databdinstall.bin [11134]
~ Files: 1 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.539527AFC47197211A1919A684D53D97] [WIS][2013-08-27] (.LULU Software – Soda PDF 3D Reader Installer.) — C:WindowsInstaller2a66b5e.msi [6286336]
[MD5.BBA8BD5F37C30A9F332346ED688E5BB3] [WIS][2013-08-27] (.LULU Software Limited – Soda PDF 5 Installer.) — C:WindowsInstaller2a66b63.msi [5976576]
~ WIS: 134 Legitimates Filtered in 00mn 13s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 2013-09-22 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 2009-03-16 602112 | (Ati HotKey Poller) . (.ATI Technologies Inc..) – C:WINDOWSsystem32Ati2evxx.exe
SS – | Disabled 1658-07-10 0 | (BrYNSvc) . (…) – C:Program FilesBrowny02BrYNSvc.exe
SS – | Demand 2008-04-13 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
SS – | Disabled 2013-06-30 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Disabled 2013-06-30 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 2005-02-24 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program FilesFichiers communsInstallShieldDriver1050Intel 32IDriverT.exe
SS – | Auto 2013-04-04 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
SS – | Auto 2013-04-04 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
SS – | Demand 2013-09-10 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
SR – | Auto 2008-11-06 72224 | (O2FLASH) . (.O2Micro International.) – C:WINDOWSsystem32DRIVERSo2flash.exe
SS – | Auto 2013-09-05 171680 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
SR – | Auto 2012-12-21 1352024 | (Soda PDF 3D Reader Helper Service) . (.LULU Software.) – C:Program FilesSoda PDF 3D ReaderHelperService.exe
SR – | Auto 2012-12-21 874328 | (Soda PDF 3D Reader Service) . (.LULU Software.) – C:Program FilesSoda PDF 3D ReaderConversionService.exe
SR – | Auto 2013-06-12 1097544 | (Soda PDF 5 Helper Service) . (.LULU Software Limited.) – C:Program FilesSoda PDF 5HelperService.exe
SR – | Auto 2013-06-12 794440 | (Soda PDF 5 Service) . (.LULU Software Limited.) – C:Program FilesSoda PDF 5ConversionService.exe
SS – | Demand 2010-02-19 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) – C:Program FilesFichiers communsAdobeSwitchBoardSwitchBoard.exe
SS – | Auto 1658-07-10 0 | (vToolbarUpdater15.5.0) . (…) – C:Program FilesFichiers communsAVG Secure SearchvToolbarUpdater15.5.0ToolbarUpdater.exe =>Toolbar.AVGSearch
~ Services: Scanned in 00mn 13s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
Run by pooh at 2013-11-18 21:52:20

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
C:WINDOWSsystem32driversamdide.sys Advanced Micro Devices AMD PCI SATA/IDE Bus Driver
1 ntkrnlpa!IofCallDriver[0x804EF200] >> DeviceHarddisk0DR0[0x8B246AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by pooh at 2013-11-18 21:52:22

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 12996 – (2013-11-18)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLMSYSTEMCurrentControlSetServicesvToolbarUpdater15.5.0] =>Toolbar.AVGSearch^
[HKLMSoftwareVBMZ] =>Toolbar.Conduit
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6}] =>Toolbar.Agent
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6}] =>Toolbar.Agent
[HKLMSoftwareClassesCLSID{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6}] =>Toolbar.Agent
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:TBHostSupport =>Toolbar.Conduit^
C:Documents and SettingspoohApplication DataMozillaFirefoxProfiles7f0ksuhi.defaultextensions{0113D088-8ED1-468C-B225-585A9C53B5E3} =>PUP.ToparcadeHits^
~ Additionnel Scan: 272763 Items scanned in 00mn 23s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits” onclick=”window.open(this.href);return false; =>PUP.ToparcadeHits
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy” onclick=”window.open(this.href);return false; =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard” onclick=”window.open(this.href);return false; =>PUP.BrowserSafeguard
~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro” onclick=”window.open(this.href);return false; =>PUP.OptimizerPro
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam” onclick=”window.open(this.href);return false; =>PUP.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/29058830-adware-visualbeetoolbar” onclick=”window.open(this.href);return false; =>Adware.VisualBeeToolbar
~ MSI: 7 link(s) detected in 00mn 23s

~ 1880 Legitimates filtered by white list
End of the scan (617 lines in 05mn 42s)(0)

# AdwCleaner v3.012 – Rapport créé le 18/11/2013 à 21:33:39
# Mis à jour le 11/11/2013 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : pooh – POOH-D86015DC3F
# Exécuté depuis : C:Documents and SettingspoohMes documentsDownloadsadwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:Documents and SettingspoohLocal SettingsApplication DataConduit

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : HKCUSoftwareConduit
Clé Supprimée : HKCUSoftwaresmartbar

***** [ Navigateurs ] *****

-\ Internet Explorer v8.0.6001.18702

-\ Mozilla Firefox v24.0 (fr)

[ Fichier : C:Documents and SettingspoohApplication DataMozillaFirefoxProfiles23prefs.js ]

[ Fichier : C:Documents and SettingspoohApplication DataMozillaFirefoxProfiles7f0ksuhi.defaultprefs.js ]

*************************

AdwCleaner[R0].txt – [6002 octets] – [22/09/2013 06:00:45]
AdwCleaner[R1].txt – [6254 octets] – [11/11/2013 16:17:41]
AdwCleaner[R2].txt – [1369 octets] – [18/11/2013 21:31:27]
AdwCleaner[S0].txt – [6063 octets] – [22/09/2013 06:02:24]
AdwCleaner[S1].txt – [6333 octets] – [11/11/2013 16:18:36]
AdwCleaner[S2].txt – [1295 octets] – [18/11/2013 21:33:39]

########## EOF – C:AdwCleanerAdwCleaner[S2].txt – [1355 octets] ##########[/spoiler:1cvag318]