florie
Participant
Nombre d'articles : 7

Voici le rapport cleaner :

# AdwCleaner v3.012 – Rapport créé le 23/11/2013 à 14:47:17
# Mis à jour le 11/11/2013 par Xplode
# Système d’exploitation : Windows 8 (64 bits)
# Nom d’utilisateur : Florie Copon – FLORIE
# Exécuté depuis : C:UsersFlorie CoponDownloadsadwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:Program Files (x86)Mysearchdial
Dossier Supprimé : C:Program Files (x86)Nosibay
Dossier Supprimé : C:Program Files (x86)Setuprog
Dossier Supprimé : C:UsersFlorie CoponAppDataRoamingcacaoweb
Dossier Supprimé : C:UsersFlorie CoponAppDataRoamingNosibay
Fichier Supprimé : C:UsersFlorie CoponAppDataLocalmysearchdial-speeddial.crx
Fichier Supprimé : C:UsersFlorie CoponDesktopcacaoweb.exe
Fichier Supprimé : C:WindowsTasksMySearchDial.job
Fichier Supprimé : C:WindowsSystem32TasksMySearchDial

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : [x64] HKLMSOFTWAREGoogleChromeExtensionspflphaooapbgpeakohlggbpidpppgdff
Valeur Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionRun [cacaoweb]
Clé Supprimée : HKLMSOFTWAREClassesAppIDescort.DLL
Clé Supprimée : HKLMSOFTWAREClassesAppIDescortApp.DLL
Clé Supprimée : HKLMSOFTWAREClassesAppIDescortEng.DLL
Clé Supprimée : HKLMSOFTWAREClassesAppIDescorTlbr.DLL
Clé Supprimée : HKLMSOFTWAREClassesAppIDesrv.EXE
Clé Supprimée : HKLMSOFTWAREClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLMSOFTWAREClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLMSOFTWAREClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLMSOFTWAREClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLMSOFTWAREClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : HKLMSOFTWAREClassesTypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLMSOFTWAREClassesTypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F4EF4468-9BBB-45A1-A2CE-F0C430A9A7E5}
Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{F4EF4468-9BBB-45A1-A2CE-F0C430A9A7E5}]
Valeur Supprimée : HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks [{F4EF4468-9BBB-45A1-A2CE-F0C430A9A7E5}]
Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerURLSearchHooks [{F4EF4468-9BBB-45A1-A2CE-F0C430A9A7E5}]
Clé Supprimée : HKCUSoftwarecacaoweb
Clé Supprimée : HKCUSoftwareNosibay
Clé Supprimée : HKCUSoftwareSoftonic
Clé Supprimée : HKCUSoftwareAppDataLowSoftwareSetuprog
Clé Supprimée : HKLMSoftwareInstallCore
Clé Supprimée : HKLMSoftwareSetuprog
Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSetuprog Toolbar

***** [ Navigateurs ] *****

-\ Internet Explorer v10.0.9200.16537

Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerAboutURls [Tabs]
Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Start Page]

-\ Google Chrome v31.0.1650.57

[ Fichier : C:UsersFlorie CoponAppDataLocalGoogleChromeUser DataDefaultpreferences ]

*************************

AdwCleaner[R0].txt – [4193 octets] – [23/11/2013 14:09:13]
AdwCleaner[S0].txt – [3544 octets] – [23/11/2013 14:47:17]

########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [3604 octets] ##########

Et celui ZHPDiag :

~ Rapport de ZHPDiag v2013.11.22.46 – Nicolas Coolman (22/11/2013)
~ Lancé par Florie Copon (23/11/2013 14:51:57)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736
GCIE: Google Chrome v31.0.1650.57 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2008
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Reader X

—\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3673 MB (68% free)
System Restore: Activé (Enable)
System drive C: has 42 GB (22%) free of 186 GB

—\ Mode de connexion au système
~ Computer Name: FLORIE
~ User Name: Florie Copon
~ All Users Names: Florie Copon, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersFlorie CoponAppDataRoamingZHP
~ %AppData% : C:UsersFlorie CoponAppDataRoaming
~ %Desktop% : C:UsersFlorie CoponDesktop
~ %Favorites% : C:UsersFlorie CoponFavorites
~ %LocalAppData% : C:UsersFlorie CoponAppDataLocal
~ %StartMenu% : C:UsersFlorie CoponAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 224 Go of 258 Go)
E: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)
F: Floppy drive, Flash card reader, USB Key (Free 1 Go of 7 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] – (.Microsoft Corporation – Explorateur Windows.) (.01/06/2013 – 12:34:21.) — C:WindowsExplorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Application de démarrage de Windows.) (.26/07/2012 – 04:08:50.) — C:WindowsSystem32Wininit.exe [132608]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 09:45:20.) — C:WindowsSystem32wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11/10/2012 – 06:46:58.) — C:WindowsSystem32Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Bibliothèque de licences.) (.26/07/2012 – 04:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.04/09/2013 – 04:11:23.) — C:Windowssystem32DriversAFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.26/07/2012 – 06:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.26/07/2012 – 03:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.26/07/2012 – 03:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.26/07/2012 – 03:26:53.) — C:Windowssystem32DriversDfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/09/2012 – 07:08:44.) — C:Windowssystem32DriversHDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Pilote de port i8042.) (.26/07/2012 – 03:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.26/07/2012 – 03:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.05/02/2013 – 23:29:09.) — C:Windowssystem32DriversMRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.26/07/2012 – 03:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.02/02/2013 – 11:54:54.) — C:Windowssystem32Driversntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Pilote de port parallèle.) (.26/07/2012 – 03:29:53.) — C:Windowssystem32DriversParport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.26/07/2012 – 03:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 – 03:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.26/07/2012 – 06:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.01/06/2013 – 12:26:33.) — C:Windowssystem32Driversvolsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 01s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/667
~ Mes musiques (My Musics) : 1/11882
~ Mes Videos (My Videos) : 1/30
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 8/222
~ Mon Bureau (My Desktop) : 1/7
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 48s

—\ Processus lancés
[MD5.7C58A2513C3DA421A461D75C66C56D21] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1123536] [PID.2948]
[MD5.60657ED53013BB32E8820D91470CA0B4] – (.ASUS – ASUS InstantOn.) — C:Program Files (x86)ASUSASUS InstantOnInsOnCfg.exe [1116832] [PID.2884]
[MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] – (.ASUSTek Computer Inc. – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [178848] [PID.3416]
[MD5.2C35624F79B9ADBFE47090879F0D8673] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [322208] [PID.3424]
[MD5.29769215DEB6E8418EF3656B0423776E] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe [20352] [PID.3876]
[MD5.1F0A97900FC718CE617A722BEF8580CD] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3568312] [PID.3292]
[MD5.636D97B3BAF854511FF3F4093E895FED] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [863184] [PID.2684]
[MD5.01F1839AD462D146BB15B1DA9FDE2EE7] – (.ASUSTeK Computer Inc. – ASUS Live Update.) — C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe [1557664] [PID.2712]
[MD5.06BC146E6C2E881A7235A142BA877B82] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8262144] [PID.504]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersFlorie CoponAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.1.1 (Désactivé) =>Adware.MyWebSearch
~ Google Browser: 16 Legitimates Filtered in 00mn 03s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSQuickLaunch [Florie Copon]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Florie Copon]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [Florie Copon]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSProgram [Florie Copon]: cacaoweb.lnk . (…) — C:UsersFlorie CoponDesktopcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O4 – GSProgram [Florie Copon]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Florie Copon]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Florie Copon]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
~ Global Startup: 35 Legitimates Filtered in 00mn 02s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. – AsusVibe Application.) — C:Program Files (x86)ASUSAsusVibeAsusVibeLauncher.exe
O4 – GSStartup [Florie Copon]: OneNote 2010 – Capture d’écran et lancement.lnk . (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe =>.Microsoft Corporation
O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKCU..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:UsersFlorie CoponAppDataLocalFacebookUpdateFacebookUpdate.exe
O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKUSS-1-5-21-1391351973-4093424353-1624542879-1001..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:UsersFlorie CoponAppDataLocalFacebookUpdateFacebookUpdate.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program Files (x86)MICROS~1Office14ONBttnIE.dll =>.Microsoft Corporation
O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program Files (x86)MICROS~1Office14ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{A09FF915-5E9B-4E3D-9825-01031D15C03D}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{A09FF915-5E9B-4E3D-9825-01031D15C03D}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: Robert/Collins 1.2 – (…) [HKLM][64Bits] — Le Robert & Collins Maxi Plus anglais_is1
~ Logic: 67 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareCRSEPM]
[HKCUSoftwareCollins]
[HKCUSoftwareSEJER]
[HKLMSoftwareWow6432NodeCRSEPM]
~ Key Software: 143 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.CF050255E21EE174449D2D817EA8A6FD] – 15/11/2013 – 15:49:47


. (…) — C:UsbFix [Scan 1] FLORIE.txt [10332]
O44 – LFC:[MD5.1567C4858E6466D803F2CA5DA09D4583] – 23/11/2013 – 12:03:47


. (…) — C:UsbFix [Scan 2] FLORIE.txt [10448]
O44 – LFC:[MD5.0D96EA4222DA78D88B381C8D6A4CC36C] – 23/11/2013 – 12:17:05 —A- . (…) — C:UsbFix [Clean 3] FLORIE.txt [11367]
~ Files: 100 Legitimates Filtered in 00mn 44s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.120766BCD9DE22176579A67BBB0C5EE9] – 18/11/2013 – 18:54:16 —A- – C:WindowsPrefetchdynreservedpri.db
O45 – LFCP:[MD5.76D738F7A3BC1779D9DDD27D13C1941D] – 23/11/2013 – 14:53:54 —A- – C:WindowsPrefetchINSTUP.EXE-3AF05CB9.pf
~ Prefetcher: 85 Legitimates Filtered in 00mn 00s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook [64Bits] – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~2MICROS~1Office14GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 22/11/2013 – 16:59:35 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
~ Drivers: 17 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 20/11/2013 – 14:57:38 —A- . (…) — C:UsersFlorie CoponDocumentsWhislit.docx [79116]
O61 – LFC: 21/11/2013 – 14:57:37 —A- . (…) — C:UsersFlorie CoponDocumentsMaster 1 sociologiePosture pro.docx [19905]
O61 – LFC: 21/11/2013 – 14:57:38 —A- . (…) — C:UsersFlorie CoponDownloadsOffreStage.pdf [49877]
O61 – LFC: 21/11/2013 – 14:57:38 —A- . (…) — C:UsersFlorie CoponDownloadsandvcata2013poursitedoublepage.pdf [3187931]
O61 – LFC: 21/11/2013 – 14:57:38 —A- . (…) — C:UsersFlorie CoponDownloadsbulletin_adhesion.pdf [97988]
O61 – LFC: 23/11/2013 – 14:55:12 —A- . (…) — C:UsersFlorie CoponAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [266723]
O61 – LFC: 23/11/2013 – 14:55:16 —A- . (…) — C:UsersFlorie CoponAppDataLocalGoogleChromeUser DataLocal State [46852]
O61 – LFC: 23/11/2013 – 14:57:36 —A- . (…) — C:UsersFlorie CoponAppDataRoamingZHPLog.txt [38014] =>.Nicolas Coolman
O61 – LFC: 23/11/2013 – 14:57:36 —A- . (…) — C:UsersFlorie CoponAppDataRoamingZHPTestsZHPDiag.txt [3029] =>.Nicolas Coolman
O61 – LFC: 23/11/2013 – 14:57:36 —A- . (…) — C:UsersFlorie CoponAppDataRoamingZHPZHPDiag.txt [30745] =>.Nicolas Coolman
O61 – LFC: 23/11/2013 – 14:57:38 —A- . (…) — C:UsersFlorie CoponDownloadsadwcleaner.exe [1085542]
~ 3 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 825 Legitimates Filtered in 05mn 20s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 01s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {30BD3E62-1DE1-0E36-50B6-060602C823A2} – (Setuprog Customized Web Search) – http://search.conduit.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (…) — C:ProgramDataSetStretch.exe [24576]
[MD5.378189889438568FEF3D98588283B3A5] [SPRF][11/11/2013] (…) — C:UsersFlorie CoponAppDataLocalTempQuarantine.exe [350377]
~ Files: 3 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{053C94AB-7391-4D0A-B586-3183F271AF3A}C:usersflorie copondownloadscacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usersflorie copondownloadscacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{6A2E0249-F6C4-4364-A8E8-D0368F49242D}C:usersflorie copondownloadscacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usersflorie copondownloadscacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “{BD22DF3F-3A75-4955-8EE6-D6296419FA1A}” |In – Public – P17 – TRUE | .(…) — C:usersflorie copondownloadscacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “{59CD9CCE-A807-4E9F-AD99-2019559A3962}” |In – Public – P6 – TRUE | .(…) — C:usersflorie copondownloadscacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “TCP Query User{FE77526E-EB79-45B3-95BF-0E1AA016177C}C:usersflorie coponappdataroamingcacaowebcacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usersflorie coponappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{4590C09A-843A-4F19-B22A-5051B1222674}C:usersflorie coponappdataroamingcacaowebcacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usersflorie coponappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “{B7E60CDC-3BFE-4773-81FB-3A88AA311363}” |In – Public – P17 – TRUE | .(…) — C:usersflorie coponappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “{03494554-5FB5-4852-869E-9093F6F50A4D}” |In – Public – P6 – TRUE | .(…) — C:usersflorie coponappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “TCP Query User{0D2B81D9-C865-4A42-A912-29E266CE64EF}C:usersflorie coponappdatalocaltemprarsfx0hl.exe” |In – Public – P6 – TRUE | .(…) — C:usersflorie coponappdatalocaltemprarsfx0hl.exe (.not file.)
O87 – FAEL: “UDP Query User{F5384E25-5F9F-4229-B3E2-908E3C718B9B}C:usersflorie coponappdatalocaltemprarsfx0hl.exe” |In – Public – P17 – TRUE | .(…) — C:usersflorie coponappdatalocaltemprarsfx0hl.exe (.not file.)
O87 – FAEL: “TCP Query User{061E71FE-3B9B-416C-A183-32BF830AA9E9}C:usersflorie copondesktopcacaoweb.exe” |In – Public – P6 – TRUE | .(…) — C:usersflorie copondesktopcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{5E78AB02-7C9A-4593-98D8-D215B226C749}C:usersflorie copondesktopcacaoweb.exe” |In – Public – P17 – TRUE | .(…) — C:usersflorie copondesktopcacaoweb.exe (.not file.) =>PUP.CacaoWeb
~ Firewall: 228 Legitimates Filtered in 00mn 03s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SR – | Auto 08/08/2012 239616 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 23/07/2012 105120 | (ASLDRService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
SR – | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe
SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
SR – | Auto 22/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SS – | Auto 18/01/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 18/01/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 26/12/2012 241016 | (McShield) . (.McAfee, Inc..) – C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe
SR – | Auto 26/12/2012 218320 | (mfefire) . (.McAfee, Inc..) – C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe
SR – | Auto 26/12/2012 182312 | (mfevtp) . (.McAfee, Inc..) – C:windowssystem32mfevtps.exe
SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
SS – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SS – | Demand 20/09/2012 29696 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 16s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by Florie Copon at 23/11/2013 15:03:08
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Florie Copon at 23/11/2013 15:03:10

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12996 – (22/11/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLMSoftwareGoogleChromeExtensionspflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^
C:UsersFlorie CoponAppDataLocalGoogleChromeUser DataDefaultExtensionspflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^
~ Additionnel Scan: 267019 Items scanned in 01mn 18s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
~ MSI: 2 link(s) detected in 01mn 18s

~ 1832 Legitimates filtered by white list
End of the scan (398 lines in 12mn 33s)(0)