Répondre à : Mon PC portable Win 7 rame trop… 2016-09-08T13:24:02+00:00
petronille
Participant
Nombre d'articles : 6

Bonsoir!
Ce fut long, mais voici les 3 rapports:

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

Version de la base de données: v2013.11.30.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Juliette PARE :: JULIETTEPARE-PC [administrateur]

07/12/2013 20:02:00
mbam-log-2013-12-07 (20-02-00).txt

Type d’examen: Examen complet (C:|D:|E:|)
Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d’examen désactivées: P2P
Elément(s) analysé(s): 533448
Temps écoulé: 2 heure(s), 22 minute(s), 30 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCUSoftwareDC3_FEXEC (Malware.Trace) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:UsersJuliette PAREAppDataLocalGoogleChromeUser DataDefaultExtensionsmphpbdjcljebbcnfopfngmfdackbbdgf (PUP.Optional.DealPly.A) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 6
C:$Recycle.BinS-1-5-21-864500274-4194195946-1973938589-1000$R26SQWZ.exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
C:$Recycle.BinS-1-5-21-864500274-4194195946-1973938589-1000$RCHEYJ0.exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
C:$Recycle.BinS-1-5-21-864500274-4194195946-1973938589-1000$RDGXDHC.exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
C:$Recycle.BinS-1-5-21-864500274-4194195946-1973938589-1000$RIIMTSS.exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
C:$Recycle.BinS-1-5-21-864500274-4194195946-1973938589-1000$RUG707K.exe (PUP.Optional.OutBrowse) -> Mis en quarantaine et supprimé avec succès.
C:AdwCleanerQuarantineCProgram Files (x86)PriceGonguninst.exe.vir (PUP.Optional.PriceGong.A) -> Mis en quarantaine et supprimé avec succès.

(fin)
# AdwCleaner v3.014 – Rapport créé le 07/12/2013 à 22:53:27
# Mis à jour le 01/12/2013 par Xplode
# Système d’exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d’utilisateur : Juliette PARE – JULIETTEPARE-PC
# Exécuté depuis : C:UsersJuliette PAREDesktopadwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : HKCUSoftwareSIEN SA
Clé Supprimée : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
Clé Supprimée : HKLMSOFTWAREClassesAppID{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Clé Supprimée : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Clé Supprimée : HKCUSoftwareFLEXnet

***** [ Navigateurs ] *****

-\ Internet Explorer v11.0.9600.16428

Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerSearchUrl [Default]
Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerSearchUrl [Default]

-\ Google Chrome v

[ Fichier : C:UsersJuliette PAREAppDataLocalGoogleChromeUser DataDefaultpreferences ]

*************************

AdwCleaner[R0].txt – [14436 octets] – [27/10/2013 13:13:57]
AdwCleaner[R1].txt – [1808 octets] – [07/12/2013 22:52:09]
AdwCleaner[S0].txt – [14024 octets] – [27/10/2013 13:14:55]
AdwCleaner[S1].txt – [1360 octets] – [07/12/2013 22:53:27]

########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [1420 octets] ##########
~ Rapport de ZHPDiag v2013.12.7.16 – Nicolas Coolman (07/12/2013)
~ Lancé par Juliette PARE (07/12/2013 23:01:58)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16428

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK

—\ Logiciels de protection du système
Kaspersky Internet Security v14.0.0.4651
Malwarebytes Anti-Malware version 1.75.0.1300
Sophos Anti-Rootkit 1.5.0 v1.5.0
Windows Defender W7

—\ Logiciels d’optimisation du système
CCleaner v3.11 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3948 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 24 GB (7%) free of 306 GB

—\ Mode de connexion au système
~ Computer Name: JULIETTEPARE-PC
~ User Name: Juliette PARE
~ All Users Names: Juliette PARE, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersJuliette PAREAppDataRoamingZHP
~ %AppData% : C:UsersJuliette PAREAppDataRoaming
~ %Desktop% : C:UsersJuliette PAREDesktop
~ %Favorites% : C:UsersJuliette PAREFavorites
~ %LocalAppData% : C:UsersJuliette PAREAppDataLocal
~ %StartMenu% : C:UsersJuliette PAREAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 24 Go of 306 Go)
D: Hard drive, Flash drive, Thumb drive (Free 367 Go of 368 Go)
E: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.E6CB36B85BE59095337427E853A5B65A] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.04/12/2013 – 22:22:14.) — C:WindowsSystem32wininet.dll [2332160]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/11187
~ Mes musiques (My Musics) : 1/7801
~ Mes Videos (My Videos) : 2/388
~ Mes Favoris (My Favorites) : 1/123
~ Mes Documents (My Documents) : 1/8740
~ Mon Bureau (My Desktop) : 1/15
~ Menu demarrer (Programs) : 1/44
~ Hidden Files: Scanned in 00mn 22s

—\ Processus lancés
[MD5.5BB1F77C8AF725A15EC9366498D275BB] – (.ASUS – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [5732992] [PID.1796]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] – (.Pas de propriétaire – ALU.) — C:Program Files (x86)ASUSASUS Live UpdateALU.exe [51768] [PID.2068]
[MD5.3ECCDD3FE310DD8F82D085447089ADB0] – (.ASUSTek Computer Inc. – ADSMTray.) — C:Program Files (x86)ASUSASUS Data Security ManagerADSMTray.exe [272952] [PID.2360]
[MD5.3C7704D641F4B986A1BB61BE8B8A90EA] – (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 14.0.0avpui.exe [992448] [PID.2604]
[MD5.5C396DDE6AAFFB64ABC0E0FD88F53553] – (.ASUS – AsScrPro.) — C:WindowsAsScrPro.exe [3054136] [PID.2764]
[MD5.57B4D34232852BFE4453BE571DF90D21] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe [103720] [PID.2924]
[MD5.C8A8321292A459B0A17FB39A782A5C74] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [806096] [PID.4220]
[MD5.BEE83619A26F90A6C8273F9CA9680397] – (.asus – ControlDeck.) — C:Program Files (x86)ASUSControlDeckControlDeck.exe [1080448] [PID.3192]
[MD5.D28CF84A1CD2E6D9BF91C50C589EE437] – (.Microsoft Corporation – Windows Live Messenger Companion User Eleva.) — C:Program Files (x86)Windows LiveCompanioncompanionuser.exe [54656] [PID.6020]
[MD5.C0F5728CCD08AB01D66646FA320A03F2] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8286208] [PID.4536]
~ Processes Running: Scanned in 00mn 01s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersJuliette PAREAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [bkomkajifikmkfnjgphkjcfeepbnojok] PriceGong v.5.6.12 (Désactivé) =>Adware.PriceGong
G2 – GCE: Preference [User DataDefault] [dchlnpcodkpfdpacogkljefecpegganj] Kaspersky URL Advisor v.14.0.0.4651 (Désactivé)
G2 – GCE: Preference [User DataDefault] [hakdifolhalapjijoafobooafbilfakh] Safe Money v.14.0.0.4651 (Désactivé)
G2 – GCE: Preference [User DataDefault] [hghkgaeecgjhjkannahfamoehjmkjail] Dangerous Websites Blocker v.14.0.0.4651 (Désactivé)
G2 – GCE: Preference [User DataDefault] [jagncdcchgajhfhijbbhecadmaiegcmh] Virtual Keyboard v.14.0.0.4794 (Désactivé)
G2 – GCE: Preference [User DataDefault] [khmbajnfeegpfichienonefldpjedofp] LyricsMonkey-15 v.1.25.20, (Activé) =>Adware.AddLyrics
G2 – GCE: Preference [User DataDefault] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Désactivé) =>PUP.CacaoWeb
G2 – GCE: Preference [User DataDefault] [mphpbdjcljebbcnfopfngmfdackbbdgf] DealPly Shopping v.3.5.0.0 (Activé) =>PUP.DealPly
G2 – GCE: Preference [User DataDefault] [pjldcfjmnllhmgjclecdnfampinooman] Anti-Banner v.14.0.0.4651 (Désactivé)
~ Google Browser: 28 Legitimates Filtered in 00mn 09s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 – FPN: [HKCU] [wacom.com/WacomTabletPlugin] – (…) — C:Program Files (x86)TabletPluginsnpWacomTabletPlugin.dll (.not file.)
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: ControlDeck.lnk . (…) — C:WindowsInstaller{5B65EF64-1DFA-414A-8C94-7BB726158E21}_0B77685198F1D245D7966D.exe
O4 – GSDesktop [Public]: Freemake Audio Converter.lnk . (.Freemake – Freemake Audio Converter.) — C:Program Files (x86)FreemakeFreemake Audio ConverterFreemakeAudioConverter.exe
O4 – GSDesktop [Public]: LifeFrame.lnk . (.ASUS – LifeFrame3.) — C:Program Files (x86)ASUSASUS LifeFrame3LifeFrame.exe
O4 – GSQuickLaunch [Juliette PARE]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [Juliette PARE]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSystemTools [Juliette PARE]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Juliette PARE]: DVD Shrink 3.2.lnk . (.DVD Shrink – DVD Shrink 3.2.) — C:Program Files (x86)DVD ShrinkDVD Shrink 3.2.exe
~ Global Startup: 62 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (…) — C:Program Files (x86)ASUSAsusVibeAsusVibeLauncher.exe
O4 – HKLM..Run: [ASUS WebStorage] . (…) — C:Program Files (x86)ASUSASUS WebStorageSERVICEAsusWSService.exe
O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersJuliette PAREAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKLM..Wow6432NodeRun: [UpdateLBPShortCut] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe
O4 – HKLM..Wow6432NodeRun: [UpdateP2GoShortCut] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-864500274-4194195946-1973938589-1000..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersJuliette PAREAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: Virtual Keyboard [64Bits] – {0C4CC089-D306-440D-9772-464E226F6539} . (…) — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 14.0.0kbrd.ico
O9 – Extra button: Skype Click to Call [64Bits] – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (…) — c:program files (x86)skypetoolbarsinternet explorer x64icon.ico
O9 – Extra button: URLs check [64Bits] – {CCF151D8-D089-449F-A5A4-D9909053F20F} . (…) — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 14.0.0logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{110A9AEE-4D85-4709-9D29-20E6B5599702}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCCSServicesTcpip..{AD566B18-FDA0-431D-AA51-05D3545FC434}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{110A9AEE-4D85-4709-9D29-20E6B5599702}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCS1ServicesTcpip..{AD566B18-FDA0-431D-AA51-05D3545FC434}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{110A9AEE-4D85-4709-9D29-20E6B5599702}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCS2ServicesTcpip..{AD566B18-FDA0-431D-AA51-05D3545FC434}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807553E5-5146-11D5-A672-00B0D022E945} . (…) —
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: CEP – Color Enable Package – (.Numenor, for ModTheSims2.) [HKLM][64Bits] — CEP – Colour Enable Packages_is1
O42 – Logiciel: Les Sims™ 2 Au fil des saisons – (…) [HKLM][64Bits] — {DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}
~ Logic: 28 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 23/08/2012 – 16:30:22 – [0] —-D C:Program Files (x86)Pando Networks
O43 – CFD: 03/12/2013 – 19:52:58 – [0] -SH-D C:ProgramData{$4767-3428-6360-6699$}
O43 – CFD: 01/11/2013 – 11:37:28 – [0] —-D C:UsersJuliette PAREAppDataRoamingdata
~ 1006 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1217 Legitimates Filtered in 00mn 39s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 04/12/2013 – 22:22:14 —A- . (…) — C:WindowsSystem32ieuinit.inf [16284]
O44 – LFC:[MD5.78FB098146F57A66B3676E626A3B013F] – 04/12/2013 – 22:29:05 —A- . (…) — C:WindowsIE11_main.log [14026]
~ Files: 68 Legitimates Filtered in 00mn 08s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.6FA19BB511CE029B932607A17E2F532E] – 02/12/2013 – 19:33:27 —A- – C:WindowsPrefetchQVNDH.EXE-0F7C4996.pf
O45 – LFCP:[MD5.43D4AFCF6F78C35FB810F2F7E9D6334B] – 03/12/2013 – 19:45:07 —A- – C:WindowsPrefetchNLUUX.EXE-04DEEBB1.pf
O45 – LFCP:[MD5.9C549D6370D16ADE2EBB146426C78453] – 04/12/2013 – 21:26:56 —A- – C:WindowsPrefetchDVDFABDVD2DVD.EXE-D7999F3E.pf
O45 – LFCP:[MD5.52A43BE3413EC7833F9387A6AF1DE380] – 04/12/2013 – 21:26:56 —A- – C:WindowsPrefetchDVDFABDVD2MOBILE.EXE-90D862A8.pf
O45 – LFCP:[MD5.AC72C2E7EF9C2E6BF77B22726494F187] – 04/12/2013 – 21:26:57 —A- – C:WindowsPrefetchDVDFABADDONBLURAY.EXE-CF2C36A9.pf
O45 – LFCP:[MD5.9DE902D24EF89DDDE2B0E8637B665A6C] – 04/12/2013 – 21:26:57 —A- – C:WindowsPrefetchDVDFABADDONDVD.EXE-B5C0FC44.pf
O45 – LFCP:[MD5.A14571B3F49FFB257BDF7AFDE01ACDA4] – 04/12/2013 – 21:27:03 —A- – C:WindowsPrefetchDVDFAB.EXE-AEE02768.pf
O45 – LFCP:[MD5.63B876CE563326EB1E98FF4D959B9E17] – 07/12/2013 – 22:53:53 —A- – C:WindowsPrefetchAVPUI.EXE-948C63A2.pf
O45 – LFCP:[MD5.C3FC7462703B4577B2A404C06D9441E2] – 07/12/2013 – 22:56:04 —A- – C:WindowsPrefetchEEESTORAGEUPLOADER.EXE-1175A164.pf
O45 – LFCP:[MD5.20149700FC30AF0F2CB7799773249329] – 07/12/2013 – 22:59:58 —A- – C:WindowsPrefetchFREEMAKEERRORREPORTER.EXE-7CA8C7FD.pf
O45 – LFCP:[MD5.1A07FED470475C93E4223D22ECECD0E0] – 18/11/2013 – 18:02:33 —A- – C:WindowsPrefetch31.0.1650.57_30.0.1599.101_CH-86D014C0.pf
O45 – LFCP:[MD5.F47C36A682B67331E99385E1A8BC826A] – 20/11/2013 – 21:35:26 —A- – C:WindowsPrefetchASLDRSRV.EXE-ABD7E892.pf
O45 – LFCP:[MD5.83CA1C86AB17B68973450C0181818E4C] – 25/11/2013 – 13:05:18 —A- – C:WindowsPrefetchGETSYSTEMINFO.EXE-B126C5AE.pf
O45 – LFCP:[MD5.6EFE94F7FBB86FD3158FB29F99D25C5C] – 26/11/2013 – 20:01:27 —A- – C:WindowsPrefetchKLDW.EXE-3C96089B.pf
~ Prefetcher: 142 Legitimates Filtered in 00mn 00s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{a465802a-7f3f-11e1-8b93-f46d04c1f98c}AutoRuncommand. (…) — F:LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 – SMSR:HKLM…startupregfilezila [Key] . (…) — C:UsersJuliette PAREXVXXZDRKCDYKQOI-HMGYH-JPDJSKXLPP.vbe (.not file.)
~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] – 27/07/2013 – 06:05:35 —A- . (…) — C:WindowsSystem32DriversaswSnx.sys.sum [175]
O58 – SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] – 27/07/2013 – 06:05:35 —A- . (…) — C:WindowsSystem32DriversaswSP.sys.sum [175]
O58 – SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] – 27/07/2013 – 06:05:35 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys.sum [175]
O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
O58 – SDL:[MD5.0975BF32399A24117E317B5BF1D5D0AA] – 13/04/2010 – 11:15:04 —A- . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:WindowsSystem32DriversETD.sys [135560]
O58 – SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] – 10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
O58 – SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] – 20/07/2009 – 10:29:40 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [15416]
O58 – SDL:[MD5.1CDADE078F46F10919F21E08E22D227D] – 29/12/2008 – 10:14:28 —A- . (.Pas de propriétaire – USBCAMD for Sonix UVC.) — C:WindowsSystem32Driverssncduvc.sys [35456]
O58 – SDL:[MD5.2114518E55B380A3ACC28B2C27FD499A] – 20/08/2009 – 03:41:38 —A- . (.Pas de propriétaire – UVC Camera Streaming Driver.) — C:WindowsSystem32Driverssnp2uvc.sys [1800192]
O58 – SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] – 14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 01mn 08s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 04/12/2013 – 23:05:14 —A- . (…) — C:UsersJuliette PAREAppDataLocalGoogleUpdateDownload{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}31.0.1650.6331.0.1650.63_31.0.1650.57_chrome_updater.exe [1751392]
O61 – LFC: 07/12/2013 – 23:05:17 —A- . (…) — C:UsersJuliette PAREAppDataRoamingZHPLog.txt [18868] =>.Nicolas Coolman
O61 – LFC: 07/12/2013 – 23:05:17 —A- . (…) — C:UsersJuliette PAREAppDataRoamingZHPTestsZHPDiag.txt [3068] =>.Nicolas Coolman
~ 38 Fichiers temporaires (Temporary files)
~ Files: 209 Legitimates Filtered in 00mn 17s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:UsersJuliette PAREAppDataLocalGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.90E1D86D979B92738A47D7072CB22DA8] [SPRF][07/07/2010] (…) — C:ProgramDataFullRemove.exe [131472]
[MD5.B9D9E455FDC04E6D10C0C143CFC02796] [SPRF][27/10/2013] (…) — C:ProgramDatantuser.dat [262144]
[MD5.28FC891FBC5BBBB31667417AB87D8D17] [SPRF][01/12/2013] (…) — C:UsersJuliette PAREAppDataLocalTempQuarantine.exe [355227]
[MD5.BCFC21ED879329CCA1ED2CE08EF8C76C] [SPRF][03/11/2013] (…) — C:UsersJuliette PAREAppDataLocalTemp__PDFCORE_FMP.dat [126829]
[MD5.D8B8458E0DD40A8D95BB270DD172B9D1] [SPRF][02/11/2013] (…) — C:UsersJuliette PAREAppDataRoamingaudioh.exe [40928]
[MD5.5CE10688C6671AE9AFC20B09376E8AB2] [SPRF][07/12/2013] (…) — C:UsersJuliette PAREDesktopadwcleaner.exe [1110034]
[MD5.DE7E5F3285B9A3A55E2C247EB1AF76E6] [SPRF][19/08/2006] (…) — C:UsersJuliette PAREDesktopSeeThem2.exe [250880]
~ Files: 11 Legitimates Filtered in 00mn 05s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SS – | Auto 25/07/2011 135664 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 25/07/2011 135664 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 18/06/2009 6144 | (MEMSWEEP2) . (.Sophos Plc.) – C:Windowssystem325F22.tmp
SS – | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe

SR – | Demand 31/03/2008 225280 | (ADSMService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSASUS Data Security ManagerADSMSrv.exe
SR – | Auto 30/11/2010 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) – C:Windowssystem32FBAgent.exe
SR – | Auto 11/08/2010 203264 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
SR – | Auto 15/12/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
SR – | Auto 08/10/2013 214512 | (AVP) . (.Kaspersky Lab ZAO.) – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 14.0.0avp.exe
SR – | Auto 16/10/2013 106496 | (Freemake Improver) . (.Freemake.) – C:ProgramDataFreemakeFreemakeUtilsServiceFreemakeUtilsService.exe
SR – | Auto 15/08/2012 8704 | (HiPatchService) . (.Hi-Rez Studios.) – C:Program Files (x86)Hi-Rez StudiosHiPatchService.exe
SR – | Auto 01/10/2009 262144 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) – C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe
SR – | Auto 01/10/2009 2314240 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

~ Services: Scanned in 00mn 25s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by Juliette PARE at 07/12/2013 23:06:32
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Juliette PARE at 07/12/2013 23:06:34

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 13011 – (07/12/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 0

[HKLMSoftwareGoogleChromeExtensionsbkomkajifikmkfnjgphkjcfeepbnojok] =>Adware.PriceGong^
[HKLMSoftwareGoogleChromeExtensionskhmbajnfeegpfichienonefldpjedofp] =>Adware.AddLyrics^
[HKLMSoftwareGoogleChromeExtensionsleahdjjpjmnamomgpojikeapflgbmjab] =>PUP.CacaoWeb^
[HKLMSoftwareGoogleChromeExtensionsmphpbdjcljebbcnfopfngmfdackbbdgf] =>PUP.DealPly^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
C:UsersJuliette PAREAppDataLocalGoogleChromeUser DataDefaultExtensionsbkomkajifikmkfnjgphkjcfeepbnojok =>Adware.PriceGong^
C:UsersJuliette PAREAppDataLocalGoogleChromeUser DataDefaultExtensionskhmbajnfeegpfichienonefldpjedofp =>Adware.AddLyrics^
C:UsersJuliette PAREAppDataLocalGoogleChromeUser DataDefaultExtensionsleahdjjpjmnamomgpojikeapflgbmjab =>PUP.CacaoWeb^
C:UsersJuliette PAREAppDataLocalGoogleChromeUser DataDefaultExtensionsmphpbdjcljebbcnfopfngmfdackbbdgf =>PUP.DealPly^
~ Additionnel Scan: 267709 Items scanned in 00mn 19s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong” onclick=”window.open(this.href);return false; =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply” onclick=”window.open(this.href);return false; =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
~ MSI: 5 link(s) detected in 00mn 19s

~ 2657 Legitimates filtered by white list
End of the scan (431 lines in 04mn 55s)(0)