angelex
Participant
Nombre d'articles : 2

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : HMFD6
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W8

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Reader X
Java 7 Update 51

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3980 MB (20% free)
System Restore: Activé (Enable)
System drive C: has 11 GB (10%) free of 97 GB

—\ Mode de connexion au système
~ Computer Name: PC-ALEX
~ User Name: alexandra
~ All Users Names: HomeGroupUser$, alexandra, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersalexandraAppDataRoamingZHP
~ %AppData% : C:UsersalexandraAppDataRoaming
~ %Desktop% : C:UsersalexandraDesktop
~ %Favorites% : C:UsersalexandraFavorites
~ %LocalAppData% : C:UsersalexandraAppDataLocal
~ %StartMenu% : C:UsersalexandraAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 11 Go of 97 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiSpywareOverride: OK
[HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiVirusOverride: OK
[HKLMSOFTWAREMicrosoftSecurity CenterSvc] FirewallOverride: OK
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN] CheckedValue: OK
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL] CheckedValue: OK
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: OK
[HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] Shell: OK
[HKLMSYSTEMCurrentControlSetServicesCOMSysApp] Type: OK
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : OK
~ Security Center: 46 Scanned in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] – (.Microsoft Corporation – Explorateur Windows.) (.01/06/2013 – 12:34:21.) — C:WindowsExplorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Application de démarrage de Windows.) (.26/07/2012 – 04:08:50.) — C:WindowsSystem32Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.07/03/2014 – 01:08:30.) — C:WindowsSystem32wininet.dll [2240000]
[MD5.BCF2036A0DD579E47C008C133550283E] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11/10/2012 – 06:46:58.) — C:WindowsSystem32Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Bibliothèque de licences.) (.26/07/2012 – 04:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.04/09/2013 – 04:11:23.) — C:Windowssystem32DriversAFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.26/07/2012 – 06:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.26/07/2012 – 03:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.26/07/2012 – 03:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.16/01/2014 – 00:42:58.) — C:Windowssystem32DriversDfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/09/2012 – 07:08:44.) — C:Windowssystem32DriversHDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Pilote de port i8042.) (.26/07/2012 – 03:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.26/07/2012 – 03:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.05/02/2013 – 23:29:09.) — C:Windowssystem32DriversMRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.26/07/2012 – 03:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.27/01/2014 – 04:39:40.) — C:Windowssystem32Driversntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Pilote de port parallèle.) (.26/07/2012 – 03:29:53.) — C:Windowssystem32DriversParport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.26/07/2012 – 03:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 – 03:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.26/07/2012 – 06:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.01/06/2013 – 12:26:33.) — C:Windowssystem32Driversvolsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/3
~ Mes Videos (My Videos) : 1/7
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 2/1047
~ Mon Bureau (My Desktop) : 1/5
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.41AD6110110A2E89957F831DCBFAF892] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6963512] [PID.3572]
[MD5.5E734DBA04A51E54352B6AF821CA8B86] – (.Samsung Electronics CO., LTD. – Settings.) — C:Program Files (x86)SamsungSettingssSettings.exe [2624048] [PID.5000]
[MD5.AE29724E282EDBE7D0F49E9982642EFD] – (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe [97392] [PID.4228]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4656]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [841032] [PID.3724]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] – (.Oracle Corporation – Java(TM) Update Checker.) — C:Program Files (x86)Common FilesJavaJava Updatejucheck.exe [507264] [PID.4396]
[MD5.405A2343A4A4337EA221603D69D8061A] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8217088] [PID.3076]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersalexandraAppDataLocalGoogleChromeUser DataDefaultPreferences
G1 – GCS: Preference [User DataDefault] None
G2 – GCE: Preference [User DataDefault] [ahfgeienlihckogmohjhadlkjgocpleb] Google Store v.0.2 (Activé)
G2 – GCE: Preference [User DataDefault] [aohghmighlieiainnegkcijnfilokake] Documents Google v.0.5 (Activé)
G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 – GCE: Preference [User DataDefault] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.6 (Activé)
G2 – GCE: Preference [User DataDefault] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.20 (Activé)
G2 – GCE: Preference [User DataDefault] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 – GCE: Preference [User DataDefault] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
G2 – GCE: Preference [User DataDefault] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 – GCE: Preference [User DataDefault] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)

—\ Liste des dossiers d’extension Google Chrome
G2 – EXT: C:UsersalexandraAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [Documents Google]
G2 – EXT: C:UsersalexandraAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [Google Drive]
G2 – EXT: C:UsersalexandraAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [YouTube]
G2 – EXT: C:UsersalexandraAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [Recherche Google]
G2 – EXT: C:UsersalexandraAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
G2 – EXT: C:UsersalexandraAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [Gmail]

~ Google Lines Browser: 21 Scanned in 00mn 01s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 – FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] – (.Microsoft Corporation – Office Authorization plug-in for NPAPI browsers.) — C:Program FilesMicrosoft OfficeOffice14NPAUTHZ.dll
P2 – FPN: [HKCU] [@tools.google.com/Google Update;version=3] – (.Google Inc. – Google Update.) — C:UsersalexandraAppDataLocalGoogleUpdate1.3.23.9npGoogleUpdate3.dll
P2 – FPN: [HKCU] [@tools.google.com/Google Update;version=9] – (.Google Inc. – Google Update.) — C:UsersalexandraAppDataLocalGoogleUpdate1.3.23.9npGoogleUpdate3.dll
~ Firefox Browser: 3 Scanned in 00mn 00s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com” onclick=”window.open(this.href);return false;
R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com” onclick=”window.open(this.href);return false;
R0 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com” onclick=”window.open(this.href);return false;
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com” onclick=”window.open(this.href);return false;
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com” onclick=”window.open(this.href);return false;
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com” onclick=”window.open(this.href);return false;
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com” onclick=”window.open(this.href);return false;
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Extensions Off Page = about:noadd-ons
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Security Risk Page = about:securityrisk
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com” onclick=”window.open(this.href);return false;
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com” onclick=”window.open(this.href);return false;
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerAboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm” onclick=”window.open(this.href);return false;
R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerAboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm” onclick=”window.open(this.href);return false;
R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com” onclick=”window.open(this.href);return false;
R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com” onclick=”window.open(this.href);return false;
R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com” onclick=”window.open(this.href);return false;
R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Extensions Off Page = about:noadd-ons
R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Security Risk Page = about:securityrisk
R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com” onclick=”window.open(this.href);return false;
R3 – URLSearchHook: Microsoft Url Search Hook [64Bits] – {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation – Navigateur Internet.) (10.00.9200.16384 (win8_rtm.120725-1247)) — C:WindowsSysWOW64ieframe.dll
~ IE Browser: 20 Scanned in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Browser Helper Objects de navigateur (O2)
O2 – BHO: AcroIEHelperStub [64Bits] – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated – Adobe PDF Helper for Internet Explorer.) — C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 – BHO: Groove GFS Browser Helper [64Bits] – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation – Microsoft SharePoint Workspace Extensions.) — C:Program Files (x86)Microsoft OfficeOffice14GROOVEEX.dll
O2 – BHO: Java(tm) Plug-In SSV Helper [64Bits] – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation – Java(TM) Platform SE binary.) — C:Program Files (x86)Javajre7binssv.dll
O2 – BHO: URLRedirectionBHO [64Bits] – {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation – Microsoft Office Document Cache Handler.) — C:Program Files (x86)Microsoft OfficeOffice14URLREDIR.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] – {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation – Java(TM) Platform SE binary.) — C:Program Files (x86)Javajre7binjp2ssv.dll
~ BHO: 7 Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSDesktop [Public]: LyX 2.0.lnk . (…) — C:Program Files (x86)LyX 2.0binLyX.exe
O4 – GSDesktop [Public]: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe
O4 – GSProgram [Public]: Adobe Photoshop Elements 11.lnk . (.Adobe Systems Incorporated – Adobe Photoshop Elements 11.) — C:Program Files (x86)AdobeElements 11 OrganizerPhotoshop Elements 11.0.exe =>.Adobe Systems Incorporated
O4 – GSProgram [Public]: Adobe Reader X.lnk . (…) — C:windowsInstaller{AC76BA86-7AD7-FFFF-7B44-AA0000000001}SC_Reader.ico
O4 – GSProgram [Public]: Browser Choice.lnk . (…) — C:WINDOWSBrowserChoicehtmldefault.html
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSProgram [Public]: Intel(R) WiDi.lnk . (…) — C:Program Files (x86)Intel CorporationIntel WiDiWiDiApp.exe (.not file.)
O4 – GSProgram [Public]: Microsoft Office.lnk . (…) — C:windowsInstaller{95140000-0070-0000-0000-0000000FF1CE}oobeicon.exe
O4 – GSProgram [Public]: Movie Maker.lnk . (.Microsoft Corporation – Movie Maker.) — C:Program Files (x86)Windows LivePhoto GalleryMovieMaker.exe =>.Microsoft Corporation
O4 – GSProgram [Public]: Photo Gallery.lnk . (.Microsoft Corporation – Photo Gallery.) — C:Program Files (x86)Windows LivePhoto GalleryWLXPhotoGallery.exe =>.Microsoft Corporation
O4 – GSProgram [Public]: Windows Store.lnk . (…) — C:WINDOWSWinStoreWinStore.htm
O4 – GSAccessories [Public]: Calculator.lnk . (.Microsoft Corporation – Calculatrice de Windows.) — C:WINDOWSsystem32calc.exe =>.Microsoft Corporation
O4 – GSAccessories [Public]: Math Input Panel.lnk . (…) — C:Program Files (x86)Common FilesMicrosoft SharedInkmip.exe (.not file.)
O4 – GSAccessories [Public]: Paint.lnk . (.Microsoft Corporation – Paint.) — C:WINDOWSsystem32mspaint.exe =>.Microsoft Corporation
O4 – GSAccessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation – Connexion Bureau à distance.) — C:WINDOWSsystem32mstsc.exe =>.Microsoft Corporation
O4 – GSAccessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation – Outil Capture d’écran.) — C:WINDOWSsystem32SnippingTool.exe =>.Microsoft Corporation
O4 – GSAccessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation – Magnétophone Windows.) — C:WINDOWSsystem32SoundRecorder.exe =>.Microsoft Corporation
O4 – GSAccessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation – Enregistreur d’actions.) — C:WINDOWSsystem32psr.exe =>.Microsoft Corporation
O4 – GSAccessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation – Pense-bête.) — C:WINDOWSsystem32StikyNot.exe =>.Microsoft Corporation
O4 – GSAccessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation – Microsoft Windows Fax and Scan.) — C:WINDOWSsystem32WFS.exe =>.Microsoft Corporation
O4 – GSAccessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program Files (x86)Windows Media Playerwmplayer.exe =>.Microsoft Corporation
O4 – GSAccessories [Public]: Wordpad.lnk . (.Microsoft Corporation – Application Windows Wordpad.) — C:Program Files (x86)Windows NTAccessorieswordpad.exe =>.Microsoft Corporation
O4 – GSAccessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation – Visionneuse XPS.) — C:WINDOWSsystem32xpsrchvw.exe =>.Microsoft Corporation
O4 – GSSystemTools [Public]: Character Map.lnk . (.Microsoft Corporation – Table des caractères.) — C:WINDOWSsystem32charmap.exe =>.Microsoft Corporation
O4 – GSQuickLaunch [alexandra]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [alexandra]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [alexandra]: File Explorer.lnk . (…) — C:UsersalexandraAppDataRoamingMicrosoftWindowsLibraries
O4 – GSTaskBar [alexandra]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSTaskBar [alexandra]: User Guide.lnk . (.Samsung Electronics CO,. LTD. – Runmanual.) — C:Program Files (x86)SamsungUser GuideRunManual.exe
O4 – GSProgram [alexandra]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSAccessories [alexandra]: Notepad.lnk . (.Microsoft Corporation – Bloc-notes.) — C:WINDOWSsystem32notepad.exe =>.Microsoft Corporation
O4 – GSDesktop [alexandra]: Chromecast.lnk . (.Google – ChromecastApp.) — C:UsersalexandraAppDataLocalGoogleChromecastChromecastApp.exe
O4 – GSDesktop [alexandra]: UsbFix.lnk . (…) — C:UsbFixUsbFix.exe
O4 – GSDesktop [alexandra]: ZHPDiag.lnk . (.Nicolas Coolman – ZHPDiag Setup.) — C:Program Files (x86)ZHPDiagZHPhep.exe =>.Nicolas Coolman
O4 – GSDesktop [alexandra]: ZHPFix.lnk . (.Nicolas Coolman – ZHPDiag Setup.) — C:Program Files (x86)ZHPDiagZHPFixZHPhep.exe =>.Nicolas Coolman
~ Global Startup: 36 Scanned in 00mn 00s

—\ Applications lancées au démarrage du système (O4)
O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [RtHDVBg] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
O4 – HKLM..Run: [RtHDVBg_SRSSA] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:windowssystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:windowssystem32igfxpers.exe
O4 – HKLM..Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. – Bluetooth Shell Extension.) — C:Program Files (x86)IntelBluetoothbtmshellex.dll
O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersalexandraAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [Intel AppUp(SM) center] . (.Intel Corporation – Intel Services Manager.) — C:Program Files (x86)IntelIntelAppStorebinismagent.exe
O4 – HKLM..Wow6432NodeRun: [RemoteControl10] . (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1696205027-49635444-304707573-1001..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersalexandraAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
~ Application: Scanned in 00mn 00s

—\ Invisibilité de l’icône d’options IE dans le panneau de Configuration (O5)
O5 – control.ini: [HKLM..Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: Se&nd to OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~1Office14ONBttnIE.dll (.not file.)
O9 – Extra button: OneNote Lin&ked Notes [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~1Office14ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Winsock hijacker (Layered Service Provider) (O10)
O10 – WLSP:00000000001Winsock LSP File . (.Microsoft Corporation – Fournisseur Shim d’affectation de noms de messagerie.) — C:WINDOWSsystem32napinsp.dll
O10 – WLSP:00000000002Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:WINDOWSsystem32pnrpnsp.dll
O10 – WLSP:00000000003Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:WINDOWSsystem32pnrpnsp.dll
O10 – WLSP:00000000004Winsock LSP File . (.Microsoft Corporation – Network Location Awareness 2.) — C:WINDOWSsystem32NLAapi.dll
O10 – WLSP:00000000005Winsock LSP File . (.Microsoft Corporation – Fournisseur de service Sockets 2.0 de Microsoft Windows.) — C:WINDOWSsystem32mswsock.dll =>.Microsoft Corporation
O10 – WLSP:00000000006Winsock LSP File . (.Microsoft Corporation – LDAP RnR Provider DLL.) — C:WINDOWSsystem32winrnr.dll
O10 – WLSP:00000000007Winsock LSP File . (.Microsoft Corporation – Windows Sockets Helper DLL.) — C:WINDOWSsystem32wshbth.dll
~ Winsock: 7 Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{7B90A9AC-62DC-4863-8A7E-0ADB3D18301C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{7B90A9AC-62DC-4863-8A7E-0ADB3D18301C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) . (.Adobe Systems Incorporated – Adobe Photoshop Elements 11.0 (component).) – C:Program Files (x86)AdobeElements 11 OrganizerPhotoshopElementsFileAgent.exe =>.Adobe Systems Incorporated
O23 – Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
O23 – Service: (AMD External Events Utility) . (.AMD – AMD External Events Service Module.) – C:WindowsSystem32atiesrxx.exe
O23 – Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) . (.Intel Corporation – Intel® Centrino® Wireless Bluetooth® + High.) – C:Program FilesIntelBluetoothHSBTHSAmpPalService.exe
O23 – Service: Bluetooth Device Monitor (Bluetooth Device Monitor) . (.Motorola Solutions, Inc. – Bluetooth Device Monitor.) – C:Program Files (x86)IntelBluetoothdevmonsrv.exe

O61 – LFC: 17/04/2014 – 14:38:01 —A- . (…) — C:UsersalexandraAppDataRoamingSASEnhancedEditorEnregistrement automatique de memoire2_{9FEB7D3B-78F2-4083-A0CB-7ABD597F337
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 28/08/2013 3378416 | (ZeroConfigService) . (.Intel® Corporation.) – C:Program FilesIntelWiFibinZeroConfigService.exe

~ Services: Scanned in 00mn 17s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by alexandra at 17/04/2014 14:40:04
~ OS 64 not supported by MBR tool

~ MBR: 0 Scanned in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by alexandra at 17/04/2014 14:40:06

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 13044 – (16/04/2014)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 2

[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallPlants vs. Zombies] =>Adware.PopCap^
[HKLMSoftwareWow6432NodeClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLMSoftwareClassesAppIDesrv.EXE] =>PUP.Babylon
[HKCUSoftwareAppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLMSoftwareWow6432Node{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLMSoftwareClassesAppIDescorTlbr.DLL] =>PUP.Funmoods
[HKLMSoftwareWow6432NodeClassesAppIDescorTlbr.DLL] =>PUP.Funmoods
C:Program Files (x86)PopCap Games =>Adware.PopCap^
C:ProgramDataPopCap Games =>Adware.PopCap^
[HKCUSoftwarePopCap] =>Adware.PopCap^
[HKLMSoftwareWow6432NodePopCap] =>Adware.PopCap^
~ Additionnel Scan: 341072 Items scanned in 00mn 42s

—\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/26666257-adware-popcap” onclick=”window.open(this.href);return false; =>Adware.PopCap
http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup” onclick=”window.open(this.href);return false; =>PUP.MyPCBackup
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro” onclick=”window.open(this.href);return false; =>PUP.OptimizerPro
http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods” onclick=”window.open(this.href);return false; =>PUP.Funmoods
~ MSI: 7 link(s) detected in 00mn 00s

End of the scan (1840 lines in 03mn 59s)(0)

est -il malade ? :)