Répondre à : Ordinateur lent 2016-09-08T13:35:47+00:00
Photo du profil de pomm_94pomm_94
Participant
Nombre d'articles : 1

dernier rapport :merci2:

[spoiler:srb100rr]{~ Rapport de ZHPDiag v2014.4.21.36 – Nicolas Coolman (21/04/2014)
~ Lancé par constance (22/04/2014 00:18:56)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16659
GCIE: Google Chrome v34.0.1847.116 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : KD4D6
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Avira Free Antivirus v14.0.3.350
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W8

—\ Logiciels d'optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Reader X MUI

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3981 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 105 GB (56%) free of 186 GB

—\ Mode de connexion au système
~ Computer Name: POM
~ User Name: constance
~ All Users Names: HomeGroupUser$, constance, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersconstanceAppDataRoamingZHP
~ %AppData% : C:UsersconstanceAppDataRoaming
~ %Desktop% : C:UsersconstanceDesktop
~ %Favorites% : C:UsersconstanceFavorites
~ %LocalAppData% : C:UsersconstanceAppDataLocal
~ %StartMenu% : C:UsersconstanceAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 105 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] – (.Microsoft Corporation – Explorateur Windows.) (.14/11/2013 – 08:37:16.) — C:WindowsExplorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] – (.Microsoft Corporation – Application de démarrage de Windows.) (.22/08/2013 – 10:58:29.) — C:WindowsSystem32Wininit.exe [144384]
[MD5.DF79CE9B950C62677D232154E93A81C7] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.01/03/2014 – 04:10:28.) — C:WindowsSystem32wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.22/08/2013 – 10:55:08.) — C:WindowsSystem32Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/12/2013 – 09:54:07.) — C:WindowsSystem32sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32DriversAFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.22/08/2013 – 13:43:41.) — C:Windowssystem32Driversatapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] – (.Microsoft Corporation – CD-ROM File System Driver.) (.22/08/2013 – 12:40:15.) — C:Windowssystem32DriversCdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.22/08/2013 – 09:46:35.) — C:Windowssystem32DriversCdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.22/08/2013 – 12:38:00.) — C:Windowssystem32DriversDfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.22/08/2013 – 12:38:38.) — C:Windowssystem32DriversHDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] – (.Microsoft Corporation – Pilote de port i8042.) (.22/08/2013 – 12:39:15.) — C:Windowssystem32Driversi8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] – (.Microsoft Corporation – IP Network Address Translator.) (.27/11/2013 – 13:02:29.) — C:Windowssystem32DriversIpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.23/11/2013 – 08:08:19.) — C:Windowssystem32DriversMRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] – (.Microsoft Corporation – MBT Transport driver.) (.22/08/2013 – 12:37:02.) — C:Windowssystem32DriversnetBT.sys [282624]
[MD5.725EF69B2DBEB7B33280019A556201BC] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.10/03/2014 – 11:35:58.) — C:Windowssystem32Driversntfs.sys [2008408]
[MD5.764B1121867B2D9B31C491668AC72B2B] – (.Microsoft Corporation – Pilote de port parallèle.) (.22/08/2013 – 12:40:02.) — C:Windowssystem32DriversParport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.22/08/2013 – 12:35:51.) — C:Windowssystem32DriversRasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 – 08:16:40.) — C:Windowssystem32Driversrdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] – (.Microsoft Corporation – TDI Translation Driver.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32Driverstdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.31/01/2014 – 17:15:23.) — C:Windowssystem32Driversvolsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 06s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4334
~ Mes musiques (My Musics) : 2/30
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 6/30
~ Mon Bureau (My Desktop) : 2/226
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 21s

—\ Processus lancés
[MD5.41AD6110110A2E89957F831DCBFAF892] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6963512] [PID.2596]
[MD5.C570FD825751F7805CE226F68C4605DE] – (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe [54488] [PID.1392]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1124032] [PID.2884]
[MD5.C81E206D2DDBD18396506C2978F2C6BA] – (…) — C:Program Files (x86)ASUSSplendidColorUService.exe [171224] [PID.2932]
[MD5.25A7E7174C622D3B8D0D2681EE87E4FA] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe [20792] [PID.3564]
[MD5.2F03C763EE0DFB4DE56176737DEFB2E2] – (.Microsoft Corporation – Touch Keyboard and Handwriting Panel Helper.) — C:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exe [21184] [PID.3204]
[MD5.DB0C938BC311B31CF90C13821AE682B3] – (.ASUSTeK Computer Inc. – ASUS Live Update.) — C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe [1559936] [PID.3232]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [841032] [PID.2196]
[MD5.B9562F200149C64CC53D47F969CEA6C3] – (.Microsoft Corporation – Hôte Microsoft WWA.) — C:WINDOWSsyswow64wwahost.exe [518656] [PID.1316]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] – (.ASUSTek Computer Inc. – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [205184] [PID.5292]
[MD5.2D32F0EF950AED6AD007D042676FD39E] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [328064] [PID.5396]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] – (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe [59720] [PID.4592]
[MD5.799BCC829F48F19C5689478179060435] – (.Apple Inc. – Apple Photostreams Uploader Executable.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe [59720] [PID.5308]
[MD5.343E19B2F141B65FA1723385C664F861] – (.Spotify Ltd – Spotify.) — C:UsersconstanceAppDataRoamingSpotifyspotify.exe [6087224] [PID.5972]
[MD5.F6041A72058ADD22166C31B5FD5E919C] – (.Spotify Ltd – SpotifyWebHelper.) — C:UsersconstanceAppDataRoamingSpotifyDataSpotifyWebHelper.exe [1171000] [PID.3260]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] – (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe [228552] [PID.5728]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [932288] [PID.6176]
[MD5.47833576F0BEE0AD7B45109982B769BD] – (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleInternet ServicesAPSDaemon.exe [59720] [PID.6896]
[MD5.2362B857693DA580E04ECE28F7D67E7E] – (.ASUSTek Computer Inc. – ASUS Product Register Program.) — C:Program Files (x86)ASUSAPRPaprp.exe [3187360] [PID.6356]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] – (.Avira Operations GmbH & Co. KG – Antivirus System Tray Tool (Desktop).) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe [689744] [PID.3252]
[MD5.BAF535F843A3E790E04A7613811B55BC] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.7124]
[MD5.6368A4CF33B29665A504ABC2EA4D8385] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [7938048] [PID.6912]
[MD5.5777523CDDD178ECFE1BBDB7A3F2D6CF] – (…) — C:UsersconstanceAppDataRoamingSpotifyDataSpotifyHelper.exe [602680] [PID.6776]
~ Processes Running: Scanned in 00mn 02s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultPreferences
G0 – GCSP: Preference [User DataDefault][HomePage] http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 – GCE: Preference [User DataDefault] [gphjehcgndcjccmghmjmeeabfecdiilm] 1ClickMovie-Download V9.0 v.1.26.39, (Activé)
G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 – GCE: Preference [User DataDefault] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.2.3, (Désactivé) =>PUP.QuickStart

—\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 21s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSDesktop [Public]: Waves MAXXAudio.lnk . (…) — C:Program Files (x86)RealtekAudioHDAMaxxAudioControl64.exe (.not file.)
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSQuickLaunch [constance]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [constance]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSTaskBar [constance]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSTaskBar [constance]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [constance]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Global Startup: 48 Legitimates Filtered in 00mn 05s

—\ Applications lancées au démarrage du système (O4)
O4 – GSStartup [constance]: OneNote 2010 – Capture d’écran et lancement.lnk . (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe =>.Microsoft Corporation
O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [RtHDVBg] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
O4 – HKCU..Run: [iCloudServices] . (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
O4 – HKCU..Run: [ApplePhotoStreams] . (.Apple Inc. – Apple Photostreams Uploader Executable.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
O4 – HKCU..Run: [Facebook Update] . (.Facebook Inc. – Programme d'installation de Facebook.) — C:UsersconstanceAppDataLocalFacebookUpdateFacebookUpdate.exe
O4 – HKCU..Run: [Spotify] . (.Spotify Ltd – Spotify.) — C:UsersconstanceAppDataRoamingSpotifySpotify.exe
O4 – HKCU..Run: [Spotify Web Helper] . (.Spotify Ltd – SpotifyWebHelper.) — C:UsersconstanceAppDataRoamingSpotifyDataSpotifyWebHelper.exe
O4 – HKCU..Run: [iTunesHelper] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
O4 – HKCU..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [ASUSPRP] . (.ASUSTek Computer Inc. – ASUS Product Register Program.) — C:Program Files (x86)ASUSAPRPAPRP.exe
O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.10.123AsusWSPanel.exe
O4 – HKLM..Wow6432NodeRun: [mcui_exe] C:Program FilesMcAfee.comAgentmcagent.exe (.not file.)
O4 – HKLM..Wow6432NodeRun: [avgnt] . (.Avira Operations GmbH & Co. KG – Antivirus System Tray Tool (Desktop).) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [iCloudServices] . (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [ApplePhotoStreams] . (.Apple Inc. – Apple Photostreams Uploader Executable.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [Facebook Update] . (.Facebook Inc. – Programme d'installation de Facebook.) — C:UsersconstanceAppDataLocalFacebookUpdateFacebookUpdate.exe
O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [Spotify] . (.Spotify Ltd – Spotify.) — C:UsersconstanceAppDataRoamingSpotifySpotify.exe
O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [Spotify Web Helper] . (.Spotify Ltd – SpotifyWebHelper.) — C:UsersconstanceAppDataRoamingSpotifyDataSpotifyWebHelper.exe
O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [iTunesHelper] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~2Office14ONBttnIE.dll (.not file.)
O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~2Office14ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{3ED5859F-5403-40FA-B189-FFCC84E842A0}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 – HKLMSystemCCSServicesTcpip..{3F44732C-3A51-4DB7-9E50-CD0DA7035FC1}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCCSServicesTcpip..{DC146ECC-0B7E-41FA-B8D2-17281C324C06}: DhcpNameServer = 172.20.10.1
O17 – HKLMSystemCS1ServicesTcpip..{3ED5859F-5403-40FA-B189-FFCC84E842A0}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 – HKLMSystemCS1ServicesTcpip..{3F44732C-3A51-4DB7-9E50-CD0DA7035FC1}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCS1ServicesTcpip..{DC146ECC-0B7E-41FA-B8D2-17281C324C06}: DhcpNameServer = 172.20.10.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1] (…) — C:Program Files (x86)1ClickMovie-Download V9.01ClickMovie-Download V9.0-codedownloader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2] (…) — C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3] (…) — C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4] (…) — C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5] (…) — C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-5.exe (.not file.) [0]
[MD5.C81E206D2DDBD18396506C2978F2C6BA] [APT] [ASUS Splendid ColorU] (…) — C:Program Files (x86)ASUSSplendidColorUService.exe [171224]
O39 – APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1 – (…) — C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1.job [1444] =>PUP.CrossRider
O39 – APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2 – (…) — C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.job [1388] =>PUP.CrossRider
O39 – APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3 – (…) — C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3.job [3162] =>PUP.CrossRider
O39 – APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4 – (…) — C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4.job [2292] =>PUP.CrossRider
O39 – APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5 – (…) — C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5.job [1496] =>PUP.CrossRider
~ Scheduled Task: 34 Legitimates Filtered in 00mn 23s

—\ Logiciels installés (O42)
O42 – Logiciel: Price Meter (remove only) – (.Price Meter.) [HKCU][64Bits] — Price Meter =>PUP.PriceMeter
O42 – Logiciel: SupraSavings – (.SupraSavings.) [HKLM][64Bits] — {E6B105B8-1F65-4428-9397-1DFD8A03B94D} =>PUP.SupraSavings
~ Logic: 27 Legitimates Filtered in 00mn 01s

—\ HKCU & HKLM Software Keys
[HKCUSoftwarePriceMeter] =>PUP.PriceMeter
~ Key Software: 177 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 15/01/2014 – 21:00:19 – [] —-D C:Program Files (x86)PC Cleaner =>USP.PCCleaner
O43 – CFD: 09/04/2014 – 22:31:00 – [] —-D C:UsersconstanceAppDataRoamingMicrosoftWindowsStart MenuPrograms1clickmoviedownloader.com =>PUP.SoftwareEngine
~ Program Folder: 116 Legitimates Filtered in 00mn 01s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.0DE593914F0268FB2B4DE7B9C7B33057] – 09/04/2014 – 21:38:58 —A- . (.SecureAssist – WFP driver.) — C:WindowsSystem32DriversSAWFP64.sys [41768] =>PUP.SupraSavings
~ Files: 21 Legitimates Filtered in 02mn 09s

—\ Derniers fichiers malwares créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.28F803FEE76BE09943D57D45DC4335D6] – 19/04/2014 – 09:48:49 —A- – C:WindowsPrefetchMYPC BACKUP.EXE-D2D9F9B9.pf =>PUP.MyPCBackup
O45 – LFCP:[MD5.B56528312CA1ACFCC0496CEE2B292A81] – 21/04/2014 – 14:19:07 —A- – C:WindowsPrefetchPRICEMETER.EXE-E642B963.pf =>PUP.PriceMeter
O45 – LFCP:[MD5.9AAAD0A827E0D43BCE970FEF441EC27A] – 21/04/2014 – 22:01:43 —A- – C:WindowsPrefetchPRICEMETERLIVEUPDATE.EXE-78B4F584.pf =>PUP.PriceMeter
O45 – LFCP:[MD5.15DE84CAB22DED3F013C6EAD20A9E693] – 12/04/2014 – 22:45:08 —A- – C:WindowsPrefetchPRICEMETERLIVEUPDATEHANDLER.E-4B6DF71D.pf =>PUP.PriceMeter
O45 – LFCP:[MD5.6CC6FB4883D7EF6BF6BB1B761756EAC6] – 11/04/2014 – 00:37:34 —A- – C:WindowsPrefetchPRICEMETERW.EXE-C650C11E.pf =>PUP.PriceMeter
O45 – LFCP:[MD5.DA843415EC06A00EA1F93FBAB8104693] – 12/04/2014 – 10:49:28 —A- – C:WindowsPrefetchSUPTAB.EXE-948D75A7.pf =>PUP.SupTab
~ Prefetcher: 6 Legitimates Filtered in 00mn 03s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:13/08/2013 – 00:25:46 —A- . (.Windows (R) Win 7 DDK provider – BCM Function 2 Device Driver.) — C:WindowsSystem32Driversbcmfn2.sys [17624]
O58 – SDL:02/08/2012 – 04:22:48 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [14992]
O58 – SDL:18/03/2014 – 14:12:04 —A- . (.SecureAssist – WFP driver.) — C:WindowsSystem32DriversSAWFP64.sys [41768] =>PUP.SupraSavings
O58 – SDL:22/08/2013 – 13:43:32 —A- . (.Promise Technology, Inc. – Promise SuperTrak EX Series Driver for Windows x64.) — C:WindowsSystem32Driversstexstor.sys [31072]
O58 – SDL:13/12/2012 – 14:50:36 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
~ Drivers: 17 Legitimates Filtered in 00mn 04s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 19/04/2014 – 00:28:24 —A- . (…) — C:UsersconstanceDownloadstableau budget trésorerie .xlsx [10457]
O61 – LFC: 21/04/2014 – 00:24:02 —A- . (…) — C:UsersconstanceAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [306100]
O61 – LFC: 21/04/2014 – 00:24:09 —A- . (…) — C:UsersconstanceAppDataLocalGoogleChromeUser DataLocal State [69079]
O61 – LFC: 21/04/2014 – 00:28:09 —A- . (…) — C:UsersconstanceAppDataRoamingsp_data.sys [62]
O61 – LFC: 21/04/2014 – 00:28:12 —A- . (…) — C:UsersconstanceDownloads1339148784-50708.pdf [1197975]
O61 – LFC: 21/04/2014 – 00:28:13 —A- . (…) — C:UsersconstanceDownloadsadwcleaner.exe [1324843]
O61 – LFC: 21/04/2014 – 00:28:14 —A- . (…) — C:UsersconstanceDownloadsAIDE_MEMOIRE_EXCEL_2007_s1A_5.pdf [860630]
O61 – LFC: 21/04/2014 – 00:28:16 —A- . (…) — C:UsersconstanceDownloadsLe cartel_des_palaces_parisiens (1).pdf [211822]
O61 – LFC: 21/04/2014 – 00:28:16 —A- . (…) — C:UsersconstanceDownloadsLe cartel_des_palaces_parisiens.pdf [211822]
O61 – LFC: 21/04/2014 – 00:28:17 —A- . (…) — C:UsersconstanceDownloadslivreblanc4.pdf [2857577]
O61 – LFC: 21/04/2014 – 00:28:17 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (1).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:17 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (10).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (11).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (12).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (13).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (14).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (15).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (16).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (17).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (18).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (19).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (2).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (20).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (21).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (3).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (4).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (5).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (6).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (7).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (8).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (9).doc [78336]
O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04.doc [78336]
O61 – LFC: 21/04/2014 – 00:28:24 —A- . (…) — C:UsersconstanceDownloadsTheme 4 Chapitre 1 – PRESENTATION DE LA NOTION DE CONTRAT.docx [28715]
O61 – LFC: 21/04/2014 – 00:28:24 —A- . (…) — C:UsersconstanceDownloadsTheme 4 Chapitre 2 – LA FORMATION DU CONTRAT (1).docx [28759]
O61 – LFC: 21/04/2014 – 00:28:24 —A- . (…) — C:UsersconstanceDownloadsTheme 4 Chapitre 2 – LA FORMATION DU CONTRAT.docx [166624]
O61 – LFC: 21/04/2014 – 00:28:26 —A- . (…) — C:UsersconstanceLinksPhotos iCloud.lnk [160]
~ Files: 74 Legitimates Filtered in 04mn 37s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (…) — C:ProgramDataSetStretch.exe [24576]
[MD5.72110F1F18C34AD782CE40ACD2644548] [SPRF][21/04/2014] (…) — C:UsersconstanceAppDataRoamingsp_data.sys [62]
~ Files: 2 Legitimates Filtered in 00mn 00s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “8B501B6E56F182443979D1DFA8309BD4” . (.SupraSavings.) — c:WINDOWSInstaller{E6B105B8-1F65-4428-9397-1DFD8A03B94D}icon64.ico =>PUP.SupraSavings
O90 – PUC: “BD04C21DD7DC68D42958E5F22E63394E” . (.SupraSavings.) — c:WINDOWSInstaller{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}icon64.ico =>PUP.SupraSavings
~ Update Products: 2 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][09/04/2014] (.SupraSavings – SupraSavings.) — C:WindowsInstaller3e66a6f0.msi [3162112] =>PUP.SupraSavings
[MD5.9A5263D3C011F34BFA10C5458CF27197] [WIS][09/04/2014] (.SupraSavings – SupraSavings.) — C:WindowsInstaller3e66a6f5.msi [4997120] =>PUP.SupraSavings
~ WIS: 2 Legitimates Filtered in 00mn 08s

—\ Recherche de clés de registre Tracing (O100)
HKLMSOFTWAREMicrosoftTracingBackupStack_RASAPI32 =>PUP.MyPCBackup
HKLMSOFTWAREMicrosoftTracingBackupStack_RASMANCS =>PUP.MyPCBackup
~ BTK: 24 Legitimates Filtered in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Disabled 14/03/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopavwebg7.exe
SS – | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
SS – | Auto 04/01/2014 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 04/01/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 22/08/2013 37768 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 14/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopsched.exe
SR – | Auto 14/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopavguard.exe
SR – | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 05/10/2012 110976 | (ASLDRService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
SR – | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe
SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 01/10/2012 30080 | (DptfParticipantProcessorService) . (.Intel Corporation.) – C:WindowsSystem32DptfParticipantProcessorService.exe
SR – | Auto 01/10/2012 31616 | (DptfPolicyConfigTDPService) . (.Intel Corporation.) – C:WindowsSystem32DptfPolicyConfigTDPService.exe
SR – | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
SR – | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
SR – | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
SR – | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
SR – | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
SR – | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SR – | Auto 20/12/2012 45488 | (WakeupService) . (.ASUSTek Computer Inc..) – C:Program FilesASUSASUS VivoBookASUSWakeupService.exe
SR – | Demand 10/07/1658 0 | (WdNisSvc) . (…) – C:Program Files (x86)Windows DefenderNisSrv.exe
SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 25s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by constance at 22/04/2014 00:32:51
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by constance at 22/04/2014 00:32:53
********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 13044 – (21/04/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 8

[HKLMSoftwareGoogleChromeExtensionspelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
[HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallPrice Meter] =>PUP.PriceMeter^
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{E6B105B8-1F65-4428-9397-1DFD8A03B94D}] =>PUP.SupraSavings^
C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionspelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
C:Program Files (x86)PC Cleaner =>USP.PCCleaner^
C:UsersconstanceAppDataRoamingMicrosoftWindowsStart MenuPrograms1clickmoviedownloader.com =>PUP.SoftwareEngine^
C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1.job =>PUP.CrossRider^
C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.job =>PUP.CrossRider^
C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3.job =>PUP.CrossRider^
C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4.job =>PUP.CrossRider^
C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5.job =>PUP.CrossRider^
[HKCUSoftwarePriceMeter] =>PUP.PriceMeter^
C:WindowsInstaller3e66a6f0.msi =>PUP.SupraSavings^
C:WindowsInstaller3e66a6f5.msi =>PUP.SupraSavings^
~ Additionnel Scan: 252458 Items scanned in 00mn 57s

—\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/41962558-pup-quickstart” onclick=”window.open(this.href);return false; =>PUP.QuickStart
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/41981105-pup-pricemeter” onclick=”window.open(this.href);return false; =>PUP.PriceMeter
http://nicolascoolman.webs.com/apps/blog/show/42067481-pup-suprasavings” onclick=”window.open(this.href);return false; =>PUP.SupraSavings
http://nicolascoolman.webs.com/apps/blog/show/29956939-usp-pccleaner” onclick=”window.open(this.href);return false; =>USP.PCCleaner
http://nicolascoolman.webs.com/apps/blog/show/29758660-pup-softwareengine” onclick=”window.open(this.href);return false; =>PUP.SoftwareEngine
http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup” onclick=”window.open(this.href);return false; =>PUP.MyPCBackup
http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab” onclick=”window.open(this.href);return false; =>PUP.SupTab
~ MSI: 9 link(s) detected in 00mn 00s

~ 876 Legitimates filtered by white list
End of the scan (514 lines in 14mn 57s)(0)}[/spoiler:srb100rr]