Répondre à : Fichier clés usb transformé en raccourcis 2016-09-08T13:42:28+00:00
Photo du profil de marinezermarinezer
Participant
Post count: 15

Voici le rapport de zhpdiag, j’espère je ne me suis pas trompée dans les manipulations:

~ Rapport de ZHPDiag v2014.5.23.72 – Nicolas Coolman (23/05/2014)
~ Lancé par marine (23/05/2014 14:36:20)
~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Désactivée par l’utilisateur
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.19088
GCIE: Google Chrome v34.0.1847.137 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Basic, 32-bit Service Pack 1 (Build 6001)
Windows Server License Manager Script : OK
~ Windows Operating System – Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 8QXTR
Windows License : OK
Windows Automatic Updates : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2013

—\ Logiciels d’optimisation du système
CCleaner v3.22

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader 9.5.5 – Français

—\ Informations sur le système
~ Processor: x86 Family 15 Model 124 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1789 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 15 GB (10%) free of 136 GB

—\ Mode de connexion au système
~ Computer Name: PC-DE-MARINE
~ User Name: marine
~ All Users Names: marine, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersmarineAppDataRoamingZHP
~ %AppData% : C:UsersmarineAppDataRoaming
~ %Desktop% : C:UsersmarineDesktop
~ %Favorites% : C:UsersmarineFavorites
~ %LocalAppData% : C:UsersmarineAppDataLocal
~ %StartMenu% : C:UsersmarineAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 15 Go of 136 Go)
D: CD-ROM drive (Free 0 Go of 0 Go)
F: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiSpywareOverride: OK
[HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiVirusOverride: OK
[HKLMSOFTWAREMicrosoftSecurity CenterSvc] FirewallOverride: OK
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: OK
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN] CheckedValue: OK
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: OK
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyComputer: OK
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyDocs: OK
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: OK
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyMusic: OK
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyPics: OK
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowPrinters: Modified
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowSetProgramAccessAndDefaults: OK
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowControlPanel: OK
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowNetConn: OK
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL] CheckedValue: OK
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: OK
[HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] Shell: OK
[HKCUSOFTWAREMicrosoftWindows NTCurrentVersionWindows] Load: OK
[HKLMSYSTEMCurrentControlSetServicesCOMSysApp] Type: OK
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : OK
~ Security Center: 47 Scanned in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] – (.Microsoft Corporation – Explorateur Windows.) (.29/10/2008 – 07:29:41.) — C:WindowsExplorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.21/01/2008 – 03:33:13.) — C:WindowsSystem32Wininit.exe [96768]
[MD5.DE4685DE5130039FA63DA66C0F72F787] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.28/05/2011 – 07:08:58.) — C:WindowsSystem32wininet.dll [916480]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/01/2008 – 03:34:38.) — C:WindowsSystem32Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.21/04/2011 – 14:16:42.) — C:Windowssystem32DriversAFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.21/01/2008 – 03:32:21.) — C:Windowssystem32Driversatapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.21/01/2008 – 03:33:23.) — C:Windowssystem32DriversCdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/01/2008 – 03:32:23.) — C:Windowssystem32DriversCdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:24:14.) — C:Windowssystem32DriversDfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/01/2008 – 03:32:47.) — C:Windowssystem32DriversHDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.21/01/2008 – 03:32:45.) — C:Windowssystem32Driversi8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.21/01/2008 – 03:34:06.) — C:Windowssystem32DriversIpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 13:49:35.) — C:Windowssystem32DriversMRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] – (.Microsoft Corporation – MBT Transport driver.) (.21/01/2008 – 03:34:49.) — C:Windowssystem32DriversnetBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.21/01/2008 – 03:33:23.) — C:Windowssystem32Driversntfs.sys [1081912]
[MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.02/11/2006 – 09:51:30.) — C:Windowssystem32DriversParport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/01/2008 – 03:34:44.) — C:Windowssystem32DriversRasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.21/01/2008 – 03:32:22.) — C:Windowssystem32Driversrdpdr.sys [248832]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] – (.Microsoft Corporation – SMB Transport driver.) (.21/01/2008 – 03:34:49.) — C:Windowssystem32Driverssmb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] – (.Microsoft Corporation – TDI Translation Driver.) (.21/01/2008 – 03:34:42.) — C:Windowssystem32Driverstdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/01/2008 – 03:32:47.) — C:Windowssystem32Driversvolsnap.sys [227896]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1632
~ Mes musiques (My Musics) : 1/5292
~ Mes Videos (My Videos) : 1/7
~ Mes Favoris (My Favorites) : 1/31
~ Mes Documents (My Documents) : 2/395
~ Mon Bureau (My Desktop) : 12/1094
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 04s

—\ Processus lancés
[MD5.CC42F104172B4A62793083D380867317] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1660]
[MD5.FA18468460906465C6A181904F5B706B] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [3774312] [PID.2096]
[MD5.31C68B3012C6E94DAC381B31E3A4F0D5] – (…) — C:UsbFixUsbFix.exe [1662976] [PID.3304]
[MD5.DCF3E3EDF5109EE8BC02FE6E1F045795] – (.Microsoft Corporation – wpffontcache_v0400.exe.) — C:WindowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [753504] [PID.3368]
[MD5.A1545B731579895D8CC44FC0481C1192] – (.Microsoft Corporation – Service de la passerelle de la couche Appli.) — C:WindowsSystem32alg.exe [59392] [PID.5016]
[MD5.0BA91E1358AD25236863039BB2609A2E] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [2623488] [PID.192]
[MD5.4B555106290BD117334E9A08761C035A] – (…) — ystem32rundll32.exe [0] [PID.4816]
[MD5.345B1798395CEA9C178AFF1784FA2A37] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [841032] [PID.308]
[MD5.2BE28172DB7CB4C3AB8AC061D5420316] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [7877120] [PID.2444]
[MD5.F96EBC5A624349D81DCC7600A3C5DC43] – (.Microsoft Corporation – Console IME.) — C:Windowssystem32conime.exe [69120] [PID.5116]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] – (…) — C:Program FilesZHPDiagpv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 01s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultPreferences
G1 – GCS: Preference [User DataDefault] None
G0 – GCSP: Preference [User DataDefault][HomePage] http://www.delta-search.com” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
G2 – GCE: Preference [User DataDefault] [ahfgeienlihckogmohjhadlkjgocpleb] Store v.0.2 (Activé)
G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] GoogleDrive v.6.3 (Activé)
G2 – GCE: Preference [User DataDefault] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.6 (Activé)
G2 – GCE: Preference [User DataDefault] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.20 (Activé)
G2 – GCE: Preference [User DataDefault] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 – GCE: Preference [User DataDefault] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [hakpajgggjjcjmidfbnnncnbaihjneaj] 01NET.com Main v.10.15.0.62, (Désactivé)
G2 – GCE: Preference [User DataDefault] [icmlaeflemplmjndnaapfdbbnpncnbda] avast! WebRep v.8.0.1483, (Désactivé)
G2 – GCE: Preference [User DataDefault] [janmfndmohbaaoocpcgfbghioojoakjg] plugin v.0.2 (Désactivé)
G2 – GCE: Preference [User DataDefault] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>PUP.BubbleDock
G2 – GCE: Preference [User DataDefault] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
G2 – GCE: Preference [User DataDefault] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 – GCE: Preference [User DataDefault] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 – GCE: Preference [User DataDefault] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)

—\ Liste des dossiers d’extension Google Chrome
G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [GoogleDrive]
G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [YouTube]
G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [Recherche Google]
G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionsjanmfndmohbaaoocpcgfbghioojoakjg [plugin]
G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp [Bubble Dock] =>PUP.BubbleDock
G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
G2 – EXT: C:UsersmarineAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [Gmail]
~ Google Lines Browser: 27 Scanned in 00mn 35s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultprefs.js
C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultuser.js
M3 – MFPP: Plugins – [marine] — C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsbabylon.xml =>PUP.Babylon
M3 – MFPP: Plugins – [marine] — C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsconduit.xml
M3 – MFPP: Plugins – [marine] — C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsdelta.xml =>Toolbar.DeltaSearch
M3 – MFPP: Plugins – [marine] — C:UsersmarineAppDataRoamingMozillaFirefoxProfilesdwt984hb.defaultsearchpluginsfissa.xml =>PUP.OfferBox
M2 – MFEP: prefs.js [marine – dwt984hb.default{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (..)
M2 – MFEP: prefs.js [marine – dwt984hb.default{f531b93a-b50b-4ff1-8288-404c881ac4da}] [] 01NET.com Main v10.15.0.62 (..)
P2 – FPN: [HKLM] [@adobe.com/FlashPlayer] – (…) — C:Windowssystem32MacromedFlashNPSWF32_13_0_0_214.dll
P2 – FPN: [HKLM] [@adobe.com/ShockwavePlayer] – (.Adobe Systems, Inc. – Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620.) — C:Windowssystem32AdobeDirectornp32dsw.dll
P2 – FPN: [HKLM] [@canon.com/EPPEX] – (.CANON INC. – CANON iMAGE GATEWAY Album Plugin Utility Module for IJ.) — C:Program FilesCanonMy Image GardenAddOnCIGnpmigfpi.dll
P2 – FPN: [HKLM] [@java.com/DTPlugin,version=10.17.2] – (.Oracle Corporation – NPRuntime Script Plug-in Library for Java(TM) Deploy.) — C:Windowssystem32npDeployJava1.dll
P2 – FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] – (. Microsoft Corporation – 5.1.30214.0.) — c:Program FilesMicrosoft Silverlight5.1.30214.0npctrl.dll
P2 – FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] – (.Microsoft Corporation – NPWLPG.) — C:Program FilesWindows LivePhoto GalleryNPWLPG.dll
P2 – FPN: [HKLM] [@microsoft.com/WPF,version=3.5] – (.Microsoft Corporation – Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) — c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll
P2 – FPN: [HKLM] [@tools.google.com/Google Update;version=3] – (.Google Inc. – Google Update.) — C:Program FilesGoogleUpdate1.3.24.7npGoogleUpdate3.dll
P2 – FPN: [HKLM] [@tools.google.com/Google Update;version=9] – (.Google Inc. – Google Update.) — C:Program FilesGoogleUpdate1.3.24.7npGoogleUpdate3.dll
P2 – FPN: [HKLM] [Adobe Reader] – (.Adobe Systems Inc. – Adobe PDF Plug-In For Firefox and Netscape “9.5.5”.) — C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll
~ Firefox Browser: 16 Scanned in 00mn 00s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.delta-search.com” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.emachines.com” onclick=”window.open(this.href);return false;
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.emachines.com” onclick=”window.open(this.href);return false;
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Extensions Off Page = about:noadd-ons
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Security Risk Page = about:securityrisk
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerSearch,Default_Search_URL = http://search.certified-toolbar.com” onclick=”window.open(this.href);return false; =>PUP.CertifiedToolbar
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://start.facemoods.com” onclick=”window.open(this.href);return false; =>Adware.Facemoods
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerAboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm” onclick=”window.open(this.href);return false;
R3 – URLSearchHook: Microsoft Url Search Hook – {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. – Adobe PDF Plug-In For Firefox and Netscape “9.5.5”.) (No version) — (.not file.)
~ IE Browser: 16 Scanned in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Browser Helper Objects de navigateur (O2)
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated – Adobe PDF Helper for Internet Explorer.) — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 – BHO: Bubble Dock SurfMatch – {23AF19F7-1D5B-442c-B14C-3D1081953C94} . (.Nosibay – Bubble Dock.) — C:Program FilesNosibayBubble DockextensionsaxSurfMatch.dll =>PUP.BubbleDock
O2 – BHO: Canon Easy-WebPrint EX BHO – {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} . (.CANON INC. – Easy-WebPrint EX.) — C:Program FilesCanonEasy-WebPrint EXewpexbho.dll
O2 – BHO: avast! Online Security – {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
O2 – BHO: Programme d’aide de l’Assistant de connexion Windows Live – {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation – WindowsLiveLogin.dll.) — C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 – BHO: OfferBox – {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} . (.Secure Digital Services Limited – OfferBox.) — C:Program FilesOfferBoxOfferBoxBHO.dll =>PUP.OfferBox
~ BHO: 12 Scanned in 00mn 00s

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: Canon Easy-WebPrint EX – [HKLM]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} . (.CANON INC. – Easy-WebPrint EX.) — C:Program FilesCanonEasy-WebPrint EXewpexhlp.dll
O3 – Toolbar: avast! Online Security – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
O3 – ToolbarWebBrowser: (no name) – [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [Public]: Navigateur OfferBox.lnk . (…) — C:Program FilesOfferBoxOfferBoxLauncher.exe (.not file.) =>PUP.OfferBox
O4 – GSDesktop [marine]: UsbFix Faire un Don.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.usbfix.net” onclick=”window.open(this.href);return false;
~ Global Startup: 2 Scanned in 00mn 02s

—\ Applications lancées au démarrage du système (O4)
O4 – HKLM..Run: [Windows Defender] . (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe
O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – HD Audio Control Panel.) — C:Program FilesRealtekAudioHDARtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [SynTPEnh] . (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 – HKLM..Run: [CanonQuickMenu] . (.CANON INC. – Canon Quick Menu.) — C:Program FilesCanonQuick MenuCNQMMAIN.exe
O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] Clé orpheline
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] Clé orpheline
O4 – HKUSS-1-5-21-179234166-31584988-549877916-1000..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: &Ajout Direct dans Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office12ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Winsock hijacker (Layered Service Provider) (O10)
O10 – WLSP:00000000001Winsock LSP File . (.Microsoft Corporation – Network Location Awareness 2.) — C:Windowssystem32NLAapi.dll
O10 – WLSP:00000000002Winsock LSP File . (.Microsoft Corporation – Fournisseur Shim d’affectation de noms de messagerie.) — C:Windowssystem32napinsp.dll
O10 – WLSP:00000000003Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:Windowssystem32pnrpnsp.dll
O10 – WLSP:00000000004Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:Windowssystem32pnrpnsp.dll
O10 – WLSP:00000000005Winsock LSP File . (.Microsoft Corporation – Fournisseur de service Sockets 2.0 de Microsoft Windows.) — C:Windowssystem32mswsock.dll =>.Microsoft Corporation
O10 – WLSP:00000000006Winsock LSP File . (.Microsoft Corporation – LDAP RnR Provider DLL.) — C:Windowssystem32winrnr.dll
~ Winsock: 6 Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{A0BC4DBD-58A7-4130-A090-C545E1346EC4}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCS1ServicesTcpip..{A0BC4DBD-58A7-4130-A090-C545E1346EC4}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlmailhtml – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation – Windows Live Mail.) — C:Program FilesWindows LiveMailmailcomm.dll =>.Microsoft Corporation
O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation – Contrôleur de site Web.) — C:WindowsSystem32webcheck.dll
~ SSODL: 1 Scanned in 00mn 00s

—\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l’interface utilisateur du.) — C:WindowsSystem32browseui.dll
~ STS/SSO: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: (Ati External Event Utility) . (.ATI Technologies Inc. – ATI External Event Utility EXE Module.) – C:WindowsSystem32Ati2evxx.exe
O23 – Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software – avast! Service.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
O23 – Service: Acer ePower Service (ePowerSvc) . (.Acer Incorporated – ePowerSvc.) – C:Program FileseMachineseMachines Power ManagementePowerSvc.exe
O23 – Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. – Programme d’installation de Google.) – C:Program FilesGoogleUpdateGoogleUpdate.exe =>.Google Inc
O23 – Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) . (.Pas de propriétaire – Inkjet Printer/Scanner/Fax Extended Survey.) – C:Program FilesCanonIJPLMIJPLMSVC.exe
O23 – Service: IviRegMgr (IviRegMgr) . (.InterVideo – RegMgr Module.) – C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
O23 – Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) . (.NewTech Infosystems, Inc. – NTI Backup Now 5 SchedulerSvc NT Service.) – C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
~ Services: 7 Scanned in 00mn 07s

—\ Enumération Active Desktop & MHTML Editor (O24)
O24 – Default MHTML Editor: Last – .(…) – (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s

—\ Enumère les données de BootExecute (BEX) (O34)
O34 – HKLM BootExecute: (autocheck autochk *) – File not found
~ BEX: 1 Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.09E7C37DF4A911C8A9AA8BF88ACD10AA] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) — C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe [257712]
[MD5.F82F374417148CF545221DD88876219F] [APT] [avast! Emergency Update] (.AVAST Software.) — C:Program FilesAVAST SoftwareAvastAvastEmUpdate.exe [783728]
[MD5.45C26D4AF94C4D2335B5960F1D9BCC7D] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) — C:Program FilesCCleanerCCleaner.exe [3113312]
[MD5.00000000000000000000000000000000] [APT] [DealPly] (…) — C:UsersmarineAppDataRoamingDealPlyUPDATE~1UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) — C:Program FilesGoogleUpdateGoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) — C:Program FilesGoogleUpdateGoogleUpdate.exe [116648]
[MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] [APT] [Programme de mise … jour en ligne de Adobe] (.Adobe Systems Incorporated.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [958576]
[MD5.00000000000000000000000000000000] [APT] [{0388B60A-FD86-4965-A6D8-BD603D98D97B}] (…) — D:SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C23350A9-5CC7-49E0-9A25-1FFAFBB1F117}] (…) — C:UsersmarineDownloadsavira_antivirus_personal_fr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E54B1257-89D9-41FF-9112-D93E87C7F150}] (…) — D:setup.exe (.not file.) [0]
[MD5.6F271837B6819CFD49EB242D3799993C] [APT] [Burn Notification] (…) — C:Program FileseMachineseMachines Recovery ManagementNotificationCenterNotification.exe [667648]
O39 – APT: Adobe Flash Player Updater – (.Adobe Systems Incorporated.) — C:WindowsTasksAdobe Flash Player Updater.job [1002]
O39 – APT: Adobe Flash Player Updater – (.Adobe Systems Incorporated.) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
O39 – APT: GoogleUpdateTaskMachineCore – (.Google Inc..) — C:WindowsTasksGoogleUpdateTaskMachineCore.job [1052]
O39 – APT: GoogleUpdateTaskMachineCore – (.Google Inc..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1052]
O39 – APT: GoogleUpdateTaskMachineUA – (.Google Inc..) — C:WindowsTasksGoogleUpdateTaskMachineUA.job [1056]
O39 – APT: GoogleUpdateTaskMachineUA – (.Google Inc..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 17 Scanned in 00mn 04s