Plus de téléchargement ni d'ouverture de fichiers

je n'arrive pas a coller mon imprime écran

RogueKiller.exeLe logiciel antivirus a rencontré une erreur inattendue pendant l'analyse de ce fichier.
https://www.luanagames.com/index.fr.html
Retirer de la liste

pour l'instant pas moyen grrrrrrrrrrrrrrr mais j'ai eu un avertissement avec un triangle jaune , j'ai fait l'analyse de CHKDSK comme demandé voila un imprime écran

je n'arrive pas a coller l'imprim écran

RogueKiller V8.8.0 [Dec 27 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://www.adlice.com

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : jean-luc [Droits d'admin]
Mode : Suppression -- Date : 12/29/2013 15:28:43
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iTunesHelper (wscript.exe //B "C:\Users\jean-luc\AppData\Local\Temp\iTunesHelper.vbe" [x][-]) -> SUPPRIMÉ
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3566145648-2520767218-88932657-1000\$ff24043d55f85ce9a20a8337d9b4b888\n. [x]) -> REMPLACÉ (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)

¤¤¤ Tâches planifiées : 1 ¤¤¤
[V2][SUSP PATH] DealPly : C:\Users\jean-luc\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE - /Check [x] -> SUPPRIMÉ

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Addons navigateur : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpRtMon.dll : C:\Program Files\Windows Defender\MpRtMon.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpRtPlug.dll : C:\Program Files\Windows Defender\MpRtPlug.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpSigDwn.dll : C:\Program Files\Windows Defender\MpSigDwn.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpSoftEx.dll : C:\Program Files\Windows Defender\MpSoftEx.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ

¤¤¤ Driver : [NON CHARGE 0xc0000033] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600BEVT-60ZCT0 ATA Device +++++
--- User ---
[MBR] 07d1be7a6d9b44bb79ca6527ebca9d42
[BSP] d63927188c2961296443857196271017 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143641 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 294178816 | Size: 8982 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic STORAGE DEVICE USB Device +++++
--- User ---
[MBR] c31b4a86132e17ef551ed84979cfe846
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7456 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n'est pas prise en charge. )

Termine : << RKreport[0]_D_12292013_152843.txt >>
RKreport[0]_S_12292013_152610.txt

ca y est j'ai passé ./ ça a duré je ne sais pas combien de temps je l'ai lancé a 17h00 hier soir et ce



matin a 6h00 ce n'n'était pas finit je viens de rentré , et mon écran et redevenu sur le bureau , il y a des changement dans mes icônes (raccourcis) et 3 icônes de security-helpzone.com en plus dont un pour installer , voilà un ÉNORME MERCI MERCI tout remarche a merveille je peux lire mes pièces jointes je peux télécharger , et il a l'air d'aller plus vite a met demande . encore 1000000 merci tu es génial passe un bon réveillon lilidurhone
bonne fin d'année , et merci pour tout

Nom Taille Date de modification de
[Repertoire parent]
HKEY_CLASSES_ROOT_CLSID_ {5839fca9-774d-42a1-acda-d6a79037f57f} _InprocServer32_0.reg 390 B 29/12/13 15:28:42
HKEY_CLASSES_ROOT_CLSID_ {fbeb8a05-beee-4442-804e-409d6c4515e9} _InprocServer32_0.reg 462 B 29/12/13 15:28:42
HKEY_CURRENT_USER_Software_Microsoft_Windows_CurrentVersion_Explorer_HideDesktopIcons_ClassicStartMenu_{645FF040-0.reg 412 B 29/12/13 15:28:42
HKEY_CURRENT_USER_Software_Microsoft_Windows_CurrentVersion_Explorer_HideDesktopIcons_NewStartPanel_{645FF040-0.reg 406 B 29/12/13 15:28:42
HKEY_CURRENT_USER_Software_Microsoft_Windows_CurrentVersion_Run_iTunesHelp0.reg 416 B 29/12/13 15:28:42
HKEY_LOCAL_MACHINE_SOFTWARE_Classes_CLSID_{5839fca9-774d-42a1-acda-d6a79037f57f}_InprocServer32_0.reg 426 B 29/12/13 15:28:42
HKEY_LOCAL_MACHINE_Software_Microsoft_Windows_CurrentVersion_Explorer_HideDesktopIcons_NewStartPanel_{20D04FE0-0.reg 408 B 29/12/13 15:28:42
HKEY_LOCAL_MACHINE_Software_Microsoft_Windows_CurrentVersion_Explorer_HideDesktopIcons_NewStartPanel_{59031a47-0.reg 408 B 29/12/13 15:28:42
PhysicalDrive0_User.dat 512 B 29/12/13 15:26:10
PhysicalDrive1_User.dat 512 B 29/12/13 15:26:10
QuarantineReport.txt
celui la vient de roguekiller je ne l'avait pas vue , lol

~ Rapport de ZHPDiag v2013.12.29.26 - Nicolas Coolman (29/12/2013)
~ Lancé par jean-luc (30/12/2013 21:56:17)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.19489
GCIE: Google Chrome v31.0.1650.63 (Defaut)
OBIE: Safari v5.34.57.2

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Basic, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 44MV3
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v7.0.1426.0
Malwarebytes Anti-Malware version 1.61.0.1400

---\\ Logiciels d'optimisation du système
CCleaner v3.17 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3 - Français

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 42 GB (29%) free of 140 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-JEAN-LUC
~ User Name: jean-luc
~ All Users Names: jean-luc, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\jean-luc\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jean-luc\AppData\Roaming\
~ %Desktop% : C:\Users\jean-luc\Desktop\
~ %Favorites% : C:\Users\jean-luc\Favorites\
~ %LocalAppData% : C:\Users\jean-luc\AppData\Local\
~ %StartMenu% : C:\Users\jean-luc\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 140 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.D40C56B9338EA2C3B3891A6FCE5E51F7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/10/2013 - 09:25:06.) -- C:\Windows\System32\wininet.dll [916992]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 03s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2124
~ Mes musiques (My Musics) : 17/2155
~ Mes Favoris (My Favorites) : 1/213
~ Mes Documents (My Documents) : 1/3395
~ Mon Bureau (My Desktop) : 1/46588
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 59s



---\\ Processus lancés
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.2248]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.2280]
[MD5.782FEF655DBF8653C9F2722BEBF7A8A6] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4241512] [PID.2316]
[MD5.B9AA850CDA55097EB13E03698C8F5828] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [266776] [PID.2664]
[MD5.16DCC8ACC504A6662BB04A0ED9454A4D] - (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe [959808] [PID.3372]
[MD5.77BD0166102F3B9BB9499B2952C3BCFA] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\wlmail.exe [92024] [PID.2884]
[MD5.7C3B0A6F3AA799F0480B597F6D1990C8] - (.Conduit - Setup.exe.) -- C:\Users\jean-luc\Downloads\Setup_TSV2RWAC.exe [1079824] [PID.4140] =>Toolbar.Conduit
[MD5.2230A585FD7F4D7A3E7F6E7975C2B6BC] - (...) -- C:\Users\jean-luc\AppData\Local\Temp\nss701E.tmp\ProxyInstallerDir\ProxyInstaller.exe [78096] [PID.4372]
[MD5.02C64A253F1EE84663510A7FC93F5B93] - (.Updater - Updater service.) -- C:\ProgramData\Updater\Updater.exe [486264] [PID.5868] =>Adware.IncrediBar
[MD5.25605EC5F30D29AC217236B0CA88C28A] - (.WatchDog - Pas de description.) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe [429944] [PID.5572] =>PUP.SearchDonkey
[MD5.25605EC5F30D29AC217236B0CA88C28A] - (.WatchDog - Pas de description.) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe [429944] [PID.5272] =>PUP.SearchDonkey
[MD5.25605EC5F30D29AC217236B0CA88C28A] - (.WatchDog - Pas de description.) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe [429944] [PID.6032] =>PUP.SearchDonkey
[MD5.DE09BEC7B6F8AA3354DE5E663218B8CA] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe [4180256] [PID.5388] =>Toolbar.Conduit
[MD5.0C0D9A079675E93DEE6BE74E237CC697] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe [2849056] [PID.5304] =>Toolbar.Conduit
[MD5.F938E8B6A2C8CF9F3E3C27F76E113C49] - (.Nosibay - Bubble Dock.) -- C:\Users\jean-luc\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe [665104] [PID.4556] =>PUP.BubbleDock
[MD5.EE6E1E59ED4C0590E6014BED7053160C] - (.Nosibay - Bubble Dock.) -- C:\Users\jean-luc\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe [5154320] [PID.4556] =>PUP.BubbleDock
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.2808]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.2364]
[MD5.C0AE759423616CDB7FCB3A19E6C869B1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8304640] [PID.5856]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1260]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1396]
[MD5.4041D31508A2A084DFB42C595854090F] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44768] [PID.1784]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1804]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.2732]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.2776]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2796]
[MD5.43DBA6069B3FA153FA68C30DE24CD341] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536] [PID.2952]
[MD5.C34411A244029F1C08687F7C752C4563] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.3080]
[MD5.431723F23D0E065BEF502389E8FFDC10] - (.Pas de propriétaire - STServices.) -- C:\Windows\SMINST\BLService.exe [361808] [PID.3432]
[MD5.17E0BEF5CA5C9CE52CC8082AC6EBC449] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024] [PID.3492]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.3568]
[MD5.CD5F291A1161F15896D1A4D63DAFF5DF] - (.Conexant Systems, Inc. - Modem Audio Service.) -- C:\Windows\system32\DRIVERS\xaudio.exe [386560] [PID.4020]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176] [PID.1244]
[MD5.5875746AAC710D1F3101A665300E793F] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2251552] [PID.4748] =>Toolbar.Conduit
[MD5.E3EFA45E92B7F0B3DD9DDBB0B11CB24A] - (...) -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448] [PID.5664]
~ Processes Running: Scanned in 00mn 04s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.conduit.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com
G0 - GCSP: Preference [User Data\Default] http://search.conduit.com
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] Websteroids v.2.6.53 (Activé) =>PUP.TubeDimmer
G2 - GCE: Preference [User Data\Default] [jcdgjdiieiljkfkdcloehkohchhpekkn] SweetIM for Facebook v.1.2.0.0 (Activé) =>PUP.SweetIM
G2 - GCE: Preference [User Data\Default] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>PUP.BubbleDock
~ Google Browser: 21 Legitimates Filtered in 00mn 21s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [jean-luc] -- C:\Program Files\Mozilla FireFox\searchplugins\kwinzy116.xml
P2 - FPN: [HKLM] [@Microsoft.com/DownloadManager,version=1.1] - (...) -- (.not file.)
P2 - FPN: [HKLM] [@viewpoint.com/VMP] - (.Pas de propriétaire - MetaStream 3 Plugin r4.) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll =>Adware.MetaStream
~ Firefox Browser: 37 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} . (.Pas de propriétaire - MetaStream 3 Plugin r4.) (No version) -- (.not file.) =>Adware.MetaStream
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} . (.Pas de propriétaire - MetaStream 3 Plugin r4.) (No version) -- (.not file.) =>Adware.MetaStream
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM
O2 - BHO: TBSB01555 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Pas de propriétaire - Internet Explorer Toolbar Engine.) -- C:\Program Files\France Toolbar\tbcore3.dll
~ BHO: 30 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - [HKLM]{EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM
O3 - Toolbar: France Toolbar - [HKLM]{8FFA7469-654F-423E-84FE-6A583CB1C284} . (.Pas de propriétaire - Internet Explorer Toolbar Engine.) -- C:\Program Files\France Toolbar\tbcore3.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{4B3803EA-5230-4DC3-A7FC-33638F3D3542} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
O4 - GS\Desktop [Public]: WiseConvert.lnk . (.wiseconvert.com - Wise Convert.) -- C:\Program Files\WiseConvert\WiseConvert\wise-convert.exe =>Toolbar.Conduit
O4 - GS\Program [Public]: ASSDraw3.lnk . (.ai-chan - A tool for designing shapes to be used in A.) -- D:\Aegisub\ASSDraw3.exe
O4 - GS\Program [Public]: DVD Play.lnk . (.CyberLink Corp. - HP DVDPlay.) -- C:\Program Files\HP\QuickPlay\QP.exe
O4 - GS\Program [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\Program [Public]: Installation du Contrôle Parental.lnk . (.InstallShield Software Corporation - InstallShield (R) Setup Launcher.) -- C:\Program Files\Securitoo\Controle Parental\Controle_parental.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
O4 - GS\Program [Public]: ViiKiiDesktopPlugin.lnk . (...) -- C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
O4 - GS\QuickLaunch [jean-luc]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
O4 - GS\QuickLaunch [jean-luc]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [jean-luc]: Son - Raccourci.lnk - Clé orpheline
O4 - GS\Program [jean-luc]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [jean-luc]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [jean-luc]: Corbeille -.lnk - Clé orpheline
O4 - GS\Desktop [jean-luc]: Donate.lnk . (...) -- C:\Program Files\Mozilla Firefox\firefox.exe (.not file.)
O4 - GS\Desktop [jean-luc]: g3n-h@ckm@n's tools.lnk . (...) -- C:\Program Files\Mozilla Firefox\firefox.exe (.not file.)
O4 - GS\Desktop [jean-luc]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [jean-luc]: Launch Internet Explorer Browser - Copie.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [jean-luc]: Solitaire.lnk . (.Microsoft Corporation - Exécutable du jeu Solitaire.) -- C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
O4 - GS\Desktop [jean-luc]: Spider Solitaire.lnk . (.Microsoft Corporation - Exécutable du jeu Spider Solitaire.) -- C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
~ Global Startup: 72 Legitimates Filtered in 00mn 04s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [Updater] . (.Updater - Updater service.) -- C:\ProgramData\Updater\Updater.exe =>Adware.IncrediBar
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe
O4 - HKCU\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\jean-luc\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>PUP.BubbleDock
O4 - HKCU\..\Run: [Updater] . (.Updater - Updater service.) -- C:\ProgramData\Updater\Updater.exe =>Adware.IncrediBar
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3566145648-2520767218-88932657-1000\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe
O4 - HKUS\S-1-5-21-3566145648-2520767218-88932657-1000\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\jean-luc\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>PUP.BubbleDock
O4 - HKUS\S-1-5-21-3566145648-2520767218-88932657-1000\..\Run: [Updater] . (.Updater - Updater service.) -- C:\ProgramData\Updater\Updater.exe =>Adware.IncrediBar
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} ((no name)) - http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll =>Toolbar.Conduit
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Search Protect by Conduit Service (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit
O23 - Service: Internet Updater (InternetUpdater) . (...) - C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
O23 - Service: XAudioService (XAudioService) . (.Conexant Systems, Inc. - Modem Audio Service.) - C:\Windows\System32\DRIVERS\xaudio.exe
~ Services: 15 Legitimates Filtered in 00mn 38s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{C4B76F9F-28BA-4528-81A5-CC6A9FAB71EE}] (...) -- C:\Users\jean-luc\Documents\HC2Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D48EF53A-CC73-4FC1-8834-B1E8E00F553E}] (...) -- F:\AutoTransfer.exe (.not file.) [0]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 04s



---\\ Logiciels installés (O42)
O42 - Logiciel: Akamai NetSession Interface - (...) [HKCU] -- Akamai
O42 - Logiciel: Akamai NetSession Interface Service - (...) [HKLM] -- Akamai
O42 - Logiciel: FlorensiaEU 1.08.17 - (.Netts.) [HKLM] -- FlorensiaEU
O42 - Logiciel: France Toolbar - (.France Toolbar.) [HKLM] -- France Toolbar
O42 - Logiciel: Internet Updater - (.Parallel Lines Development, LLC.) [HKLM] -- InternetUpdater
O42 - Logiciel: Search Protect - (.Conduit.) [HKLM] -- SearchProtect =>Toolbar.Conduit
O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM] -- {A0C9DF2B-89B5-4483-8983-18A68200F1B4} =>PUP.SweetIM
O42 - Logiciel: SweetPacks bundle uninstaller - (.SweetIM Technologies Ltd..) [HKLM] -- {0C43FE6B-E881-4AFC-B384-4AEBC90047E8} =>PUP.SweetIM
O42 - Logiciel: Update Manager for SweetPacks 1.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {EA8FA6BE-29BE-4AF2-9352-841F83215EB0} =>PUP.SweetIM
O42 - Logiciel: WiseConvert - (.WiseConvert.) [HKLM] -- WiseConvert =>Toolbar.Conduit
~ Logic: 52 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Freeze.com] =>Adware.Freeze
[HKCU\Software\IM]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\PCTools]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\5dfd7ddb068ea47]
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Freeze.com] =>Adware.Freeze
[HKLM\Software\IB Updater] =>Adware.InstallBrain
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\IncrediMail]
[HKLM\Software\MetaStream] =>Adware.MetaStream
[HKLM\Software\PCTools]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\VBGenerator]
~ Key Software: 409 Legitimates Filtered in 00mn 02s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/08/2010 - 13:43:52 - [0] ----D C:\Program Files\Babylon-English =>PUP.Babylon
O43 - CFD: 07/10/2009 - 22:43:50 - [0,513] ----D C:\Program Files\Conduit
O43 - CFD: 19/09/2009 - 19:36:27 - [0,444] ----D C:\Program Files\CREDITS
O43 - CFD: 31/05/2009 - 20:44:54 - [0] ----D C:\Program Files\Digsby
O43 - CFD: 20/11/2013 - 11:45:09 - [4,198] ----D C:\Program Files\France Toolbar
O43 - CFD: 19/09/2009 - 19:35:27 - [35,651] ----D C:\Program Files\FRONTEND
O43 - CFD: 19/09/2009 - 19:35:32 - [9,255] ----D C:\Program Files\GLOBAL
O43 - CFD: 19/09/2009 - 19:36:28 - [0,012] ----D C:\Program Files\memcard
O43 - CFD: 19/09/2009 - 19:36:25 - [29,180] ----D C:\Program Files\NIS
O43 - CFD: 19/09/2009 - 19:36:07 - [21,333] ----D C:\Program Files\SOUND
O43 - CFD: 12/11/2012 - 20:12:20 - [11,639] ----D C:\Program Files\SweetIM =>PUP.SweetIM
O43 - CFD: 19/09/2009 - 19:35:17 - [83,363] ----D C:\Program Files\TRACKS
O43 - CFD: 07/06/2009 - 22:10:44 - [0] ----D C:\Program Files\WeFi
O43 - CFD: 30/12/2013 - 21:38:43 - [1,295] ----D C:\Program Files\WiseConvert =>Toolbar.Conduit
O43 - CFD: 10/10/2012 - 20:25:31 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 05/04/2011 - 22:34:03 - [0] ----D C:\ProgramData\gIj31001eDmFd31001
O43 - CFD: 30/12/2013 - 21:50:07 - [1,424] ----D C:\ProgramData\InternetUpdater
O43 - CFD: 30/12/2013 - 21:39:19 - [1,230] ----D C:\ProgramData\RHelpers =>PUP.SearchDonkey
O43 - CFD: 12/11/2012 - 20:12:20 - [0,568] ----D C:\ProgramData\SweetIM =>PUP.SweetIM
O43 - CFD: 30/12/2013 - 21:39:29 - [0,464] ----D C:\ProgramData\Updater =>PUP.CrossRider
O43 - CFD: 29/05/2012 - 21:54:38 - [16,521] -SH-D C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
O43 - CFD: 10/10/2012 - 20:25:31 - [0,015] ----D C:\Users\jean-luc\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 24/04/2013 - 16:28:47 - [0] ----D C:\Users\jean-luc\AppData\Roaming\DealPly =>PUP.DealPly
O43 - CFD: 31/05/2009 - 20:38:02 - [0] ----D C:\Users\jean-luc\AppData\Roaming\Digsby
O43 - CFD: 31/05/2009 - 20:37:21 - [0,012] ----D C:\Users\jean-luc\AppData\Local\Digsby
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 276 Legitimates Filtered in 02mn 12s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 29/12/2013 - 15:21:38 ---A- . (...) -- C:\Windows\System32\TrueSight.sys [26624]
O44 - LFC:[MD5.56D1A56F69BB1502E9ED372269EB1945] - 29/12/2013 - 15:24:37 ---A- . (.B.H.A Co.,Ltd. - B.H.A Storage Helper Driver (WindowsNT5.x).) -- C:\Windows\System32\Drivers\bsstor.sys.bak [9088]
O44 - LFC:[MD5.23B62471681A124889978F6295B3F4C6] - 29/12/2013 - 15:24:45 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [342584]
O44 - LFC:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 29/12/2013 - 15:25:00 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys.bak [35944]
O44 - LFC:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 29/12/2013 - 15:25:00 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys.bak [35944]
O44 - LFC:[MD5.9DA04F53C26E75190E394D7C3B4A7456] - 29/12/2013 - 15:25:08 ---A- . (...) -- C:\Windows\System32\Drivers\MosIrUsb.sys.bak [22016]
O44 - LFC:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 29/12/2013 - 15:25:50 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys.bak [115816]
O44 - LFC:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 29/12/2013 - 15:25:50 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win200.) -- C:\Windows\System32\Drivers\ulsata.sys.bak [98408]
O44 - LFC:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 29/12/2013 - 15:25:50 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys.bak [238648]
O44 - LFC:[MD5.06CA8FCCC3D7C026E721B3004D4A03A9] - 30/12/2013 - 10:39:43 R--A- . (...) -- C:\Pre_Scan_30_12_2013_10_39_43.txt [37665]
~ Files: 320 Legitimates Filtered in 01mn 50s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.5DB04C6698517C4C6BB94BD0C849BB8E] - 30/12/2013 - 21:37:42 ---A- - C:\Windows\Prefetch\SETUP_TSV2RWAC.EXE-411060EE.pf
O45 - LFCP:[MD5.36D039D3BC304D2D96B2EBB1804B77DA] - 30/12/2013 - 21:38:49 ---A- - C:\Windows\Prefetch\SETUP (3).EXE-3E9A0935.pf
O45 - LFCP:[MD5.025570911CCDDB652BFDFEEBA1195138] - 30/12/2013 - 21:38:57 ---A- - C:\Windows\Prefetch\PROXYINSTALLER.EXE-1C84D85A.pf
O45 - LFCP:[MD5.942EEFE65DC55D312DD71AE450878ADB] - 30/12/2013 - 21:39:07 ---A- - C:\Windows\Prefetch\EMBEDEDSTUB.EXE-30590C96.pf
O45 - LFCP:[MD5.62E13F3A7FCF5E8E4C1D85AE1EEED801] - 30/12/2013 - 21:39:22 ---A- - C:\Windows\Prefetch\NSYE187.EXE-A36269AA.pf
O45 - LFCP:[MD5.DB261B592856CAF0DEE87D16CBF70F90] - 30/12/2013 - 21:39:44 ---A- - C:\Windows\Prefetch\NSI2AD.EXE-09BC24BC.pf
O45 - LFCP:[MD5.11AF5994853D96ACC35FE5F2AAC6D8EF] - 30/12/2013 - 21:40:08 ---A- - C:\Windows\Prefetch\NSJA1BB.EXE-74CB4AA4.pf
O45 - LFCP:[MD5.3AE159C9F817486791885105A508D7CE] - 30/12/2013 - 21:40:13 ---A- - C:\Windows\Prefetch\NSYB155.EXE-C87129A2.pf
O45 - LFCP:[MD5.71A9F90C99BB6815CC730140403184BE] - 30/12/2013 - 21:40:33 ---A- - C:\Windows\Prefetch\CLTMNG.EXE-07A2A3D0.pf
O45 - LFCP:[MD5.08A1565D5144331BA867169F56974500] - 30/12/2013 - 21:40:34 ---A- - C:\Windows\Prefetch\CLTMNGUI.EXE-DE191759.pf
O45 - LFCP:[MD5.DC1B6A7D0A596365EE0269946F69898B] - 30/12/2013 - 21:40:44 ---A- - C:\Windows\Prefetch\CLTMNGSVC.EXE-81A8D62A.pf
O45 - LFCP:[MD5.B30CE43660D91CCCE9D6557103E5559A] - 30/12/2013 - 21:40:49 ---A- - C:\Windows\Prefetch\NSO56D8.EXE-28A93F52.pf
O45 - LFCP:[MD5.D703210BEB853A472A11248E3BF9D5E7] - 30/12/2013 - 21:40:50 ---A- - C:\Windows\Prefetch\NSE605B.EXE-5ED8842E.pf
O45 - LFCP:[MD5.3B8A23890010C95773C8271CF6688C1D] - 30/12/2013 - 21:41:00 ---A- - C:\Windows\Prefetch\DLLOGIC.EXE-716EE005.pf
O45 - LFCP:[MD5.C00132C0F5033D4008CD05FE3C7AD0B1] - 30/12/2013 - 21:46:13 ---A- - C:\Windows\Prefetch\WISE-CONVERT.EXE-C72E709D.pf
O45 - LFCP:[MD5.BEEC1EC0EF7213327FF82E8DD7E3C0F8] - 30/12/2013 - 21:49:47 ---A- - C:\Windows\Prefetch\SETUP{17714B04-F662-465D-8D74-9EDAE1B3.pf
O45 - LFCP:[MD5.AA57FA78F9CB00914C0714B8A8C07A9D] - 30/12/2013 - 21:50:02 ---A- - C:\Windows\Prefetch\NSD97B.TMP-611D8259.pf
O45 - LFCP:[MD5.C1CAC02608D962F50F7F073C74EE8DE8] - 30/12/2013 - 21:50:04 ---A- - C:\Windows\Prefetch\NSDF75.TMP-F2BD4F49.pf
O45 - LFCP:[MD5.C0DD2E8A124B4D4BDB6F786BD4DC1478] - 30/12/2013 - 21:50:06 ---A- - C:\Windows\Prefetch\NSE82D.TMP-E232046A.pf
O45 - LFCP:[MD5.4B02A262803A1153A05D077A3F3CCBB9] - 30/12/2013 - 21:50:15 ---A- - C:\Windows\Prefetch\INTERNETUPDATERSERVICE.EXE-E85285B5.pf
~ Prefetcher: 86 Legitimates Filtered in 00mn 02s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{38877874-d718-11dd-8cf6-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{423fec03-a63f-11df-aa39-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{ac41ee35-a9dc-11dd-9d7b-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{ac41ee3b-a9dc-11dd-9d7b-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{e2d7c6c5-bf9f-11dd-98dc-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{e2d7c6cc-bf9f-11dd-98dc-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{f8be03f0-bcbc-11df-9c39-001d7278d00a}\AutoRun\command - Clé orpheline
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\SweetIM [Key] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe =>PUP.SweetIM
O53 - SMSR:HKLM\...\startupreg\Sweetpacks Communicator [Key] . (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe =>PUP.SweetIM
~ SMSR Keys: 22 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogoff"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoClose"=0
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.56D1A56F69BB1502E9ED372269EB1945] - 02/05/2002 - 02:05:00 ---A- . (.B.H.A Co.,Ltd. - B.H.A Storage Helper Driver (WindowsNT5.x).) -- C:\Windows\System32\Drivers\bsstor.sys [9088]
O58 - SDL:[MD5.56D1A56F69BB1502E9ED372269EB1945] - 29/12/2013 - 15:24:37 ---A- . (.B.H.A Co.,Ltd. - B.H.A Storage Helper Driver (WindowsNT5.x).) -- C:\Windows\System32\Drivers\bsstor.sys.bak [9088]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 29/12/2013 - 15:24:45 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [342584]
O58 - SDL:[MD5.C1258ADCBE6E51A3C06C234D2BDB81B5] - 24/06/2010 - 13:27:58 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [23424]
O58 - SDL:[MD5.C1258ADCBE6E51A3C06C234D2BDB81B5] - 29/12/2013 - 15:24:46 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys.bak [23424]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 29/12/2013 - 15:25:00 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys.bak [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 29/12/2013 - 15:25:00 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys.bak [35944]
O58 - SDL:[MD5.9DA04F53C26E75190E394D7C3B4A7456] - 11/10/2007 - 11:40:00 ---A- . (...) -- C:\Windows\System32\Drivers\MosIrUsb.sys [22016]
O58 - SDL:[MD5.9DA04F53C26E75190E394D7C3B4A7456] - 29/12/2013 - 15:25:08 ---A- . (...) -- C:\Windows\System32\Drivers\MosIrUsb.sys.bak [22016]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:32:45 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 29/12/2013 - 15:25:50 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys.bak [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 29/12/2013 - 15:25:50 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys.bak [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:32:49 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 29/12/2013 - 15:25:50 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys.bak [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 29/12/2013 - 15:21:38 ---A- . (...) -- C:\Windows\System32\TrueSight.sys [26624]
~ Drivers: 19 Legitimates Filtered in 01mn 04s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 29/12/2013 - 22:07:10 ---A- . (...) -- C:\Users\jean-luc\Documents\ROGUEKILLER analyse des logiciels malveillants.docx [14225]
O61 - LFC: 30/12/2013 - 22:05:05 ---A- . (...) -- C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [267696]
O61 - LFC: 30/12/2013 - 22:05:26 ---A- . (...) -- C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Local State [60791]
O61 - LFC: 30/12/2013 - 22:05:31 ---A- . (...) -- C:\Users\jean-luc\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat [3022] =>Toolbar.Conduit
O61 - LFC: 30/12/2013 - 22:05:31 ---A- . (...) -- C:\Users\jean-luc\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat [100878] =>Toolbar.Conduit
O61 - LFC: 30/12/2013 - 22:05:31 ---A- . (...) -- C:\Users\jean-luc\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat [3552] =>Toolbar.Conduit
O61 - LFC: 30/12/2013 - 22:05:31 ---A- . (...) -- C:\Users\jean-luc\AppData\Local\SearchProtect\UI\rep\UIRepository.dat [4046] =>Toolbar.Conduit
O61 - LFC: 30/12/2013 - 22:06:22 ---A- . (...) -- C:\Users\jean-luc\AppData\Roaming\ZHP\Log.txt [24491] =>.Nicolas Coolman
O61 - LFC: 30/12/2013 - 22:06:22 ---A- . (...) -- C:\Users\jean-luc\AppData\Roaming\ZHP\TestsZHPDiag.txt [2914] =>.Nicolas Coolman
O61 - LFC: 30/12/2013 - 22:07:59 ---A- . (.Conduit.) -- C:\Users\jean-luc\Downloads\Setup_TSV2RWAC.exe [1079824]
~ 28 Fichiers temporaires (Temporary files)
~ Files: 241 Legitimates Filtered in 03mn 38s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] c72a7830-3e2c-4ad9-a3e5-4c52195352ea - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www2.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://supertoolbar.ask.com
O69 - SBI: SearchScopes [HKCU] {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (Recherche Crawler) - http://www.crawler.com
O69 - SBI: SearchScopes [HKCU] {1FF6833C-34CC-449A-BBCE-2D5534EF61FF} - (Live Search) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {4C2DC590-E0AA-4508-A762-BD7265819DFA} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {5F4764C9-A953-44D8-BA81-4C334ADB8090} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
O69 - SBI: SearchScopes [HKCU] {603BC971-4F47-4440-A256-223067AD7A49} - (Fast Browser Search) - http://www.fastbrowsersearch.com =>PUP.FbSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6AD016A5-66E5-4779-B8A1-70127F69DF93} - (Yahoo! Search) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035} - (Amazon.com) - http://www.amazon.com
O69 - SBI: SearchScopes [HKCU] {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - (Customized Search) - http://fr-recherche.com
O69 - SBI: SearchScopes [HKCU] {B4B042D3-092F-4A1F-87E5-A1C5D647C7CC} - (Kelkoo) - http://fr.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredibar.com =>Adware.IncrediBar
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.B4F4F49CF51187C8D8C6771BE362653F] [SPRF][20/11/2012] (.Conduit - Pas de description.) -- C:\Users\jean-luc\AppData\Local\Temp\dlLogic.exe [203704] =>Toolbar.Conduit
[MD5.48967067AAB17A4D17023FA42B1F7F4D] [SPRF][24/10/2013] (.Conduit Ltd. - Conduit Toolbar Verifier.) -- C:\Users\jean-luc\AppData\Local\Temp\GCVerifier.dll [287520] =>Toolbar.Conduit
[MD5.BEDCCAC49052DBC36E1C24E2BAB83341] [SPRF][03/10/2013] (.Conduit - Pas de description.) -- C:\Users\jean-luc\AppData\Local\Temp\mMamStub.exe [197976] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\jean-luc\AppData\Local\Temp\nse605B.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\jean-luc\AppData\Local\Temp\nsjA1BB.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\jean-luc\AppData\Local\Temp\nso56D8.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\jean-luc\AppData\Local\Temp\nsyB155.exe [167812] =>Toolbar.Conduit
[MD5.4B3BD770331EEE85B7E32DE27DD33186] [SPRF][29/12/2013] (.Pas de propriétaire - Pre_Scan.) -- C:\Users\jean-luc\Desktop\Pre_Scan.exe [2160298]
[MD5.871828ECBD7BD52F1ECB42BB6E19DEB1] [SPRF][13/10/2004] (...) -- C:\Program Files\SafeMode.bat [13]
[MD5.E4B31B8CC2CEB446EE6A6003550FAAE4] [SPRF][06/11/2008] (...) -- C:\Windows\Downloaded Program Files\cfweb_www.bobtv.fr-download_instmodule.exe [99936]
[MD5.6F678556A6FCE04FC94F3435F6313705] [SPRF][02/11/2008] (...) -- C:\Windows\Downloaded Program Files\unagiuninst.exe [38428]
~ Files: 12 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "9EE58E3C298524145B73CBBED3CAC4D3" . (.Internet Explorer Toolbar 4.6 by SweetPacks.) -- C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}\ARPPRODUCTICON.exe =>PUP.SweetIM
~ Update Products: 165 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKLM\Software\5dfd7ddb068ea47] => Clé orpheline
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C4B8DECC48DA9208CB64B40E8B2F3023] [WIS][29/12/2011] (.ahead software gmbh - Nero - Burning Rom.) -- C:\Windows\Installer\11c139a.msi [4911104]
[MD5.42FFF09998CA877BBA856F34455B99EE] [WIS][29/12/2008] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\19d7a98.msi [121344]
[MD5.F2E1A6236CAA68443C42204CDAD80B4F] [WIS][29/12/2008] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\19d7ac4.msi [646656]
[MD5.FA12A5AECAA8D4AA7CCA6E542E443AA8] [WIS][29/12/2008] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\19d7aea.msi [121344]
[MD5.42D4AA0FF381EDBF7AC80EBADDA15C6B] [WIS][05/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\1b084.msi [1634304]
[MD5.EC638ABEFD66B677F799754050EE963F] [WIS][12/11/2012] (.SweetIM Technologies Ltd. - SweetIM for Messenger 3.7.) -- C:\Windows\Installer\1b8a9986.msi [2046464] =>PUP.SweetIM
[MD5.31FEEA696F8D10A21873D23C8C41F08C] [WIS][12/11/2012] (.SweetIM Technologies Ltd. - SweetPacks Toolbar for Internet Explorer 4.0.) -- C:\Windows\Installer\1b8a998c.msi [2044928] =>PUP.SweetIM
[MD5.DBE0DE4A9953F173467AAF720492DE65] [WIS][12/11/2012] (.SweetIM Technologies Ltd. - Sweetpacks Communicator 1.1.) -- C:\Windows\Installer\1b8a9992.msi [2093568] =>PUP.SweetIM
[MD5.66B519ABF9AAC98670FFC26735826E90] [WIS][12/11/2012] (.SweetIM Technologies Ltd. - SweetPacks bundle uninstaller.) -- C:\Windows\Installer\1b8a9998.msi [2555392] =>PUP.SweetIM
~ WIS: 170 Legitimates Filtered in 00mn 45s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 17/09/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/09/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/05/2008 165192 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 01/10/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 29/09/2010 616448 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 21/01/2008 21504 | c:\program files\common files\akamai\netsession_win_8fa3539.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 07/03/2012 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Disabled 10/07/1658 0 | (avast! Firewall) . (...) - C:\Program Files\Alwil Software\Avast5\afwServ.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 16/12/2013 2251552 | (CltMngSvc) . (.Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/03/2009 65536 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 06/12/2013 40448 | (InternetUpdater) . (...) - C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
SR - | Auto 04/03/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/04/2008 361808 | (Recovery Service for Windows) . (...) - C:\Windows\SMINST\BLService.exe
SR - | Auto 09/01/2007 272024 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/10/2007 386560 | (XAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\DRIVERS\xaudio.exe

~ Services: Scanned in 00mn 53s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by jean-luc at 30/12/2013 22:12:21

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13013 - (29/12/2013)
Clés trouvées (Keys found) : 267
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 25
Fichiers trouvés (Files found) : 35

[HKLM\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb] =>PUP.TubeDimmer^
[HKLM\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn] =>PUP.SweetIM^
[HKLM\Software\Google\Chrome\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp] =>PUP.BubbleDock^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
[HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator] =>PUP.SweetIM^
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}] =>PUP.SweetIM
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{0F6E720A-

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.1221.2 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 16:22:32

~ Update on 21/12/2013 | 23.05 by g3n-h@ckm@n
~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/
~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/
~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/

~ [jean-luc (Administrator)] - [PC-DE-JEAN-LUC]
~ SID = S-1-5-21-3566145648-2520767218-88932657-1000

~ System : Windows Vista (TM) Home Basic (32 bits) HomeBasic Service Pack 2
~ ProcessorNameString : Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
~ Identifier : x86 Family 6 Model 15 Stepping 13


~ Memory RAM = Total (MB) : 3075 | Free (MB) : 1917
~ Pagefile = Total (MB) : 6387 | Free (MB) : 5323
~ Virtual = Total (MB) : 2097 | Free (MB) : 1974

¤¤¤¤¤¤¤¤¤¤ | Boot's scripts


¤¤¤¤¤¤¤¤¤¤ | Drives

c:\-> [Fixed] | [] | Total : 143640 Mo | Free : 43350 Mo -> NTFS
d:\-> [Fixed] | [PRESARIO_RP] | Total : 8980 Mo | Free : 1410 Mo -> NTFS
f:\-> [Removable] | [] | Total : 7440 Mo | Free : 7350 Mo -> FAT32

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

Last(s) détection(s) : 2013-12-28 21:39:10
Last(s) download(s) : 2013-12-14 19:22:14
Last(s) installation(s) : 2013-12-15 02:00:14
Next search : 2013-12-29 18:07:00


¤¤¤¤¤¤¤¤¤¤ | Sessions

~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\jean-luc
~ C:\Users\Invité

New restorepoint created : To restore the registry : C:\Pre_Scan\Save\Scan\ERDNT.exe

Standby deleted !


¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 8.0.6001.19489 (© Microsoft Corporation.)
GC : 31.0.1650.63 (Copyright 2012 Google Inc.)
SF : 5.34.57.2 (Copyright Apple Inc. 2007-2012)

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

FlashPlayer ActiveX : 11.9.900.170

¤¤¤¤¤¤¤¤¤¤ | stopped Processes

(1200) -- UMVPFSrv.exe
(1328) -- SLsvc.exe
(1800) -- wlanext.exe
(1856) -- explorer.exe
(2008) -- spoolsv.exe
(2016) -- taskeng.exe
(456) -- ACService.exe
(1272) -- AppleMobileDeviceService.exe
(1424) -- mDNSResponder.exe
(1612) -- FTRTSVC.exe
(388) -- LSSrvc.exe
(2248) -- BLService.exe
(2288) -- RichVideo.exe
(2340) -- hkcmd.exe
(2396) -- igfxsrvc.exe
(2928) -- c2c_service.exe
(3028) -- igfxpers.exe
(3424) -- WLIDSVC.EXE
(3504) -- SearchIndexer.exe
(3572) -- WLIDSVCM.EXE
(3656) -- iTunesHelper.exe
(3700) -- XAudio.exe
(3792) -- 9props.exe
(3840) -- wscript.exe
(2280) -- taskeng.exe
(4008) -- iPodService.exe
(1032) -- GoogleUpdate.exe
(4596) -- wmpnscfg.exe
(6124) -- msiexec.exe
(3712) -- realsched.exe
(4188) -- SearchProtocolHost.exe
(4904) -- WUDFHost.exe
(1180) -- RogueKiller (5).exe
(4440) -- SearchFilterHost.exe
(736) -- chrome.exe
(1924) -- chrome.exe
(4932) -- chrome.exe
(2984) -- conime.exe

Boot : Normal


¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !


¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK !

Changed : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ | Associations

Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> C:\Windows\Explorer.exe


¤

Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"

¤¤¤¤¤¤¤¤¤¤ | Registry

Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
Repaired : [HKU\S-1-5-21-3566145648-2520767218-88932657-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0

¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access



¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

Safeboot Keys are O.K

Alternate shell is OK !

¤

Repaired : [HKLM | Minimal\SRService] : -> Service
Repaired : [HKLM | Minimal\sr.sys] : -> FSFilter System Recovery

¤

Repaired : [HKLM | Network\rdpcdd.sys] : -> Driver

¤¤¤¤¤¤¤¤¤¤ | IFEO


¤¤¤¤¤¤¤¤¤¤ | Mountpoints2

Deleted : HKU\S-1-5-21-3566145648-2520767218-88932657-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{1167e7fd-4764-11df-939d-001d7278d00a} | AutoRun\command : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\NoLimit.exe
Deleted : HKU\S-1-5-21-3566145648-2520767218-88932657-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{1cae49de-df3e-11e1-81f2-001d7278d00a} | AutoRun\command : G:\autorun.exe
Deleted : HKU\S-1-5-21-3566145648-2520767218-88932657-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{cbffc54c-17bf-11e3-a907-001d7278d00a} | AutoRun\command : F:\LGAutoRun.exe
Deleted : HKU\S-1-5-21-3566145648-2520767218-88932657-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{d13b58d1-73cf-11e2-8484-001d7278d00a} | AutoRun\command : G:\setup.exe
Deleted : HKU\S-1-5-21-3566145648-2520767218-88932657-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{f3ef4055-9017-11de-ba11-001d7278d00a} | AutoRun\command : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\demarrer.html


¤¤¤¤¤¤¤¤¤¤ | Windows

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

Winsrv : OK !


[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[Programs] : com exe bat pif cmd

¤¤¤¤¤¤¤¤¤¤ | Security Center




¤¤¤¤¤¤¤¤¤¤ | Services Corrections

Service : BFE : Restored
Service : MPSSVC : Restored
Service : WSCSVC : Restored
Impossible to restore service : EMDMGNT
Service : WINDEFEND : Restored
Service : IPHLPSVC : Restored
Service : SHAREDACCESS : Restored

Repaired : [HKLM | Services\agp440] : 3 -> 2
Repaired : [HKLM | Services\Browser] : 2 -> 3
Repaired : [HKLM | Services\EapHost] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Repaired : [HKU\S-1-5-21-3566145648-2520767218-88932657-1000\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : -> http://www.google.com/
Repaired : [HKU\S-1-5-21-3566145648-2520767218-88932657-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : https://msn.com/ -> http://www.google.com/
Repaired : [HKU\S-1-5-21-3566145648-2520767218-88932657-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[SearchAssistant] : -> http://www.google.com/ie
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb -> http://go.microsoft.com/fwlink/?LinkId=69157

¤

Repaired : [HKU\S-1-5-21-3566145648-2520767218-88932657-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[ProxyOverride] : 127.0.0.1:9421;*.local -> *.local
Repaired : [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[ProxyOverride] : <local> -> *.local
Repaired : [HKU\S-1-5-21-3566145648-2520767218-88932657-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Cleaned

¤¤¤¤¤¤¤¤¤¤ | reparsepoint



¤¤¤¤¤¤¤¤¤¤ | Offsets detection


¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

Deleted : HKLM\..\ControlSet001\Enum\Root\LEGACY_SP_RSDRV2
Deleted : HKLM\..\ControlSet002\Services\SP_RSDRV2
Deleted : HKLM\..\ControlSet003\Services\SP_RSDRV2
Deleted : HKLM\..\ControlSet004\Services\SP_RSDRV2
Deleted : HKLM\..\ControlSet005\Services\SP_RSDRV2
Deleted : HKLM\..\ControlSet010\Enum\Root\LEGACY_SP_RSDRV2
Deleted : HKLM\..\CurrentControlSet\Enum\Root\LEGACY_SP_RSDRV2
Zaccess Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-3566145648-2520767218-88932657-1000\$ff24043d55f85ce9a20a8337d9b4b888
Zaccess Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888

Removed : C:\$Recycle.bin\S-1-5-21-1651725961-147956144-3064254344-500
Removed : C:\$Recycle.bin\S-1-5-21-3566145648-2520767218-88932657-500
Removed : C:\$Recycle.bin\S-1-5-20
Removed : C:\$Recycle.bin\S-1-5-21-3566145648-2520767218-88932657-501
Removed : C:\$Recycle.bin\S-1-5-21-3566145648-2520767218-88932657-1000
Removed : C:\$Recycle.bin\S-1-5-18

Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{1F7099F8-036F-46CE-AB8A-C6AF37834401}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{365740C2-435E-49DF-B76B-F91C8512BF4A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{4307359A-1A5A-422C-9393-EE0271B59CC6}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{4D8F0FCF-D3D6-4042-9E06-B7390284EA23}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{F5021446-0F6C-49A4-B59E-32668191F0F4}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{0D86FA83-34F8-4C44-B41A-0E896D27CDD8}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2C80403C-2D55-46E9-B812-3CA9CD9C40D0}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{A3ECE647-0D7C-4456-B4A8-896E1C5D8E77}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{D442DD64-D757-4CE2-A83D-65A84827BC6A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{94E2B3AF-CC10-4F84-9EAE-C7B64DD8617F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{F9CDC20F-9ED2-4BC7-8CC8-99580E9D557C}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9A9223DE-273D-4A22-8794-3999538185CB}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{C79B2B3F-BB73-4239-A768-856D2E27D128}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{13277748-8CEE-4E76-A383-D0D0E94EBDF4}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{71A68FB1-1398-4BD8-A73C-BEAF0E71FD0D}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{5782B7A1-12CC-45E4-B3CD-0E2E4EDCED5F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2CDD19F4-B6CC-41B9-86FE-F329BA465A95}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{BF98C50E-7597-4358-A739-34B073281D26}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{38A60F74-AFBD-457A-811E-378581A1F69B}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{022657F5-892C-48E5-A088-766D1BA71C4F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{BDB8578A-C570-41B9-8C70-65929B33E6E2}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{BCDAA126-13D0-40F3-8D53-E43D9BDC38A9}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{879BC7EA-23C1-41F1-A2FA-F3CB42CB8730}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2E37F0D6-0423-4C74-BFD0-0DBA804D4438}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{B9DF0410-EB27-4E87-AACE-81B83E202C43}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{366419B2-4602-4856-852E-CBACF1E56E67}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{18B68313-0352-46AE-8111-14E67614740F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{05CFF339-471F-400E-942E-BFC2F888B4BD}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{4A3E622F-644A-4834-BA72-3982C3D90345}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2578E76F-C0D0-4E43-96EA-796FA9A195E9}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{320C0CCE-5B0A-4736-B9D7-0C6284AE5222}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{96201D37-3F08-453A-9F0D-6EAE3D674871}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2A96FD66-F428-4753-90B6-38C07B8D57FC}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{DA5C6C5E-46DA-40A6-A81B-FACD463E4956}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{6DFA09AC-01F6-4140-858C-E5D03F505232}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{E3DE9E02-66D0-4624-A909-DFA71EFFA417}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2864630C-5322-497D-BC30-7A9A4CF175B7}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{809C5846-231A-42BF-B04D-34166285C634}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{52406FBE-DD48-4C10-AB0B-151981530E36}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{308D2204-A83A-40BC-AFE8-74B161BF2020}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{DD8462D8-4CB7-4A5E-9B1E-D7E9BFA953A5}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{07D218A0-F520-4BBE-88C2-37145E7FE741}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{E636E357-C46F-4853-BD89-821AB85B4E47}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{F28B4748-2404-4963-98DE-97D774317DBC}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{977E7B72-AD77-4A39-B037-D2DF20A15C5F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{F0D91028-B2EA-42CC-B6CC-6D336ACE7BDE}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{17C34023-76F1-4798-B372-EDD814419BCF}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{44D76D80-5008-4573-A932-5A27C5C77E14}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{E254D3EB-32A3-4B1E-8D7E-795CB72FB69C}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{ECE02E85-80E2-4F4F-8C38-81C9F4FF607A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{22A462B6-EC92-4F17-A92D-D4D0AB5C0106}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{8150AEF5-D651-45F0-9FF8-83214481FC2E}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{6579A5B4-9206-4005-9141-DA1C13EC01B4}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2332BA56-67B8-4A05-BABE-404598E12D17}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{380758B6-50DC-4AE7-B3C1-FCFD4BA35E0F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9DAC8D2D-9BBC-4893-86A8-EE04F5E68AA5}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{4E61DCBB-2FB4-43D5-9877-C87A8BFB3C81}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{87927ACB-ABAB-4002-B43B-687F24E637DB}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{5FA72FFD-11FB-4BE8-AB2F-E1C35F229171}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{B72EB1E8-5E3C-46A0-9C5C-C309EFB9162A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{BD517727-51D0-40D4-8B8B-8EA58A2CC6B8}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{AFB1B68F-EB96-4E5A-B577-EE92CA509B54}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{03397251-9FCB-49EC-BFE0-8AF1AF144137}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{C8B3D768-9D61-40D3-9616-1BD5AF49D1BA}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{334E792E-146D-49B1-89DC-CEA2B4A3CB6E}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{AE4D3837-0942-4021-9FC0-2701E0D4ADAA}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{70E3A292-24A0-410E-9CA5-FFC222C5E57A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{FCBBFB85-7F11-44BE-915F-ABE1E2215D65}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{B8A06E2A-2D50-4E0A-AC6C-C9456969A14B}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{C3907846-3755-476D-8A94-EAB731CEFC87}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{41E2D9B6-80AD-4894-84EA-714745DE8219}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{A3CF693D-330A-45F0-9E03-EC0E4893B763}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{1811364A-A777-479D-B1EC-D16DAE9DC596}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{38CCC5B7-80F0-476D-AF64-F7B50427297B}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{DCBA84A5-26FB-4199-ABB3-ABEBC390743E}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{E1A9E59A-B76A-4E52-9BCB-A267A5285E75}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{8B0C5D48-D2CF-46C3-924C-4761BDF8EE9E}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9D86C58A-2C0A-4393-9213-B469114959E5}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{7B1AB09D-9D0F-470F-AFE7-71B162C5FA28}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{A677F074-11FF-4CDA-91F3-63D4F9119E71}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{36D00FC2-BB22-43FC-BC2F-432ED7AFE41C}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{58481FB8-81AF-440F-B53E-6F025B255DB1}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{B64EF1EF-7E61-4809-A205-884677C8A1EF}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9BBDAA62-2E2D-40CC-A114-2632AB8CB472}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{7773765B-D6E9-4CC3-8C84-6BBAD2A1F8E7}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2315F0CD-F75F-42CC-A6E6-C583901C8628}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{EF738196-64FD-4F67-ABE8-D54DC6D459EB}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{E6234B21-56FC-446E-9657-8416924E5F6B}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{701EB821-7C0C-4180-BF52-E4D965CFB20F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{47215445-A848-44B2-9F5D-6011AC67BB76}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{16E9E7C9-7432-4C34-9E12-F3B7F639278E}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{A15684F9-01D5-4362-9FC9-FE90FE6B1724}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{7B82F9BF-7003-4E46-8B04-CD835E88B9D3}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{760F89E7-73AA-4EE4-B30C-D237593F9245}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{88A2FCF9-C88C-4A79-93DB-6F3B76786293}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{B1850E97-57D6-4D17-8BFA-A6E4C8CA4F7A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{401F183A-AAD0-4756-9965-39F53111E7DB}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{6F7E1BD6-3006-4B72-99A7-80BBE96BE2CA}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{91DA2499-4C22-4326-A577-27EB216CC871}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{992A28D9-E83C-4B99-B944-9A6002AB5C79}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{76F661DD-87B6-4B3B-9696-AE0267E059EF}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{F4EE6AAE-4E1C-4F52-B82B-9EDC5BEC96F0}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{413AAD7B-5E8E-4536-9B82-76C21BF9F264}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{FD45CAC3-A3ED-4076-B0B5-3C0E52DB9F50}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{3C198C38-8BC2-4F38-9741-028B6C857BBD}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{A912DC8F-3F93-4BBA-BDAA-EB6A52AD42F8}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{6762982F-3DDE-4237-82F1-1DE9FF44EF48}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{57139325-7C47-40BC-A8B7-B4B7E60DEFF4}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{6621E7BF-641C-492D-B719-4E8012D36BA7}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{FC31F01D-8A1F-473D-A125-C2044950E359}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2CBD4B49-F56E-426A-9101-07C9B00122AE}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{683E8230-8519-4003-9FBC-79E1C36803C6}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{61FF9B1B-1F39-44CC-B656-1CB6C3B9A8EF}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9CCA9A6B-E9CA-40D0-BBC0-FB827B942A9C}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2C5B1490-A53E-4B25-BA13-725422BF0B53}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{A182285F-051F-4919-8813-2EF86A582D68}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{A86ACC14-7BAC-4898-A1ED-70A50C6216E4}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{6355B257-13D6-422C-9B1B-34E5E81EA275}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{324E9F85-8B00-4303-8B35-5E3A74010500}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{60FD4F59-4594-4AA1-A9A7-153E193D6B35}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{54A45BEF-5C55-4F29-BC2A-CE7C2F6ACCC1}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{A7F90ED5-D69C-482A-ABB7-B066AA038C97}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{D9E16885-24D3-4E6A-B587-A6D2B37D0CD3}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9531AFCB-9242-47C1-AA85-FB18BA796F06}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{EB608431-F3CD-4097-9EC7-92004ECABFA4}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{EBF0B6F6-3383-4E4B-9636-FA846916CD5F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{1F31F8CD-86CC-406B-B356-9FA7C8B7ABE2}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{C5D4624B-4DA9-4456-ADC0-E9F538A03393}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{256DCA53-8DD1-42AA-BCA2-357A135606C1}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{798516B1-969B-43EE-B49F-CD1E856486EE}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{7C43BF56-2AAF-43C1-B140-2AF59B073EF9}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{BC686396-5566-4244-B781-F85347786011}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{4EDA7968-F81C-48EF-9893-FA2E18D603DB}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9D849CA8-3DCA-4B97-8359-5209A21AF142}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{37B3E982-0896-4E34-94A1-4D650F322E13}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{45D526E4-A53E-4266-85EF-8736B2181BC9}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{3ED3A039-EB56-4270-9E08-55C62A6CE383}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{E5239DFE-FED4-42B1-B00A-DCE1859BC772}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2E4E062D-7616-4E5F-86F7-98845A45E1A0}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{16B5A7C8-1672-4C52-BA7D-9DF51A6D2D9B}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{999EE7AC-0D76-4DE9-B54E-D09A771CDC1E}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{F49BE308-F781-4D82-9D00-2E31515901F8}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{4E0D830C-FC65-484F-A6A1-6192090E2F51}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{6E90C4CD-4B4B-491D-8FB9-F076D77AFF87}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{865CEE25-CFED-4B3B-AB71-315DF7F81862}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{54762C2A-E4CF-4F81-893A-FEDB021858D3}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{261E1E94-A1E0-4ED0-A492-8A9DCB219F85}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{1BB3B799-85F4-4CFB-A5E8-36985C7FA18A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{8F66AF26-3625-45A6-AB17-A2BE3FDF43D1}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{0751722F-111B-4FEB-BCB1-BF48B750759E}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{7FD0F7A9-896F-4773-842C-4E865AB1E1C2}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{454A7C59-357A-4941-B372-0883DCABF92F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{09997513-024E-41DF-8E31-694162BB8503}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{BF36F92C-9A7F-4A9B-B485-0182E03B77C8}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{49B9C627-D307-4F4D-BC44-557A7506306D}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{C642DE70-34ED-4CCE-A2BA-5F9E012A220B}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{132D9A8B-C776-4E6F-AC8F-DC8571D3BBF1}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{BCF48972-2806-434E-BCEF-17A945AFD068}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{D11ABA43-04EE-4A65-9DCA-9799DC8840FE}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{AE85021C-2752-4B93-B2B0-82E81CDBD2B8}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{96961475-B8E8-4FA9-9856-B7A7BE233756}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{58131E7E-8DED-425B-83A5-079339632E18}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{CBF68D90-1968-4369-B2D9-3224A9467423}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{B8C44C70-88DB-48C7-AFB6-F99EE99CAD4B}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9EB3BF6B-F916-4311-97DB-86487579C6BE}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{8AD9F49B-81C0-41DD-8E85-9AA8A5E85906}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{B882A617-6272-4E14-9B0D-00D2AB075B25}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{700F6B66-221C-4990-B786-C872DA46DDFE}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{FF6A1DD5-8249-4DEF-B164-E3DD19E8AA82}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{0FEAE89E-06E1-4033-A95B-A2B0FF0CD170}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{5F455E08-C59E-45BB-B2EC-30F59936329F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{B120F179-05D2-4ED9-86C2-29EA97915CE2}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9BC38706-B8CD-4DC7-ACC4-C63908B86B3C}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{8B474D85-954A-4E59-BFC2-F6D7C0E8532D}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{01920AC1-035B-42A7-AEE6-B1772D113CD8}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{34AB6E8C-2267-4FE5-B0F4-72EB578CAA64}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9249112A-7E29-4DF0-A654-2627E0567D0A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{208CEFE9-1116-4A24-A3B9-7535AF89C451}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{916EDF4F-7F7F-4CAF-AFB7-BC4CBEF88F76}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{D4E80D29-AD0C-4DED-AE3E-9D11E63D8FB0}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{21FCEE28-A258-4000-8E82-B5D2761E4803}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{7C3AB680-E075-430C-96DA-A8E4486CA4B3}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{FFBBA0A0-4F6D-47B6-8DF1-5B9EB2B05C62}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{A43BA59F-E309-41E6-8DAE-7A8AEB8D96E2}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{AE2DD0C9-4D42-449D-9F3D-49203E020635}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{F78C279A-35E2-4FD8-B838-3D481A004C40}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{B384FBA5-737A-4649-8898-1675775A6BA5}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{BC877386-168F-4DA7-B4DD-C4C8A1014F29}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{83614BFD-F309-4C6D-BE0A-1F0BA4A0A181}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{62F78213-D8EE-4618-941A-08B2D898F995}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{0C1665DD-A6D4-4585-8268-58E68B1891FE}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{58800DF8-1FFD-4264-B5AC-061BAE7C44A7}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{38EECB6C-69BA-45BF-B227-D908C97D3D6F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{39CA318E-5D97-4DE6-8255-535D20498AA1}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9E930461-A05D-4FB5-AF06-DE878D12C8D3}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{693AB254-BF5F-4D3F-BB7A-971ABC3A8D4E}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{C69CAFBA-CF4C-47D4-AFF2-88C275356560}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{5D9185D5-2177-463C-AB49-A53D0B38BAC4}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{83A4AD8B-DC10-44C2-95F4-705C5BE70171}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{940EE749-1DD4-42AB-81BA-D24335535F04}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{2229A545-480B-47E3-A522-51CC655C1D96}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{FADA1B35-C407-4FF1-B77A-5BCFD80EAB3F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{C0617B8B-77B4-43AB-AA5C-59DB202D0E1A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{F580A328-2605-434C-A90B-1CFE7A187093}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{8A5DB131-AC74-4EF2-B8EA-05D7EA39FDFE}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{D94F0A19-FFA7-4804-BA05-F341A1117835}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{1CEFC891-83ED-45D3-9D20-F36A13304ADD}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{F0C86D36-0A5C-4A6E-AD9E-45BBECF30280}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{75D92966-9D8B-4C8A-9743-FA19D249A626}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{5F00BDAE-C991-4E1D-B057-2EAD41A091F4}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{7F57BCA1-140E-4DF1-818F-6C864ED0A2C1}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{55FB461E-7B40-4838-8A1E-D29E55C32F9C}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{EA2C5C04-F04E-4C74-AE51-A032AEA11F12}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{101F9958-B5CF-406D-B819-56A7A23A2594}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{0BDE6328-0A8B-40AB-A3EC-3722E044A112}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{47AC8A1E-73D2-4618-B061-CB316943BD68}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{09831981-A9F3-411E-A2DD-D02E446B0275}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{DA0AFB8B-064C-4E75-B286-05DBAC9181CC}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{0A9B4288-6933-4D97-962A-E8D82C258C5E}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{A2585823-0BCC-4D20-AE45-A146F205ED86}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{63327541-16DE-446B-8438-EFA7FAAEC90A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{662D5133-B1A8-4322-BB74-6FFC1157AFA2}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{EBD6D566-1C74-4C6E-AD96-04C8E59F141F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{DE3239F3-CE9C-4FD3-8C28-CD85D8D3BB3A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{F4280E11-FB4D-4BDA-93A4-ED2E89B5E1F9}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{0480F59E-B730-4A7D-B24B-94BE501F24AA}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{8A06F258-5D17-478A-BC01-EAEF1D5024BD}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{77F0BFC4-BC8C-4CEB-9F54-E11207C7BB1A}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{4BDC6801-D099-4DAE-8066-C82E5FE4551F}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{154CCD8A-3447-4A7C-9B6A-E4F3E4D86DBE}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{FF734E94-EF40-472B-BEBF-E60ADA146698}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{9046EDA6-E467-41C6-A666-D1AAF016DD84}
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\{1F213DFC-72C0-48D0-A06D-94066098403E}
Moved to quarantine successfully : C:\Windows\Tasks\User_Feed_Synchronization-{3A9B43ED-2057-4193-9D5F-EF91861E66D9}.job
Moved to quarantine successfully : C:\Windows\System32\Tasks\User_Feed_Synchronization-{3A9B43ED-2057-4193-9D5F-EF91861E66D9}
Deleted : [HKU\S-1-5-21-3566145648-2520767218-88932657-1000\Software\Microsoft\Windows\CurrentVersion\Run]|[iTunesHelper] : wscript.exe //B "C:\Users\jean-luc\AppData\Local\Temp\iTunesHelper.vbe"
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : TkBellExe
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : iTunesHelper

Moved to quarantine successfully : C:\Users\jean-luc\AppData\Roaming\wklnhst.dat
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Moved to quarantine successfully : C:\Users\jean-luc\AppData\Local\d3d9caps.dat
Moved to quarantine successfully : C:\Windows\System32\Config\SystemProfile\AppData\Local\d3d9caps.dat
Moved to quarantine successfully : C:\Users\jean-luc\Documents\updates
Will be moved at reboot : C:\Users\jean-luc\Modèles\F
Will be moved at reboot : C:\Users\jean-luc\AppData\Roaming\Microsoft\Windows\Templates\F
Moved to quarantine successfully : C:\Windows\assembly\tmp\
Moved to quarantine successfully : C:\Users\jean-luc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

Prefetch -> Emptied


Will disinfect at reboot : C:\Windows\System32\services.exe - Restored from : C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

D:\ : Vaccinated (Vaccin created by Pre_Scan)
F:\ : Vaccinated (Vaccin created by Pre_Scan)

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Drive D:] : Hidden : 220 | Restored : 220
~ [Drive F:] : Hidden : 8 | Restored : 8
~ [Drive C:] : Hidden : 4 | Restored : 4
~ [Program Files] : Hidden : 10 | Restored : 10
~ [Users] : Hidden : 2 | Restored : 2
~ [Music] : Hidden : 2 | Restored : 2
~ [Pictures] : Hidden : 21 | Restored : 21
~ [Documents] : Hidden : 10 | Restored : 10
~ [Desktop] : Hidden : 1 | Restored : 1
~ [Searches] : Hidden : 2 | Restored : 2
~ [Contacts] : Hidden : 28 | Restored : 28
~ [Windows] : Hidden : 154 | Restored : 154
~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1
~ [Libraries] : Hidden : 51 | Restored : 51


¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)

Disk: 0 Size=153G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 07-NTFS 144G Yes No 63 294,178,753
1 1 07-NTFS 9.0G No No 294,178,816 18,395,136

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1

End : 10:39:42


Standby Restored !
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 531

je n'arrive pas a faire cela , Le rapport est sauvegardé dans C:\ZHP\ZHPDiag.txt

* Une fois le rapport trouvé, sélectionne le, et clique sur Ouvrir

* Choisis le type de diffusion(je te conseille privée 4 jours il sera détruit)
car je ne trouve pas zhp\zhpdiag.txt

https://forums.commentcamarche.net/forum/affich-29310196-plus-de-telechargement-ni-d-ouverture-de-fichiers#22

# AdwCleaner v3.016 - Rapport créé le 30/12/2013 à 22:45:12
# Mis à jour le 23/12/2013 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Nom d'utilisateur : jean-luc - PC-DE-JEAN-LUC
# Exécuté depuis : C:\Users\jean-luc\Downloads\adwcleaner.exe
# Option : Scanner

***** [ Services ] *****

Service Présent : CltMngSvc

***** [ Fichiers / Dossiers ] *****

Dossier Présent : C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Dossier Présent : C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Dossier Présent C:\Program Files\Babylon-English
Dossier Présent C:\Program Files\Conduit
Dossier Présent C:\Program Files\France Toolbar
Dossier Présent C:\Program Files\Nosibay
Dossier Présent C:\Program Files\registry mechanic
Dossier Présent C:\Program Files\Searchprotect
Dossier Présent C:\Program Files\SweetIM
Dossier Présent C:\Program Files\Viewpoint
Dossier Présent C:\ProgramData\Babylon
Dossier Présent C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Dossier Présent C:\ProgramData\SweetIM
Dossier Présent C:\ProgramData\Viewpoint
Dossier Présent C:\Users\jean-luc\AppData\Local\Searchprotect
Dossier Présent C:\Users\jean-luc\AppData\LocalLow\Babylon-English
Dossier Présent C:\Users\jean-luc\AppData\LocalLow\BabylonToolbar
Dossier Présent C:\Users\jean-luc\AppData\LocalLow\boost_interprocess
Dossier Présent C:\Users\jean-luc\AppData\LocalLow\Conduit
Dossier Présent C:\Users\jean-luc\AppData\LocalLow\incredibar.com
Dossier Présent C:\Users\jean-luc\AppData\LocalLow\SweetIM
Dossier Présent C:\Users\jean-luc\AppData\LocalLow\Toolbar4
Dossier Présent C:\Users\jean-luc\AppData\Roaming\Babylon
Dossier Présent C:\Users\jean-luc\AppData\Roaming\DealPly
Dossier Présent C:\Users\jean-luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock
Dossier Présent C:\Users\jean-luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Dossier Présent C:\Users\jean-luc\AppData\Roaming\Nosibay
Dossier Présent C:\Users\jean-luc\AppData\Roaming\WebPlayerBdd
Dossier Présent C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Fichier Présent : C:\END
Fichier Présent : C:\Program Files\Mozilla Firefox\user.js
Fichier Présent : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Fichier Présent : C:\Windows\System32\Tasks\QtraxPlayer

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Présente : HKCU\Software\{1CB94A15-4515-4A88-A296-36DDCA34AF50}
Clé Présente : HKCU\Software\AppDataLow\Software\Conduit
Clé Présente : HKCU\Software\AppDataLow\Software\DynConIE
Clé Présente : HKCU\Software\Conduit
Clé Présente : HKCU\Software\DataMngr
Clé Présente : HKCU\Software\DataMngr_Toolbar
Clé Présente : HKCU\Software\Freeze.com
Clé Présente : HKCU\Software\IM
Clé Présente : HKCU\Software\Iminent
Clé Présente : HKCU\Software\ImInstaller
Clé Présente : HKCU\Software\InstallCore
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\France Toolbar
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video downloader
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8FFA7469-654F-423E-84FE-6A583CB1C284}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FFA7469-654F-423E-84FE-6A583CB1C284}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Clé Présente : HKCU\Software\Nosibay
Clé Présente : HKCU\Software\YahooPartnerToolbar
Clé Présente : HKLM\SOFTWARE\5dfd7ddb068ea47
Clé Présente : HKLM\Software\Babylon
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Clé Présente : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Clé Présente : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Clé Présente : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Clé Présente : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Clé Présente : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{23AF19F7-1D5B-442C-B14C-3D1081953C94}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{8FFA7469-654F-423E-84FE-6A583CB1C284}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Clé Présente : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Clé Présente : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Clé Présente : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Clé Présente : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Clé Présente : HKLM\Software\Classes\Installer\Features\B6EF34C0188ECFA43B48A4BE9C00748E
Clé Présente : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Clé Présente : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Clé Présente : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Clé Présente : HKLM\Software\Classes\Installer\Products\B6EF34C0188ECFA43B48A4BE9C00748E
Clé Présente : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Clé Présente : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Clé Présente : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Clé Présente : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Clé Présente : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Clé Présente : HKLM\SOFTWARE\Classes\Prod.cap
Clé Présente : HKLM\SOFTWARE\Classes\sim-packages
Clé Présente : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Clé Présente : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Clé Présente : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Clé Présente : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Clé Présente : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Clé Présente : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Clé Présente : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Clé Présente : HKLM\SOFTWARE\Classes\TBSB01555.IEToolbar
Clé Présente : HKLM\SOFTWARE\Classes\TBSB01555.IEToolbar.1
Clé Présente : HKLM\SOFTWARE\Classes\TBSB01555.TBSB01555
Clé Présente : HKLM\SOFTWARE\Classes\TBSB01555.TBSB01555.3
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT2359592
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01555
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01555
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01555.1
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01555.1
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Clé Présente : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Clé Présente : HKLM\Software\Conduit
Clé Présente : HKLM\Software\DataMngr
Clé Présente : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Clé Présente : HKLM\Software\Freeze.com
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Clé Présente : HKLM\Software\IB Updater
Clé Présente : HKLM\Software\Iminent
Clé Présente : HKLM\Software\MetaStream
Clé Présente : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Présente : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Clé Présente : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\QtraxPlayer
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38148433-8713-40D6-AB7E-4956C287BA37}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442C-B14C-3D1081953C94}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6EF34C0188ECFA43B48A4BE9C00748E
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\France Toolbar
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video downloader
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Clé Présente : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Clé Présente : HKLM\Software\SearchProtect
Clé Présente : HKLM\Software\Viewpoint
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{08C06D61-F1F3-4799-86F8-BE1A89362C85}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Valeur Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Bubble Dock]
Valeur Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8FFA7469-654F-423E-84FE-6A583CB1C284}]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Valeur Présente : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Valeur Présente : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [***@***]

***** [ Navigateurs ] *****

-\\ Internet Explorer v8.0.6001.19489

Paramètre Présent : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3318857&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP2B5FB1D4-51FA-4B37-90AE-F729CF83D59C&SSPV=
Paramètre Présent : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs] - hxxp://www2.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=699400234D28D293

-\\ Google Chrome v31.0.1650.63

[ Fichier : C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Trouvée : homepage
Trouvée : search_url
Trouvée : suggest_url
Trouvée : keyword
Trouvée : urls_to_restore_on_startup
Trouvée : homepage
Trouvée : search_url
Trouvée : urls_to_restore_on_startup
Trouvée : homepage
Trouvée : search_url
Trouvée : suggest_url
Trouvée : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [36930 octets] - [30/12/2013 22:45:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [36991 octets] ##########

FAUT-IL QUE JE LANCE "NETTOYER" si oui que dois-je cocher ou pas ??

est ce que je remet mon pare feu et avast ????EUH ILS SE SONT REMIS TOUT SEUL EN ACTIVE

tout remarche a merveille , merci beaucoup tu es génial , bonne année a toi et a toute ta famille , et surtout la santé , merciiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii tu es géant

tout remarche a merveille , merci beaucoup tu es génial , bonne année a toi et a toute ta famille , et surtout la santé , merciiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii tu es géant , je vais cocher resolut , a+ merci

oups a bon

alors je suis pret

Rapport de ZHPDiag v2014.1.12.13 - Nicolas Coolman (12/01/2014)
~ Lancé par jean-luc (12/01/2014 21:06:23)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.19489
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Basic, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 44MV3
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v7.0.1426.0
Malwarebytes Anti-Malware version 1.61.0.1400

---\\ Logiciels d'optimisation du système
CCleaner v3.17 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3 - Français

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 52 GB (36%) free of 140 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-JEAN-LUC
~ User Name: jean-luc
~ All Users Names: jean-luc, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\jean-luc\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jean-luc\AppData\Roaming\
~ %Desktop% : C:\Users\jean-luc\Desktop\
~ %Favorites% : C:\Users\jean-luc\Favorites\
~ %LocalAppData% : C:\Users\jean-luc\AppData\Local\
~ %StartMenu% : C:\Users\jean-luc\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 52 Go of 140 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.D40C56B9338EA2C3B3891A6FCE5E51F7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/10/2013 - 09:25:06.) -- C:\Windows\System32\wininet.dll [916992]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2124
~ Mes musiques (My Musics) : 17/2218
~ Mes Favoris (My Favorites) : 1/213
~ Mes Documents (My Documents) : 1/3397
~ Mon Bureau (My Desktop) : 1/46603
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 50s



---\\ Processus lancés
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.1192]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.1232]
[MD5.782FEF655DBF8653C9F2722BEBF7A8A6] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4241512] [PID.1392]
[MD5.16DCC8ACC504A6662BB04A0ED9454A4D] - (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe [959808] [PID.2128]
[MD5.B9AA850CDA55097EB13E03698C8F5828] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [266776] [PID.2216]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.5972]
[MD5.4C9D9C380E70FF2103E5C33EDF7599AD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8334336] [PID.3560]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3416]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1244]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1400]
[MD5.4041D31508A2A084DFB42C595854090F] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44768] [PID.1804]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1876]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.2120]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.2208]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2376]
[MD5.43DBA6069B3FA153FA68C30DE24CD341] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536] [PID.2416]
[MD5.E3EFA45E92B7F0B3DD9DDBB0B11CB24A] - (...) -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448] [PID.2492]
[MD5.C34411A244029F1C08687F7C752C4563] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2984]
[MD5.431723F23D0E065BEF502389E8FFDC10] - (.Pas de propriétaire - STServices.) -- C:\Windows\SMINST\BLService.exe [361808] [PID.3200]
[MD5.17E0BEF5CA5C9CE52CC8082AC6EBC449] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024] [PID.3472]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.3524]
[MD5.CD5F291A1161F15896D1A4D63DAFF5DF] - (.Conexant Systems, Inc. - Modem Audio Service.) -- C:\Windows\system32\DRIVERS\xaudio.exe [386560] [PID.3972]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176] [PID.3392]
[MD5.ECEF404F62863755951E09C802C94AD5] - (.Microsoft Corporation - Détection de services interactifs.) -- C:\Windows\system32\UI0Detect.exe [35840] [PID.4748]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com
G0 - GCSP: Preference [User Data\Default] http://msn.fr
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] Websteroids v.2.6.53 (Activé) =>PUP.TubeDimmer
~ Google Browser: 19 Legitimates Filtered in 00mn 04s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [jean-luc] -- C:\Program Files\Mozilla FireFox\searchplugins\kwinzy116.xml
P2 - FPN: [HKLM] [@Microsoft.com/DownloadManager,version=1.1] - (...) -- (.not file.)
~ Firefox Browser: 36 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fdajo%3f
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Public]: DVD Play.lnk . (.CyberLink Corp. - HP DVDPlay.) -- C:\Program Files\HP\QuickPlay\QP.exe
O4 - GS\Program [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\Program [Public]: Installation du Contrôle Parental.lnk . (.InstallShield Software Corporation - InstallShield (R) Setup Launcher.) -- C:\Program Files\Securitoo\Controle Parental\Controle_parental.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: ViiKiiDesktopPlugin.lnk . (...) -- C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
O4 - GS\QuickLaunch [jean-luc]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [jean-luc]: Son - Raccourci.lnk - Clé orpheline
O4 - GS\Program [jean-luc]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [jean-luc]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [jean-luc]: Solitaire.lnk . (.Microsoft Corporation - Exécutable du jeu Solitaire.) -- C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
O4 - GS\Desktop [jean-luc]: Spider Solitaire.lnk . (.Microsoft Corporation - Exécutable du jeu Spider Solitaire.) -- C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
~ Global Startup: 59 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3566145648-2520767218-88932657-1000\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe
O4 - HKUS\S-1-5-21-3566145648-2520767218-88932657-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (.not file.) =>Toolbar.Conduit
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Internet Updater (InternetUpdater) . (...) - C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
O23 - Service: XAudioService (XAudioService) . (.Conexant Systems, Inc. - Modem Audio Service.) - C:\Windows\System32\DRIVERS\xaudio.exe
~ Services: 14 Legitimates Filtered in 00mn 08s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{C4B76F9F-28BA-4528-81A5-CC6A9FAB71EE}] (...) -- C:\Users\jean-luc\Documents\HC2Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D48EF53A-CC73-4FC1-8834-B1E8E00F553E}] (...) -- F:\AutoTransfer.exe (.not file.) [0]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: Akamai NetSession Interface - (...) [HKCU] -- Akamai
O42 - Logiciel: Akamai NetSession Interface Service - (...) [HKLM] -- Akamai
O42 - Logiciel: Internet Updater - (.Parallel Lines Development, LLC.) [HKLM] -- InternetUpdater
~ Logic: 48 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\PCTools]
[HKLM\Software\IncrediMail]
[HKLM\Software\PCTools]
[HKLM\Software\VBGenerator]
~ Key Software: 369 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/09/2009 - 19:36:27 - [0,444] ----D C:\Program Files\CREDITS
O43 - CFD: 31/05/2009 - 20:44:54 - [0] ----D C:\Program Files\Digsby
O43 - CFD: 19/09/2009 - 19:35:27 - [35,651] ----D C:\Program Files\FRONTEND
O43 - CFD: 19/09/2009 - 19:35:32 - [9,255] ----D C:\Program Files\GLOBAL
O43 - CFD: 19/09/2009 - 19:36:28 - [0,012] ----D C:\Program Files\memcard
O43 - CFD: 19/09/2009 - 19:36:25 - [29,180] ----D C:\Program Files\NIS
O43 - CFD: 19/09/2009 - 19:36:07 - [21,333] ----D C:\Program Files\SOUND
O43 - CFD: 19/09/2009 - 19:35:17 - [83,363] ----D C:\Program Files\TRACKS
O43 - CFD: 07/06/2009 - 22:10:44 - [0] ----D C:\Program Files\WeFi
O43 - CFD: 05/04/2011 - 22:34:03 - [0] ----D C:\ProgramData\gIj31001eDmFd31001
O43 - CFD: 30/12/2013 - 21:50:07 - [1,424] ----D C:\ProgramData\InternetUpdater
O43 - CFD: 30/12/2013 - 21:39:19 - [1,230] ----D C:\ProgramData\RHelpers =>PUP.SearchDonkey
O43 - CFD: 30/12/2013 - 21:39:29 - [0,464] ----D C:\ProgramData\Updater =>PUP.CrossRider
O43 - CFD: 29/05/2012 - 21:54:38 - [16,521] -SH-D C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
O43 - CFD: 31/05/2009 - 20:38:02 - [0] ----D C:\Users\jean-luc\AppData\Roaming\Digsby
O43 - CFD: 31/05/2009 - 20:37:21 - [0,012] ----D C:\Users\jean-luc\AppData\Local\Digsby
~ 4 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 259 Legitimates Filtered in 01mn 05s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.56D1A56F69BB1502E9ED372269EB1945] - 04/01/2014 - 17:29:28 ---A- . (.B.H.A Co.,Ltd. - B.H.A Storage Helper Driver (WindowsNT5.x).) -- C:\Windows\System32\Drivers\bsstor.sys.bak [9088]
O44 - LFC:[MD5.23B62471681A124889978F6295B3F4C6] - 04/01/2014 - 17:29:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [342584]
O44 - LFC:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 04/01/2014 - 17:29:47 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys.bak [35944]
O44 - LFC:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 04/01/2014 - 17:29:47 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys.bak [35944]
O44 - LFC:[MD5.9DA04F53C26E75190E394D7C3B4A7456] - 04/01/2014 - 17:29:53 ---A- . (...) -- C:\Windows\System32\Drivers\MosIrUsb.sys.bak [22016]
O44 - LFC:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 04/01/2014 - 17:30:26 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys.bak [115816]
O44 - LFC:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 04/01/2014 - 17:30:26 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win200.) -- C:\Windows\System32\Drivers\ulsata.sys.bak [98408]
O44 - LFC:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 04/01/2014 - 17:30:26 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys.bak [238648]
O44 - LFC:[MD5.9D72BC2C7E397FF2CB5114A49B639951] - 12/01/2014 - 17:10:52 ---A- . (...) -- C:\Windows\win.ini [254]
O44 - LFC:[MD5.06CA8FCCC3D7C026E721B3004D4A03A9] - 30/12/2013 - 10:39:43 R--A- . (...) -- C:\Pre_Scan_30_12_2013_10_39_43.txt [37665]
~ Files: 324 Legitimates Filtered in 00mn 23s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.42D13105E1876C4CE0B541A79949A5E2] - 12/01/2014 - 17:00:59 ---A- - C:\Windows\Prefetch\PRINTUI.EXE-E9F4354A.pf
~ Prefetcher: 112 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{38877874-d718-11dd-8cf6-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{423fec03-a63f-11df-aa39-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{ac41ee35-a9dc-11dd-9d7b-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{ac41ee3b-a9dc-11dd-9d7b-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{e2d7c6c5-bf9f-11dd-98dc-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{e2d7c6cc-bf9f-11dd-98dc-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{f8be03f0-bcbc-11df-9c39-001d7278d00a}\AutoRun\command - Clé orpheline
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogoff"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoClose"=0
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.56D1A56F69BB1502E9ED372269EB1945] - 02/05/2002 - 02:05:00 ---A- . (.B.H.A Co.,Ltd. - B.H.A Storage Helper Driver (WindowsNT5.x).) -- C:\Windows\System32\Drivers\bsstor.sys [9088]
O58 - SDL:[MD5.56D1A56F69BB1502E9ED372269EB1945] - 04/01/2014 - 17:29:28 ---A- . (.B.H.A Co.,Ltd. - B.H.A Storage Helper Driver (WindowsNT5.x).) -- C:\Windows\System32\Drivers\bsstor.sys.bak [9088]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 04/01/2014 - 17:29:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [342584]
O58 - SDL:[MD5.C1258ADCBE6E51A3C06C234D2BDB81B5] - 24/06/2010 - 13:27:58 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [23424]
O58 - SDL:[MD5.C1258ADCBE6E51A3C06C234D2BDB81B5] - 04/01/2014 - 17:29:35 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys.bak [23424]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 04/01/2014 - 17:29:47 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys.bak [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 04/01/2014 - 17:29:47 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys.bak [35944]
O58 - SDL:[MD5.9DA04F53C26E75190E394D7C3B4A7456] - 11/10/2007 - 11:40:00 ---A- . (...) -- C:\Windows\System32\Drivers\MosIrUsb.sys [22016]
O58 - SDL:[MD5.9DA04F53C26E75190E394D7C3B4A7456] - 04/01/2014 - 17:29:53 ---A- . (...) -- C:\Windows\System32\Drivers\MosIrUsb.sys.bak [22016]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:32:45 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 04/01/2014 - 17:30:26 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys.bak [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 04/01/2014 - 17:30:26 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys.bak [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:32:49 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 04/01/2014 - 17:30:26 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys.bak [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 19 Legitimates Filtered in 00mn 21s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 12/01/2014 - 21:09:58 ---A- . (...) -- C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [267409]
O61 - LFC: 12/01/2014 - 21:10:04 ---A- . (...) -- C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Local State [61415]
O61 - LFC: 12/01/2014 - 21:10:30 ---A- . (...) -- C:\Users\jean-luc\AppData\Roaming\ZHP\Log.txt [48302] =>.Nicolas Coolman
O61 - LFC: 12/01/2014 - 21:10:30 ---A- . (...) -- C:\Users\jean-luc\AppData\Roaming\ZHP\TestsZHPDiag.txt [2913] =>.Nicolas Coolman
~ 20 Fichiers temporaires (Temporary files)
~ Files: 166 Legitimates Filtered in 01mn 38s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] c72a7830-3e2c-4ad9-a3e5-4c52195352ea [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {1FF6833C-34CC-449A-BBCE-2D5534EF61FF} - (Live Search) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {4C2DC590-E0AA-4508-A762-BD7265819DFA} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {5F4764C9-A953-44D8-BA81-4C334ADB8090} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
O69 - SBI: SearchScopes [HKCU] {603BC971-4F47-4440-A256-223067AD7A49} - (Fast Browser Search) - http://www.fastbrowsersearch.com =>PUP.FbSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {6AD016A5-66E5-4779-B8A1-70127F69DF93} - (Yahoo! Search) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035} - (Amazon.com) - https://www.amazon.com/
O69 - SBI: SearchScopes [HKCU] {B4B042D3-092F-4A1F-87E5-A1C5D647C7CC} - (Kelkoo) - http://fr.kelkoopartners.net
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.B4F4F49CF51187C8D8C6771BE362653F] [SPRF][20/11/2012] (.Conduit - Pas de description.) -- C:\Users\jean-luc\AppData\Local\Temp\dlLogic.exe [203704] =>Toolbar.Conduit
[MD5.48967067AAB17A4D17023FA42B1F7F4D] [SPRF][24/10/2013] (.Conduit Ltd. - Conduit Toolbar Verifier.) -- C:\Users\jean-luc\AppData\Local\Temp\GCVerifier.dll [287520] =>Toolbar.Conduit
[MD5.BEDCCAC49052DBC36E1C24E2BAB83341] [SPRF][03/10/2013] (.Conduit - Pas de description.) -- C:\Users\jean-luc\AppData\Local\Temp\mMamStub.exe [197976] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\jean-luc\AppData\Local\Temp\nse605B.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\jean-luc\AppData\Local\Temp\nsjA1BB.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\jean-luc\AppData\Local\Temp\nso56D8.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\jean-luc\AppData\Local\Temp\nsyB155.exe [167812] =>Toolbar.Conduit
[MD5.F0A5B44B9B8A23E2F2950B346B5C7718] [SPRF][23/12/2013] (...) -- C:\Users\jean-luc\AppData\Local\Temp\Quarantine.exe [360051]
[MD5.871828ECBD7BD52F1ECB42BB6E19DEB1] [SPRF][13/10/2004] (...) -- C:\Program Files\SafeMode.bat [13]
[MD5.E4B31B8CC2CEB446EE6A6003550FAAE4] [SPRF][06/11/2008] (...) -- C:\Windows\Downloaded Program Files\cfweb_www.bobtv.fr-download_instmodule.exe [99936]
[MD5.6F678556A6FCE04FC94F3435F6313705] [SPRF][02/11/2008] (...) -- C:\Windows\Downloaded Program Files\unagiuninst.exe [38428]
~ Files: 13 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C4B8DECC48DA9208CB64B40E8B2F3023] [WIS][29/12/2011] (.ahead software gmbh - Nero - Burning Rom.) -- C:\Windows\Installer\11c139a.msi [4911104]
[MD5.42FFF09998CA877BBA856F34455B99EE] [WIS][29/12/2008] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\19d7a98.msi [121344]
[MD5.F2E1A6236CAA68443C42204CDAD80B4F] [WIS][29/12/2008] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\19d7ac4.msi [646656]
[MD5.FA12A5AECAA8D4AA7CCA6E542E443AA8] [WIS][29/12/2008] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\19d7aea.msi [121344]
[MD5.42D4AA0FF381EDBF7AC80EBADDA15C6B] [WIS][05/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\1b084.msi [1634304]
[MD5.EC638ABEFD66B677F799754050EE963F] [WIS][12/11/2012] (.SweetIM Technologies Ltd. - SweetIM for Messenger 3.7.) -- C:\Windows\Installer\1b8a9986.msi [2046464] =>PUP.SweetIM
[MD5.31FEEA696F8D10A21873D23C8C41F08C] [WIS][12/11/2012] (.SweetIM Technologies Ltd. - SweetPacks Toolbar for Internet Explorer 4.0.) -- C:\Windows\Installer\1b8a998c.msi [2044928] =>PUP.SweetIM
[MD5.DBE0DE4A9953F173467AAF720492DE65] [WIS][12/11/2012] (.SweetIM Technologies Ltd. - Sweetpacks Communicator 1.1.) -- C:\Windows\Installer\1b8a9992.msi [2093568] =>PUP.SweetIM
[MD5.66B519ABF9AAC98670FFC26735826E90] [WIS][12/11/2012] (.SweetIM Technologies Ltd. - SweetPacks bundle uninstaller.) -- C:\Windows\Installer\1b8a9998.msi [2555392] =>PUP.SweetIM
~ WIS: 169 Legitimates Filtered in 00mn 12s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 17/09/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/09/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/05/2008 165192 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 01/10/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 29/09/2010 616448 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 21/01/2008 21504 | c:\program files\common files\akamai\netsession_win_8fa3539.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 07/03/2012 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Disabled 10/07/1658 0 | (avast! Firewall) . (...) - C:\Program Files\Alwil Software\Avast5\afwServ.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/03/2009 65536 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 06/12/2013 40448 | (InternetUpdater) . (...) - C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
SR - | Auto 04/03/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/04/2008 361808 | (Recovery Service for Windows) . (...) - C:\Windows\SMINST\BLService.exe
SR - | Auto 09/01/2007 272024 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/10/2007 386560 | (XAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\DRIVERS\xaudio.exe

~ Services: Scanned in 00mn 15s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by jean-luc at 12/01/2014 21:13:06

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys USBPORT.SYS usbehci.sys dxgkrnl.sys igdkmd32.sys win32k.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys Intel Corporation Intel Graphics Accelerator Drivers for Windows XP(R)
1 ntkrnlpa!IofCallDriver[0x82E50916] >> \Device\Harddisk0\DR0[0x86CC9200]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by jean-luc at 12/01/2014 21:13:08

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13022 - (12/01/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 18

[HKLM\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb] =>PUP.TubeDimmer^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}] =>Adware.IMBooster
[HKLM\Software\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca] =>Adware.IncrediBar
C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb =>PUP.TubeDimmer^
C:\ProgramData\RHelpers =>PUP.SearchDonkey^
C:\ProgramData\Updater =>PUP.CrossRider^
C:\Program Files\vGrabber-software =>PUP.vGrabber
C:\Users\jean-luc\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit^
C:\Users\jean-luc\AppData\Local\Temp\GCVerifier.dll =>Toolbar.Conduit^
C:\Users\jean-luc\AppData\Local\Temp\mMamStub.exe =>Toolbar.Conduit^
C:\Users\jean-luc\AppData\Local\Temp\nse605B.exe =>Toolbar.Conduit^
C:\Users\jean-luc\AppData\Local\Temp\nsjA1BB.exe =>Toolbar.Conduit^
C:\Users\jean-luc\AppData\Local\Temp\nso56D8.exe =>Toolbar.Conduit^
C:\Users\jean-luc\AppData\Local\Temp\nsyB155.exe =>Toolbar.Conduit^
C:\Windows\Installer\1b8a9986.msi =>PUP.SweetIM^
C:\Windows\Installer\1b8a998c.msi =>PUP.SweetIM^
C:\Windows\Installer\1b8a9992.msi =>PUP.SweetIM^
C:\Windows\Installer\1b8a9998.msi =>PUP.SweetIM^
~ Additionnel Scan: 451418 Items scanned in 00mn 49s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/37242682-pup-tubedimmer =>PUP.TubeDimmer
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/38839825-pup-searchdonkey =>PUP.SearchDonkey
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/27629963-pup-fbsearch =>PUP.Fbsearch
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
~ http://nicolascoolman.webs.com/apps/blog/show/27632288-toolbar-vgrabber =>PUP.vGrabber
~ MSI: 10 link(s) detected in 00mn 49s



~ 1783 Legitimates filtered by white list
End of the scan (623 lines in 07mn 35s)(0)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista (TM) Home Basic x86
Ran by jean-luc on 12/01/2014 at 21:39:26,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1FF6833C-34CC-449A-BBCE-2D5534EF61FF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C2DC590-E0AA-4508-A762-BD7265819DFA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{603BC971-4F47-4440-A256-223067AD7A49}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B4B042D3-092F-4A1F-87E5-A1C5D647C7CC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4C2DC590-E0AA-4508-A762-BD7265819DFA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B4B042D3-092F-4A1F-87E5-A1C5D647C7CC}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\jean-luc\appdata\local\{8C1AFDFB-ACCC-44C4-B0BB-81F8CAAD48C2}
Successfully deleted: [Empty Folder] C:\Users\jean-luc\appdata\local\{A8FB0202-5294-4746-BFD5-7256F1569725}
Successfully deleted: [Empty Folder] C:\Users\jean-luc\appdata\local\{F2D5B67A-ED50-48EA-BCFE-4E61916DE0D9}
Successfully deleted: [Empty Folder] C:\Users\jean-luc\appdata\local\{F330AF57-880C-4095-BCFF-EDD3810A9951}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\jean-luc\appdata\local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/01/2014 at 21:46:01,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

je file au lit , avast est mis a jour , Mbam est desinstaller , le scan tourne avec Mbam le nouveau , (avec redemarrage de l'ordi avant )pour l'instant 14 élément détecté (en rouge) , bonne nuit a demain lol

avant le redemarrage
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.01.12.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19489
jean-luc :: PC-DE-JEAN-LUC [administrateur]

12/01/2014 22:49:03
mbam-log-2014-01-12 (22-49-03).txt

Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 556669
Temps écoulé: 2 heure(s), 32 minute(s), 41 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 6
HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Mis en quarantaine et supprimé avec succès.
HKCR\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A} (PUP.Optional.DynConIE.A) -> Mis en quarantaine et supprimé avec succès.
HKCR\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} (PUP.Optional.WebSteroids.A) -> Mis en quarantaine et supprimé avec succès.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL (PUP.Optional.DynConIE.A) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 1
HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater|ImagePath (PUP.Optional.InternetUpdater.A) -> Données: "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe" -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 5
C:\ProgramData\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jean-luc\AppData\Local\Temp\CT3318857 (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 76
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdater.A) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\vGrabber-software\Uninstall.exe (PUP.BundleInstaller.VG) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jean-luc\AppData\Local\Temp\nse605B.exe (PUP.Optional.SearchProtect.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jean-luc\AppData\Local\Temp\nsjA1BB.exe (PUP.Optional.SearchProtect.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jean-luc\AppData\Local\Temp\nso56D8.exe (PUP.Optional.SearchProtect.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jean-luc\AppData\Local\Temp\nsyB155.exe (PUP.Optional.SearchProtect.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jean-luc\AppData\Local\Temp\mMamStub.exe (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jean-luc\Downloads\Setup_TSV2RWAC.exe (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jean-luc\Downloads\Babylon9_setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Installer\1b8a9992.msi (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Installer\1b8a9998.msi (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Installer\1b8a9986.msi (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Installer\1b8a998c.msi (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgcommon.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgcommunication.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgsimcommon.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgxml_wrapper.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mghooking.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgArchive.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommon.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommunication.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgconfig.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgFlashPlayer.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQAuto.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mglogger.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMediaPlayer.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnAuto.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgsimcommon.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgSweetIM.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgUpdateSupport.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgxml_wrapper.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooAuto.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\SweetIM.exe.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir (PUP.Optional.SweetPacks) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\mgHelperGCFB.dll.vir (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Users\jean-luc\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Update.exe.vir (PUP.Optional.BubbleDock.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Users\jean-luc\AppData\Roaming\Nosibay\Bubble Dock\Uninstall Bubble Dock.exe.vir (PUP.Optional.BubbleDock.A) -> Mis en quarantaine et supprimé avec succès.
D:\Program Files\skype.exe (PUP.Optional.InstallCore.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jean-luc\AppData\Roaming\Bubble Dock.boostrap.log (PUP.Optional.Bubbledock.A) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\InternetUpdater\InternetUpdater.ico (PUP.Optional.InternetUpdater.A) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\InternetUpdater\app.dat (PUP.Optional.InternetUpdater.A) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\InternetUpdater\data.dat (PUP.Optional.InternetUpdater.A) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config (PUP.Optional.InternetUpdater.A) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\InternetUpdater\Uninstall.exe (PUP.Optional.InternetUpdater.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\jean-luc\AppData\Local\Temp\CT3318857\ddt.csf (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.

(fin)

Rapport de ZHPDiag v2014.1.12.13 - Nicolas Coolman (12/01/2014)
~ Lancé par jean-luc (13/01/2014 19:16:33)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.19489
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Basic, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 44MV3
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du système
CCleaner v3.17 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3 - Français

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (33%) free of 140 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-JEAN-LUC
~ User Name: jean-luc
~ All Users Names: jean-luc, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\jean-luc\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jean-luc\AppData\Roaming\
~ %Desktop% : C:\Users\jean-luc\Desktop\
~ %Favorites% : C:\Users\jean-luc\Favorites\
~ %LocalAppData% : C:\Users\jean-luc\AppData\Local\
~ %StartMenu% : C:\Users\jean-luc\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 140 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.D40C56B9338EA2C3B3891A6FCE5E51F7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/10/2013 - 09:25:06.) -- C:\Windows\System32\wininet.dll [916992]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2124
~ Mes musiques (My Musics) : 17/2214
~ Mes Favoris (My Favorites) : 1/213
~ Mes Documents (My Documents) : 1/3399
~ Mon Bureau (My Desktop) : 1/46604
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 30s



---\\ Processus lancés
[MD5.B9AA850CDA55097EB13E03698C8F5828] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [266776] [PID.3400]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.1344]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.3792]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024] [PID.3424]
[MD5.16DCC8ACC504A6662BB04A0ED9454A4D] - (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe [959808] [PID.2404]
[MD5.4C9D9C380E70FF2103E5C33EDF7599AD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8334336] [PID.4484]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1136]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1276]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1384]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1768]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1792]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.872]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.544]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1992]
[MD5.43DBA6069B3FA153FA68C30DE24CD341] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536] [PID.1932]
[MD5.C34411A244029F1C08687F7C752C4563] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2136]
[MD5.431723F23D0E065BEF502389E8FFDC10] - (.Pas de propriétaire - STServices.) -- C:\Windows\SMINST\BLService.exe [361808] [PID.2236]
[MD5.17E0BEF5CA5C9CE52CC8082AC6EBC449] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024] [PID.2448]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2496]
[MD5.CD5F291A1161F15896D1A4D63DAFF5DF] - (.Conexant Systems, Inc. - Modem Audio Service.) -- C:\Windows\system32\DRIVERS\xaudio.exe [386560] [PID.3136]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176] [PID.3536]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com
G0 - GCSP: Preference [User Data\Default] http://msn.fr
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] Websteroids v.2.6.53 (Activé) =>PUP.TubeDimmer
~ Google Browser: 18 Legitimates Filtered in 00mn 04s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [jean-luc] -- C:\Program Files\Mozilla FireFox\searchplugins\kwinzy116.xml
P2 - FPN: [HKLM] [@Microsoft.com/DownloadManager,version=1.1] - (...) -- (.not file.)
~ Firefox Browser: 36 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fdajo%3f
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Public]: DVD Play.lnk . (.CyberLink Corp. - HP DVDPlay.) -- C:\Program Files\HP\QuickPlay\QP.exe
O4 - GS\Program [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\Program [Public]: Installation du Contrôle Parental.lnk . (.InstallShield Software Corporation - InstallShield (R) Setup Launcher.) -- C:\Program Files\Securitoo\Controle Parental\Controle_parental.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: ViiKiiDesktopPlugin.lnk . (...) -- C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
O4 - GS\QuickLaunch [jean-luc]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [jean-luc]: Son - Raccourci.lnk - Clé orpheline
O4 - GS\Program [jean-luc]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [jean-luc]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [jean-luc]: Solitaire.lnk . (.Microsoft Corporation - Exécutable du jeu Solitaire.) -- C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
O4 - GS\Desktop [jean-luc]: Spider Solitaire.lnk . (.Microsoft Corporation - Exécutable du jeu Spider Solitaire.) -- C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
~ Global Startup: 61 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3566145648-2520767218-88932657-1000\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe
O4 - HKUS\S-1-5-21-3566145648-2520767218-88932657-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{043B3E80-504F-4355-B960-2C0902E68C01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{A0EC168F-69A1-43C5-86AB-95EEB5589D9A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{B509A3B5-D4CE-4A90-862E-7AAD071217E6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{C4B76F9F-28BA-4528-81A5-CC6A9FAB71EE}] (...) -- C:\Users\jean-luc\Documents\HC2Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D48EF53A-CC73-4FC1-8834-B1E8E00F553E}] (...) -- F:\AutoTransfer.exe (.not file.) [0]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 02s



---\\ Logiciels installés (O42)
O42 - Logiciel: Akamai NetSession Interface - (...) [HKCU] -- Akamai
O42 - Logiciel: Akamai NetSession Interface Service - (...) [HKLM] -- Akamai
~ Logic: 47 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\PCTools]
[HKLM\Software\IncrediMail]
[HKLM\Software\PCTools]
[HKLM\Software\VBGenerator]
~ Key Software: 366 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/09/2009 - 19:36:27 - [0,444] ----D C:\Program Files\CREDITS
O43 - CFD: 31/05/2009 - 20:44:54 - [0] ----D C:\Program Files\Digsby
O43 - CFD: 19/09/2009 - 19:35:27 - [35,651] ----D C:\Program Files\FRONTEND
O43 - CFD: 19/09/2009 - 19:35:32 - [9,255] ----D C:\Program Files\GLOBAL
O43 - CFD: 19/09/2009 - 19:36:28 - [0,012] ----D C:\Program Files\memcard
O43 - CFD: 19/09/2009 - 19:36:25 - [29,180] ----D C:\Program Files\NIS
O43 - CFD: 19/09/2009 - 19:36:07 - [21,333] ----D C:\Program Files\SOUND
O43 - CFD: 19/09/2009 - 19:35:17 - [83,363] ----D C:\Program Files\TRACKS
O43 - CFD: 07/06/2009 - 22:10:44 - [0] ----D C:\Program Files\WeFi
O43 - CFD: 05/04/2011 - 22:34:03 - [0] ----D C:\ProgramData\gIj31001eDmFd31001
O43 - CFD: 13/01/2014 - 09:53:31 - [0] ----D C:\ProgramData\RHelpers =>PUP.SearchDonkey
O43 - CFD: 30/12/2013 - 21:39:29 - [0,464] ----D C:\ProgramData\Updater =>PUP.CrossRider
O43 - CFD: 29/05/2012 - 21:54:38 - [16,521] -SH-D C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
O43 - CFD: 31/05/2009 - 20:38:02 - [0] ----D C:\Users\jean-luc\AppData\Roaming\Digsby
O43 - CFD: 31/05/2009 - 20:37:21 - [0,012] ----D C:\Users\jean-luc\AppData\Local\Digsby
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 257 Legitimates Filtered in 01mn 02s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.56D1A56F69BB1502E9ED372269EB1945] - 04/01/2014 - 17:29:28 ---A- . (.B.H.A Co.,Ltd. - B.H.A Storage Helper Driver (WindowsNT5.x).) -- C:\Windows\System32\Drivers\bsstor.sys.bak [9088]
O44 - LFC:[MD5.23B62471681A124889978F6295B3F4C6] - 04/01/2014 - 17:29:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [342584]
O44 - LFC:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 04/01/2014 - 17:29:47 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys.bak [35944]
O44 - LFC:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 04/01/2014 - 17:29:47 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys.bak [35944]
O44 - LFC:[MD5.9DA04F53C26E75190E394D7C3B4A7456] - 04/01/2014 - 17:29:53 ---A- . (...) -- C:\Windows\System32\Drivers\MosIrUsb.sys.bak [22016]
O44 - LFC:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 04/01/2014 - 17:30:26 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys.bak [115816]
O44 - LFC:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 04/01/2014 - 17:30:26 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win200.) -- C:\Windows\System32\Drivers\ulsata.sys.bak [98408]
O44 - LFC:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 04/01/2014 - 17:30:26 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys.bak [238648]
O44 - LFC:[MD5.9D72BC2C7E397FF2CB5114A49B639951] - 12/01/2014 - 17:10:52 ---A- . (...) -- C:\Windows\win.ini [254]
O44 - LFC:[MD5.06CA8FCCC3D7C026E721B3004D4A03A9] - 30/12/2013 - 10:39:43 R--A- . (...) -- C:\Pre_Scan_30_12_2013_10_39_43.txt [37665]
~ Files: 335 Legitimates Filtered in 00mn 17s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.17E1F7BC4B10EA704C5E6796C8B4C043] - 13/01/2014 - 17:41:23 ---A- - C:\Windows\Prefetch\INSTUP.EXE-033E266D.pf
~ Prefetcher: 54 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{38877874-d718-11dd-8cf6-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{423fec03-a63f-11df-aa39-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{ac41ee35-a9dc-11dd-9d7b-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{ac41ee3b-a9dc-11dd-9d7b-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{e2d7c6c5-bf9f-11dd-98dc-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{e2d7c6cc-bf9f-11dd-98dc-001d7278d00a}\AutoRun\command - Clé orpheline
O51 - MPSK:{f8be03f0-bcbc-11df-9c39-001d7278d00a}\AutoRun\command - Clé orpheline
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogoff"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoClose"=0
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 12/01/2014 - 22:18:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 12/01/2014 - 22:18:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.56D1A56F69BB1502E9ED372269EB1945] - 02/05/2002 - 02:05:00 ---A- . (.B.H.A Co.,Ltd. - B.H.A Storage Helper Driver (WindowsNT5.x).) -- C:\Windows\System32\Drivers\bsstor.sys [9088]
O58 - SDL:[MD5.56D1A56F69BB1502E9ED372269EB1945] - 04/01/2014 - 17:29:28 ---A- . (.B.H.A Co.,Ltd. - B.H.A Storage Helper Driver (WindowsNT5.x).) -- C:\Windows\System32\Drivers\bsstor.sys.bak [9088]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 04/01/2014 - 17:29:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [342584]
O58 - SDL:[MD5.C1258ADCBE6E51A3C06C234D2BDB81B5] - 24/06/2010 - 13:27:58 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [23424]
O58 - SDL:[MD5.C1258ADCBE6E51A3C06C234D2BDB81B5] - 04/01/2014 - 17:29:35 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys.bak [23424]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 04/01/2014 - 17:29:47 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys.bak [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 04/01/2014 - 17:29:47 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys.bak [35944]
O58 - SDL:[MD5.9DA04F53C26E75190E394D7C3B4A7456] - 11/10/2007 - 11:40:00 ---A- . (...) -- C:\Windows\System32\Drivers\MosIrUsb.sys [22016]
O58 - SDL:[MD5.9DA04F53C26E75190E394D7C3B4A7456] - 04/01/2014 - 17:29:53 ---A- . (...) -- C:\Windows\System32\Drivers\MosIrUsb.sys.bak [22016]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:32:45 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 04/01/2014 - 17:30:26 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys.bak [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 04/01/2014 - 17:30:26 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys.bak [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:32:49 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 04/01/2014 - 17:30:26 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys.bak [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 21 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 12/01/2014 - 19:19:34 ---A- . (...) -- C:\Users\jean-luc\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 12/01/2014 - 19:19:34 ---A- . (...) -- C:\Users\jean-luc\AppData\Roaming\ZHP\ZHPDiag.txt [48049] =>.Nicolas Coolman
O61 - LFC: 12/01/2014 - 19:19:59 ---A- . (...) -- C:\Users\jean-luc\Documents\Rapport de ZHPDiag v2014 12 01 2014.docx [31547] =>.Nicolas Coolman
O61 - LFC: 13/01/2014 - 19:19:06 ---A- . (...) -- C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [267458]
O61 - LFC: 13/01/2014 - 19:19:06 ---A- . (...) -- C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 13/01/2014 - 19:19:08 ---A- . (...) -- C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Local State [61368]
O61 - LFC: 13/01/2014 - 19:19:34 ---A- . (...) -- C:\Users\jean-luc\AppData\Roaming\ZHP\Log.txt [72048] =>.Nicolas Coolman
O61 - LFC: 13/01/2014 - 19:19:34 ---A- . (...) -- C:\Users\jean-luc\AppData\Roaming\ZHP\TestsZHPDiag.txt [2913] =>.Nicolas Coolman
~ 26 Fichiers temporaires (Temporary files)
~ Files: 190 Legitimates Filtered in 01mn 33s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] c72a7830-3e2c-4ad9-a3e5-4c52195352ea [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {5F4764C9-A953-44D8-BA81-4C334ADB8090} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {6AD016A5-66E5-4779-B8A1-70127F69DF93} - (Yahoo! Search) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035} - (Amazon.com) - https://www.amazon.com/
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.B4F4F49CF51187C8D8C6771BE362653F] [SPRF][20/11/2012] (.Conduit - Pas de description.) -- C:\Users\jean-luc\AppData\Local\Temp\dlLogic.exe [203704] =>Toolbar.Conduit
[MD5.48967067AAB17A4D17023FA42B1F7F4D] [SPRF][24/10/2013] (.Conduit Ltd. - Conduit Toolbar Verifier.) -- C:\Users\jean-luc\AppData\Local\Temp\GCVerifier.dll [287520] =>Toolbar.Conduit
[MD5.F0A5B44B9B8A23E2F2950B346B5C7718] [SPRF][23/12/2013] (...) -- C:\Users\jean-luc\AppData\Local\Temp\Quarantine.exe [360051]
[MD5.871828ECBD7BD52F1ECB42BB6E19DEB1] [SPRF][13/10/2004] (...) -- C:\Program Files\SafeMode.bat [13]
[MD5.E4B31B8CC2CEB446EE6A6003550FAAE4] [SPRF][06/11/2008] (...) -- C:\Windows\Downloaded Program Files\cfweb_www.bobtv.fr-download_instmodule.exe [99936]
[MD5.6F678556A6FCE04FC94F3435F6313705] [SPRF][02/11/2008] (...) -- C:\Windows\Downloaded Program Files\unagiuninst.exe [38428]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C4B8DECC48DA9208CB64B40E8B2F3023] [WIS][29/12/2011] (.ahead software gmbh - Nero - Burning Rom.) -- C:\Windows\Installer\11c139a.msi [4911104]
[MD5.42FFF09998CA877BBA856F34455B99EE] [WIS][29/12/2008] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\19d7a98.msi [121344]
[MD5.F2E1A6236CAA68443C42204CDAD80B4F] [WIS][29/12/2008] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\19d7ac4.msi [646656]
[MD5.FA12A5AECAA8D4AA7CCA6E542E443AA8] [WIS][29/12/2008] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\19d7aea.msi [121344]
[MD5.42D4AA0FF381EDBF7AC80EBADDA15C6B] [WIS][05/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\1b084.msi [1634304]
~ WIS: 165 Legitimates Filtered in 00mn 09s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 17/09/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/09/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/05/2008 165192 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 01/10/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 29/09/2010 616448 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 21/01/2008 21504 | c:\program files\common files\akamai\netsession_win_8fa3539.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 12/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Disabled 10/07/1658 0 | (avast! Firewall) . (...) - C:\Program Files\Alwil Software\Avast5\afwServ.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/03/2009 65536 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 04/03/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/04/2008 361808 | (Recovery Service for Windows) . (...) - C:\Windows\SMINST\BLService.exe
SR - | Auto 09/01/2007 272024 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/10/2007 386560 | (XAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\DRIVERS\xaudio.exe

~ Services: Scanned in 00mn 10s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by jean-luc at 13/01/2014 19:21:44

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13022 - (12/01/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 4

[HKLM\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb] =>PUP.TubeDimmer^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}] =>Adware.IMBooster
C:\Users\jean-luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb =>PUP.TubeDimmer^
C:\ProgramData\RHelpers =>PUP.SearchDonkey^
C:\ProgramData\Updater =>PUP.CrossRider^
C:\Program Files\vGrabber-software =>PUP.vGrabber
C:\Users\jean-luc\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit^
C:\Users\jean-luc\AppData\Local\Temp\GCVerifier.dll =>Toolbar.Conduit^
~ Additionnel Scan: 451512 Items scanned in 00mn 34s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/37242682-pup-tubedimmer =>PUP.TubeDimmer
~ http://nicolascoolman.webs.com/apps/blog/show/38839825-pup-searchdonkey =>PUP.SearchDonkey
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27632288-toolbar-vgrabber =>PUP.vGrabber
~ MSI: 7 link(s) detected in 00mn 34s



~ 1758 Legitimates filtered by white list
End of the scan (573 lines in 05mn 46s)(0)