Sujet Précédent Sujet Suivant

Probleme avec windows vista

Fermé
nemausus30 Messages postés 176 Date d'inscription jeudi 6 septembre 2012 Statut Membre Dernière intervention 25 juin 2015 - 8 avril 2013 à 23:31
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 - 12 avril 2013 à 17:38
Bonjour, àtous j'ai un problème avec vista ci joint un rapport ZHPDiag,si quelqu'un peut m'aider merci à lui.voici le rapport de scan ZHPDiagRapport de ZHPDiag v2013.4.5.28 par Nicolas Coolman, Update du 05/04/2013
Run by gab at 06/04/2013 01:00:30
State : Version à jour.
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 20.0 v20.0 (Defaut)
GCIE: Google Chrome v26.0.1410.43

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : 9QJXR
Windows License : OK
Windows Automatic Updates : OK

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2037 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 73 GB (64%) free of 112 GB

---\\ Logged in mode
~ Computer Name: PC-DE-GAB
~ User Name: gab
~ All Users Names: gab, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\gab\AppData\Roaming\
~ %Desktop% : C:\Users\gab\Desktop\
~ %Favorites% : C:\Users\gab\Favorites\
~ %LocalAppData% : C:\Users\gab\AppData\Local\
~ %StartMenu% : C:\Users\gab\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 73 Go of 112 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.03728C624D05C2F157BBD46F6B7F6EA0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 04:30:21.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/612
~ Mes musiques (My Musics) : 1/45
~ Mes Videos (My Videos) : 1/11
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 1/36
~ Mon Bureau (My Desktop) : 1/25
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.BB13432FA552AFCE8A66BCB5EE85F652] - (...) -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2569168] [PID.1924] =>Toolbar.Babylon
[MD5.5F529FBB095CBC9F14BB1E97A7A6B547] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [166424] [PID.4060]
[MD5.9AEF1107109189F955192D4B714B516C] - (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [90112] [PID.2100]
[MD5.D8A33AF26E4143F7A892009890BB6F64] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [133656] [PID.844]
[MD5.766E24A20116AFA41F380B57FFE7AF02] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328] [PID.2436]
[MD5.34A3539B15A361F2A92E28C3124D148D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4251328] [PID.1376]
[MD5.0A61A3ACE26CA4FC637BC8AF8C05CC00] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032] [PID.1740] =>PUP.SweetIM
[MD5.F920FBB43C1CDB905044C91B9A3FD516] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18643560] [PID.1756]
[MD5.734006A2DB2404138F2C1A2CB86D32EF] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [256536] [PID.3068]
[MD5.4BAFEB055A5D44D69DAA437BAD787663] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe [90112] [PID.2060]
[MD5.6E5876A0BBCD9146A4DB62C68BB99EE6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6493184] [PID.1528]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3260]
[MD5.C1F19D2BACBEE9AB64D9AE69E9859AC0] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456] [PID.1064]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1396]
[MD5.01E80E1DE60650BC61E9A0A513B0DDD8] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.2044]
[MD5.891B795CBA240A9C2BAC13B8B5FC31D7] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [130304] [PID.224]
[MD5.7DB02C7ED0C79C40EC1D845691E98FF5] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe [57344] [PID.2180]
[MD5.B4139011FADDBDAE615961548E75E5C5] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337] [PID.2332]
[MD5.F0F6BEE889236BB6D6A94560D7EEA2AC] - (.RealNetworks, Inc. - Online Games Manager.) -- C:\Program Files\Online Games Manager\ogmservice.exe [559168] [PID.2736]
[MD5.627FA58ADC043704F9D14CA44340956F] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe [360224] [PID.2832]
[MD5.E570ECA850F30EB740C2E9699DF3D2BD] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- c:\Program Files\Microsoft Security Client\NisSrv.exe [295232] [PID.3768]
[MD5.A1545B731579895D8CC44FC0481C1192] - (.Microsoft Corporation - Service de la passerelle de la couche Appli.) -- C:\Windows\System32\alg.exe [59392] [PID.3848]
~ Processes Running: Scanned in 00mn 10s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\gab\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\1hoelnf4.default\prefs.js
C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\ruqve71n.default\prefs.js
C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\yi276baa.default\prefs.js
C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\yi276baa.default\user.js
M3 - MFPP: Plugins - [gab] -- C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\1hoelnf4.default\searchplugins\fbdownloader_search.xml
M3 - MFPP: Plugins - [gab] -- C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\yi276baa.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [gab] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [gab] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [gab] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [gab] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [gab] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [gab] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [gab] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [gab] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.6.8.638.) -- C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.13.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Windows\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3508.1109] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3555.0308] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@pages.tvunetworks.com/WebPlayer] - (.TVU networks - 2,5,3,1.) -- C:\Windows\system32\TVUAx\npTVUAx.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.19] - (.Veetle Inc - Version 0.9.19, Copyright 2006-2012 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\plugins\npVeetle.dll
P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.18] - (.Veetle Inc - Version 0.9.18, copyright 2006-2010 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\Player\npvlc.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.2] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.5] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com =>Toolbar.DeltaSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.VideoLAN - VLC media player Web Plugin 2.0.2.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 18



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
~ BHO: 4 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SystrayORAHSS] . (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe =>PUP.SweetIM
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3128661018-94020315-1220936078-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-3128661018-94020315-1220936078-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop: Video Converter.lnk . (...) -- C:\Program Files\VideoConverter\VideoConverter.exe
~ Global Startup: Scanned in 00mn 04s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 6 Legitimates Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0143862B-E4BF-4E65-BB73-26ED67355D8A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{699F297B-C8BA-47A1-927A-F5904756D430}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{699F297B-C8BA-47A1-927A-F5904756D430}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll =>Toolbar.Babylon
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
O23 - Service: Online Games Manager (ogmservice) . (.RealNetworks, Inc. - Online Games Manager.) - C:\Program Files\Online Games Manager\ogmservice.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 8 Legitimates Scanned in 00mn 21s



---\\ Enumération Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SpeedUpMyPC.job [242]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\spmonitor.job [320]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Test TimeTrigger.job [396]
[MD5.00000000000000000000000000000000] [APT] [SpeedUpMyPC] (...) -- C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [spmonitor] (...) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Updater19962.exe] (...) -- C:\Users\gab\AppData\Local\Updater19962\Updater19962.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0A88E7C0-5A9E-4D9A-8355-98FD20FF1758}] (...) -- C:\Program Files\MakeHuman 0.9.1 RC1\uninstall.exe (.not file.) [0]
[MD5.06623A1845FF79E5088D98F8A234F2D1] [APT] [{1054502C-02AB-4AD6-A793-BFBF21480251}] (.Apple Computer, Inc..) -- C:\Windows\system32\QuickTime.cpl [202240]
[MD5.60106EBB64BE0CA658A3CC843214A78B] [APT] [{584176B7-4568-4CDE-BC64-1A013299BED1}] (.Intel Corporation.) -- C:\Windows\system32\igfxcpl.cpl [122880]
[MD5.F73246900E717D7524BD7E0FC40A12B2] [APT] [{5A859366-DFA7-4F06-9522-60048BD2A8AD}] (.France Telecom SA.) -- C:\Program Files\OrangeHSS\Uninstall\Browser\Shell.exe [28672]
[MD5.00000000000000000000000000000000] [APT] [{5C5545CD-2120-49AA-A06B-7DF00E2C01A4}] (...) -- C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl" -c Adobe Gamma (.not file.) [0]
~ Scheduled Task: 24 Legitimates Scanned in 00mn 06s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 14 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
~ Drivers: 40 Legitimates Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon
O42 - Logiciel: Bundled software uninstaller - (...) [HKLM] -- bi_uninstaller
O42 - Logiciel: Celtx (2.9) - (.Greyfirst.) [HKLM] -- Celtx (2.9)
O42 - Logiciel: EZdrummer - (.Toontrack.) [HKLM] -- {43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}
O42 - Logiciel: Online Games Manager v1.20 - (.Real Networks, Inc..) [HKLM] -- Online Games Manager
O42 - Logiciel: Pack Tux XP 3.0 - (.Bricomix.) [HKLM] -- Pack Tux XP
O42 - Logiciel: SweetIM Bundle by SweetPacks - (.SweetPacks LTD.) [HKLM] -- SweetIM Bundle by SweetPacks =>PUP.SweetIM
O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM] -- {A0C9DF2B-89B5-4483-8983-18A68200F1B4} =>PUP.SweetIM
O42 - Logiciel: SweetPacks Toolbar For Firefox 1.11.0.2 - (...) [HKLM] -- {EEE6C374-6118-11DC-9C72-001320C79847} =>PUP.SweetIM
O42 - Logiciel: SweetPacks Updater - (...) [HKLM] -- WNLT =>PUP.SweetIM
O42 - Logiciel: avast! Free Antivirus v7.0.1455.0 - (.AVAST Software.) [HKLM] -- avast
O42 - Logiciel: fTalk - (.Koyote-Lab Inc.) [HKCU] -- fTalk
~ Logic: 86 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5a6dfdeb63ce415]
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\BI]
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\CodeStuff]
[HKCU\Software\DXTransform]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\PerformerSoft]
[HKCU\Software\Sarbakan]
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Sonalksis]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\VidFilters]
[HKCU\Software\WNLT]
[HKCU\Software\Worldweaver]
[HKCU\Software\delta LTD]
[HKCU\Software\perforce]
[HKLM\Software\5a6dfdeb63ce415]
[HKLM\Software\BD Inc]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Busps]
[HKLM\Software\Cinos]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\DomaIQ]
[HKLM\Software\Greyfirst]
[HKLM\Software\Hemera Technologies Inc.]
[HKLM\Software\IncrediMail]
[HKLM\Software\Kjaerhus Audio]
[HKLM\Software\PerformerSoft]
[HKLM\Software\Supreme Savings]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\TG Byte Software]
[HKLM\Software\Thomson]
[HKLM\Software\Worldweaver]
[HKLM\Software\babylontoolbar] =>Toolbar.Babylon
[HKLM\Software\greyfirst.ca]
[HKLM\Software\woohook]
~ Key Software: 223 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/02/2011 - 11:28:05 - [42,569] ----D C:\Program Files\Celtx
O43 - CFD: 08/09/2010 - 06:46:04 - [1,229] ----D C:\Program Files\CodeStuff
O43 - CFD: 04/04/2013 - 19:17:36 - [0,041] ----D C:\Program Files\DomaIQ Uninstaller
O43 - CFD: 22/02/2013 - 11:32:30 - [0,063] ----D C:\Program Files\Driver Restore
O43 - CFD: 19/10/2010 - 08:42:26 - [0,001] ----D C:\Program Files\FaceMorpher Lite
O43 - CFD: 01/04/2013 - 01:01:52 - [0,577] ----D C:\Program Files\Online Games Manager
O43 - CFD: 09/02/2013 - 16:45:33 - [0,000] ----D C:\Program Files\PokerStars
O43 - CFD: 06/03/2010 - 14:52:56 - [0,000] ----D C:\Program Files\Sonik Synth 2 Free
O43 - CFD: 09/03/2013 - 23:01:23 - [4,909] ----D C:\Program Files\SweetIM =>PUP.SweetIM
O43 - CFD: 09/03/2013 - 23:00:21 - [0,359] ----D C:\Program Files\sweetpacks bundle uninstaller =>PUP.SweetIM
O43 - CFD: 05/12/2009 - 17:17:05 - [2,961] ----D C:\Program Files\Timeworks
O43 - CFD: 23/09/2012 - 19:25:18 - [13,520] ----D C:\Program Files\VideoConverter
O43 - CFD: 15/02/2013 - 20:07:23 - [0,017] ----D C:\Program Files\Whodeletedme
O43 - CFD: 24/03/2013 - 17:38:19 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 03/04/2013 - 12:56:27 - [8,209] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon
O43 - CFD: 09/03/2013 - 23:00:44 - [0,245] ----D C:\ProgramData\SweetIM =>PUP.SweetIM
O43 - CFD: 06/07/2012 - 09:05:27 - [1,000] ----D C:\ProgramData\{8EEE9C00-5B20-48B7-9329-7BA2CEEB18B2}
O43 - CFD: 12/08/2012 - 19:03:58 - [0] ----D C:\ProgramData\????????????????????????????????
O43 - CFD: 14/08/2012 - 13:51:35 - [0] ----D C:\ProgramData\?Í?Í1
O43 - CFD: 14/08/2012 - 19:42:26 - [0] ----D C:\ProgramData\?Ô?Ô1
O43 - CFD: 13/08/2012 - 13:09:49 - [0] ----D C:\ProgramData\????1
O43 - CFD: 13/08/2012 - 20:32:45 - [0] ----D C:\ProgramData\????1
O43 - CFD: 15/08/2012 - 12:54:22 - [0] ----D C:\ProgramData\????1
O43 - CFD: 15/08/2012 - 00:00:51 - [0] ----D C:\ProgramData\????1
O43 - CFD: 03/04/2013 - 12:54:17 - [0,009] ----D C:\Users\gab\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 12/01/2010 - 16:13:41 - [0,002] ----D C:\Users\gab\AppData\Roaming\Blue Cat Audio
O43 - CFD: 23/10/2009 - 10:06:35 - [0,001] ----D C:\Users\gab\AppData\Roaming\dcunningham.net
O43 - CFD: 21/02/2011 - 11:28:58 - [8,550] ----D C:\Users\gab\AppData\Roaming\Greyfirst
O43 - CFD: 04/01/2010 - 14:21:47 - [0,000] ----D C:\Users\gab\AppData\Roaming\Openworld Learning
O43 - CFD: 10/02/2013 - 01:43:36 - [0,047] ----D C:\Users\gab\AppData\Roaming\PerformerSoft
O43 - CFD: 05/09/2009 - 11:56:54 - [0,035] ----D C:\Users\gab\AppData\Roaming\Pirateville
O43 - CFD: 05/10/2010 - 11:00:08 - [0,004] ----D C:\Users\gab\AppData\Roaming\Stykz
O43 - CFD: 15/10/2010 - 09:32:28 - [0] ----D C:\Users\gab\AppData\Local\._Revolution_
O43 - CFD: 09/03/2013 - 23:08:27 - [0,428] ----D C:\Users\gab\AppData\Local\Bundled software uninstaller
O43 - CFD: 21/02/2011 - 11:28:58 - [3,484] ----D C:\Users\gab\AppData\Local\Greyfirst
O43 - CFD: 12/12/2012 - 11:59:45 - [0] ----D C:\Users\gab\AppData\Local\Ludi
O43 - CFD: 17/03/2013 - 23:35:09 - [0,000] ----D C:\Users\gab\AppData\Local\rencontreshard
O43 - CFD: 03/04/2013 - 19:42:32 - [0] ----D C:\Users\gab\AppData\Local\Supreme Savings
O43 - CFD: 03/04/2013 - 12:56:40 - [0,001] ----D C:\Users\gab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Toolbar.Babylon
O43 - CFD: 15/02/2013 - 20:34:56 - [0,002] ----D C:\Users\gab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeStuff Starter
O43 - CFD: 27/04/2010 - 19:09:28 - [0] ----D C:\Users\gab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Media Plugin
O43 - CFD: 19/10/2010 - 08:50:49 - [0] ----D C:\Users\gab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Packs
O43 - CFD: 08/09/2010 - 06:49:31 - [0,002] ----D C:\Users\gab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (Disabled by Starter)
O43 - CFD: 05/12/2009 - 17:17:05 - [0] ----D C:\Users\gab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Timeworks
~ 62 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 308 Legitimates Scanned in 00mn 24s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.85D17ABC76035D9F33FC47F068097C86] - 01/04/2013 - 22:54:45 ---A- . (...) -- C:\Windows\System32\QuickTime.qtp [352]
O44 - LFC:[MD5.351677F04B3DC84937FBFA20CD6E958D] - 27/02/2013 - 12:21:38 ---A- . (...) -- C:\Windows\System32\ImHttpComm.dll [28160]
~ Files: 36 Legitimates Scanned in 00mn 14s



---\\ Export de clé d'application autorisée (O47)
~ Keys Export: 1 Legitimates Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 7 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{009e9704-be21-11de-9b8a-001eec4c8d76}\AutoRun\command. (...) -- E:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{3e122391-74ca-11de-9f46-001eec4c8d76}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
O51 - MPSK:{9ba234c1-da4e-11de-bca1-001eec4c8d76}\AutoRun\command. (...) -- E:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{d52a1b71-73c6-11de-97fc-001eec4c8d76}\AutoRun\command. (...) -- F:\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"VIDC.CFHD"="cfhd.dll" . (.CineForm Inc. - CineForm VFW CODEC.) -- C:\Windows\System32\cfhd.dll
O52 - TDSD: \drivers.desc\"cfhd.dll"="Codec CineForm HD VFW" . (.CineForm Inc. - CineForm VFW CODEC.) -- C:\Windows\System32\cfhd.dll
~ TDSD: 7 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
~ MWPE Keys: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
~ Legacy: 130 Legitimates Scanned in 00mn 18s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [gab - ruqve71n.default] user_pref("extensions.crossrider.bic", "139f44f8f1934c80c7920f6c713f2599"); =>PUP.CrossRider
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=1017001FE2A7A91A"); =>Toolbar.DeltaSearch
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("avg.install.userSPSettings", "Delta Search");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.crossrider.bic", "13dcf8bef5b8344a88eaba7936a80cf0"); =>PUP.CrossRider
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.bbDpng", "3");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.cntry", "FR");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.hdrMd5", "40E87F75823456273CECCC3FC445D3B0");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.id", "1017208d000000000000001fe2a7a91a");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.instlDay", "15798");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.lastVrsnTs", "1.8.10.012:55:40");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.sg", "azb");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.vrsnTs", "1.8.10.012:55:40");
O69 - SBI: prefs.js [gab - yi276baa.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {218023DC-DB9B-406C-ADBE-78D784AAAE81} - (Yahoo! Search) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 31 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.AA4A8AD48D7A4DCE9E04C305DC158A74] [SPRF][19/05/2012] (...) -- C:\ProgramData\1337429325.1188.bin [739]
[MD5.897B373F3A95E6E79196CCB29C4F1EFE] [SPRF][19/05/2012] (...) -- C:\ProgramData\1337429325.1500.bin [37460]
[MD5.335D04B167C28EEAAD04FE58975C4A6E] [SPRF][19/05/2012] (...) -- C:\ProgramData\1337429325.272.bin [10223]
[MD5.834A12E9DF90C09E141195086476ACAB] [SPRF][19/05/2012] (...) -- C:\ProgramData\1337429325.2968.bin [739]
[MD5.035F83A462E62E69DF52E8640A54DDA6] [SPRF][19/05/2012] (...) -- C:\ProgramData\1337429325.3752.bin [2202]
[MD5.9A1BA39A6BCE89253C0058F6605DBC22] [SPRF][19/05/2012] (...) -- C:\ProgramData\1337429325.3816.bin [3932]
[MD5.7AE6ABAEE437A73391CAB1346F504DEC] [SPRF][19/05/2012] (...) -- C:\ProgramData\1337429325.4092.bin [2796]
[MD5.C8510796D287E7AC8823536E89982AAC] [SPRF][22/05/2012] (...) -- C:\ProgramData\1337697766.1036.bin [3932]
[MD5.78435E05C64B0036EF0670294D31179B] [SPRF][22/05/2012] (...) -- C:\ProgramData\1337697766.1612.bin [14227]
[MD5.51427B7D1539AEFA3EF5B8FD92708D96] [SPRF][22/05/2012] (...) -- C:\ProgramData\1337697766.2164.bin [28826]
[MD5.91966A79026C8793B2A9FB25E2F96923] [SPRF][22/05/2012] (...) -- C:\ProgramData\1337697766.2804.bin [4276]
[MD5.887803B4742F4348D394258EC082D5C9] [SPRF][22/05/2012] (...) -- C:\ProgramData\1337697766.2820.bin [48303]
[MD5.7AFF8B0835A907436AF4D793B30DBFD4] [SPRF][22/05/2012] (...) -- C:\ProgramData\1337697766.3048.bin [739]
[MD5.9A22DD06030A478788BB1FC6FCE20CC3] [SPRF][22/05/2012] (...) -- C:\ProgramData\1337697766.4056.bin [6197]
[MD5.B319BE1D56EAD59FA38F30E7932009F0] [SPRF][22/05/2012] (...) -- C:\ProgramData\1337697766.4660.bin [33461]
[MD5.30CDAFC407690D9FA8AD98735EB285EB] [SPRF][22/05/2012] (...) -- C:\ProgramData\1337697766.4780.bin [9761]
[MD5.BC9D9896BFB2FAC0472E756FB60F596D] [SPRF][22/05/2012] (...) -- C:\ProgramData\1337697766.5840.bin [739]
[MD5.55B97CC5D269334FE575FCD734E4BE5C] [SPRF][22/05/2012] (...) -- C:\ProgramData\1337703717.bdinstall.bin [427669]
[MD5.BF25C72D37FD91804847CC6C1670105E] [SPRF][19/07/2009] (...) -- C:\Users\gab\AppData\Local\d3d8caps.dat [552]
[MD5.F81260A2C28E6FCC457BFF9837221CA5] [SPRF][05/04/2013] (...) -- C:\Users\gab\AppData\Local\d3d9caps.dat [6648]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
~ Firewall: 224 Legitimates Scanned in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : v2.11459 - (05/04/2013)
Clés trouvées (Keys found) : 88
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 2

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKCU\Software\delta LTD] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}] =>PUP.SweetIM
[HKLM\Software\Classes\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}] =>PUP.SweetIM
[HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}] =>PUP.SweetIM
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sweetim.exe] =>PUP.SweetIM
[HKLM\Software\Classes\sim-packages] =>Toolbar.Agent
[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.IncrediBar
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM
[HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}] =>PUP.SweetIM
[HKLM\Software\Classes\MediaPlayer.GraphicsUtils] =>PUP.SweetIM
[HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1] =>PUP.SweetIM
[HKLM\Software\Classes\MgMediaPlayer.GifAnimator] =>PUP.SweetIM
[HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{09C14BAE-2D45-4133-B0FA-5EA4FE5CF978}] =>PUP.SpecialSavings
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] =>Adware.MegaSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\SweetIM Bundle by SweetPacks] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:sweetIM =>PUP.SweetIM
[HKCU\Software\Mozilla\Firefox\Extensions]:{0F827075-B026-42F3-885D-98981EE7B1AE} =>Toolbar.Babylon
C:\Program Files\SweetIM =>PUP.SweetIM
C:\Program Files\DomaIQ Uninstaller =>Toolbar.IncrediMail
C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com =>Toolbar.Babylon
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\SweetIM =>PUP.SweetIM
C:\Users\gab\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\gab\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch
C:\Users\gab\AppData\Local\Supreme Savings =>PUP.RewardsArcade
C:\Users\gab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph =>Adware.GamePlayLabs
C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\yi276baa.default\bprotector_extensions.sqlite =>PUP.BProtector
C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\yi276baa.default\bprotector_prefs.js =>PUP.BProtector
~ Additionnel: Scanned in 00mn 45s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "82AF1148D23D8154290FF3DB087A20CB" . (.Sony Vegas 7.0.) -- C:\Windows\Installer\{8411FA28-D32D-4518-92F0-3FBD80A702BC}\vegas70.ico
O90 - PUC: "C6AC1E831212C5B43A5AB0003097E4FF" . (.Sony Media Manager 2.2.) -- C:\Windows\Installer\{38E1CA6C-2121-4B5C-A3A5-0B0003794EFF}\mediamgr.ico
~ Update Products: 66 Legitimates Scanned in 00mn 00s



---\\ Random Export Key (O91)
[HKCU\Software\5a6dfdeb63ce415] =>Toolbar.Babylon^
[HKCU\Software\5a6dfdeb63ce415]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5a6dfdeb63ce415]:version="2.6.1125.80"
[HKLM\Software\5a6dfdeb63ce415] =>Toolbar.Babylon^
[HKLM\Software\5a6dfdeb63ce415]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\5a6dfdeb63ce415]:version="2.6.1125.80"
~ Export Key Software: Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 08/10/2010 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 14/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 04/07/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 04/07/2012 130304 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 2569168 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
SR - | Auto 12/12/2006 57344 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
SS - | Auto 07/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 12/03/2013 559168 | (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files\Online Games Manager\ogmservice.exe
SR - | Auto 24/10/2009 360224 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



~ 1183 Legitimates filtered by white list
End of the scan (788 lines in 03mn 02s)(0)



A voir également:

11 réponses

Réponse 1 / 11
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
9 avril 2013 à 15:51
Bonjour,

Il faudrait que tu décrives les symptômes su problèmes que tu rencontres.
De plus il na faut pas poster le rapport ZHPDiag dans ta réponse. Il est trop long. Il est préférable de l'héberger.

Ton ordinateur est infecté par plusieurs logiciels publicitaires... Pour éviter ce genre de problème :
- Ne télécharge aucun programme proposé dans des publicités ou sur des sites suspects. A noter que certains sites connus comme O1net, Softronic, Tuto4PC, etc modifient parfois les programmes proposés au téléchargement pour y ajouter des logiciels publicitaires ==> Préfère toujours le téléchargement directement sur le site de l'éditeur.
- Au cours de l'installation d'un programme gratuit, lis bien attentivement et décoche tous les programmes additionnels qui sont proposés, en particulier les barres d'outils.
Pour ton information lis ces dossier sur les Programmes Potentiellement Indésirables et Les Barres d'Outils ce n'est pas obligatoires

Tout d'abord désinstalle ces programmes:

- BrowserProtect
- Bundled software uninstaller
- SweetIM Bundle by SweetPacks
- SweetIM for Messenger 3.7
- SweetPacks Toolbar For Firefox
- SweetPacks Updater

Ensuite tu vas faire ceci:

- Télécharge sur ton bureau AdwCleaner de Xplode
- Lance AdwCleaner
- Clique sur[Suppression]. Sauvegarde tout travail en cours puis accepte la fermeture des programmes en cours d'exécution.
- Patiente le temps du nettoyage.
- Une fois le scan fini, il te sera proposé de redémarrer.
- Au redémarrage du PC, un rapport s'ouvrira. Poste le contenu dans ta prochaine réponse.
- Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

Smart
0
Réponse 2 / 11
nemausus30 Messages postés 176 Date d'inscription jeudi 6 septembre 2012 Statut Membre Dernière intervention 25 juin 2015
10 avril 2013 à 22:15
bonsoir Smart ,question bette je les trouve ou ces programmes à desinstaller ,je ne les trouves pas dans le paneau de configuration?
voila les symptomes que j'ai sur mon ordi,trés lent au démarrage,tres lent pour s'arétertrés lent en recherche,quat il trou quelques fois il me met deux voire trois fois le mème programme en superposé,ou alors il affiche le programme ne répond pas j'ai reussi a régler quelques un des problémes ma il enreste encore.
j'ai fait une recherche avec resolution des problèmes et avec fixit ça m'a affiché ça,Microsoft windows search Filt ne répond pas et Search Indexer exe a arrété Search Protocol Host.exe par ce qu'il semble ètre bloqué.j'ai utilisé CCleaner et Glary Utiliti ça a un peu régle certains problèmes.MERCI de t'ètre penché sur mes problèmes à +
Nemausus
0
Réponse 3 / 11
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
10 avril 2013 à 22:38
Passe ADwCleaner comme je l'ai indiqué et poste le rapport

Smart
0
Réponse 4 / 11
nemausus30 Messages postés 176 Date d'inscription jeudi 6 septembre 2012 Statut Membre Dernière intervention 25 juin 2015
10 avril 2013 à 22:54
voila le rapport Adw Cleaner,jespère avoir fait les bonnes manipulations.
# AdwCleaner v2.200 - Rapport créé le 10/04/2013 à 22:39:42
# Mis à jour le 02/04/2013 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Nom d'utilisateur : gab - PC-DE-GAB
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\gab\Downloads\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files\DomaIQ Uninstaller
Dossier Supprimé : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Dossier Supprimé : C:\Program Files\Optimizer Pro
Dossier Supprimé : C:\Program Files\SweetIM
Dossier Supprimé : C:\Program Files\sweetpacks bundle uninstaller
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\BrowserProtect
Dossier Supprimé : C:\ProgramData\SweetIM
Dossier Supprimé : C:\Users\gab\AppData\Local\PackageAware
Dossier Supprimé : C:\Users\gab\AppData\Local\Supreme Savings
Dossier Supprimé : C:\Users\gab\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\gab\AppData\Roaming\PerformerSoft
Dossier Supprimé : C:\Users\gab\AppData\Roaming\StatusWinks
Dossier Supprimé : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Dossier Supprimé : C:\Windows\system32\WNLT
Fichier Supprimé : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Fichier Supprimé : C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\1hoelnf4.default\searchplugins\fbdownloader_search.xml
Fichier Supprimé : C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\yi276baa.default\searchplugins\delta.xml
Fichier Supprimé : C:\Windows\system32\ImhxxpComm.dll

***** [Registre] *****

Clé Supprimée : HKCU\Software\5a6dfdeb63ce415
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\BabylonToolbar
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\delta LTD
Clé Supprimée : HKCU\Software\IM
Clé Supprimée : HKCU\Software\ImInstaller
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{09C14BAE-2D45-4133-B0FA-5EA4FE5CF978}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Supprimée : HKCU\Software\PerformerSoft
Clé Supprimée : HKCU\Software\SmartBar
Clé Supprimée : HKCU\Software\WNLT
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Clé Supprimée : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Clé Supprimée : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\sim-packages
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\DomaIQ
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Clé Supprimée : HKLM\Software\PerformerSoft
Clé Supprimée : HKLM\Software\WNLT
Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16470

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=1017001FE2A7A91A --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0 (fr)

Fichier : C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\1hoelnf4.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

Fichier : C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\ruqve71n.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

Fichier : C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\yi276baa.default\prefs.js

C:\Users\gab\AppData\Roaming\Mozilla\Firefox\Profiles\yi276baa.default\user.js ... Supprimé !

Supprimée : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=120519&babsrc=HP_ss&mntr[...]
Supprimée : user_pref("avg.install.userSPSettings", "Delta Search");
Supprimée : user_pref("extensions.delta.admin", false);
Supprimée : user_pref("extensions.delta.aflt", "babsst");
Supprimée : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Supprimée : user_pref("extensions.delta.autoRvrt", "false");
Supprimée : user_pref("extensions.delta.bbDpng", "3");
Supprimée : user_pref("extensions.delta.cntry", "FR");
Supprimée : user_pref("extensions.delta.dfltLng", "en");
Supprimée : user_pref("extensions.delta.excTlbr", false);
Supprimée : user_pref("extensions.delta.hdrMd5", "40E87F75823456273CECCC3FC445D3B0");
Supprimée : user_pref("extensions.delta.id", "1017208d000000000000001fe2a7a91a");
Supprimée : user_pref("extensions.delta.instlDay", "15798");
Supprimée : user_pref("extensions.delta.instlRef", "sst");
Supprimée : user_pref("extensions.delta.lastVrsnTs", "1.8.10.012:55:40");
Supprimée : user_pref("extensions.delta.newTab", false);
Supprimée : user_pref("extensions.delta.prdct", "delta");
Supprimée : user_pref("extensions.delta.prtnrId", "delta");
Supprimée : user_pref("extensions.delta.rvrt", "false");
Supprimée : user_pref("extensions.delta.sg", "azb");
Supprimée : user_pref("extensions.delta.smplGrp", "none");
Supprimée : user_pref("extensions.delta.tlbrId", "base");
Supprimée : user_pref("extensions.delta.tlbrSrchUrl", "");
Supprimée : user_pref("extensions.delta.vrsn", "1.8.10.0");
Supprimée : user_pref("extensions.delta.vrsnTs", "1.8.10.012:55:40");
Supprimée : user_pref("extensions.delta.vrsni", "1.8.10.0");

-\\ Google Chrome v26.0.1410.64

Fichier : C:\Users\gab\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimée [l.2202] : homepage = "hxxp://www.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=1017001FE2A7A91A",
Supprimée [l.2345] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId[...]

*************************

AdwCleaner[R1].txt - [13463 octets] - [10/04/2013 22:36:46]
AdwCleaner[R2].txt - [13524 octets] - [10/04/2013 22:39:08]
AdwCleaner[S1].txt - [13550 octets] - [10/04/2013 22:39:42]

########## EOF - C:\AdwCleaner[S1].txt - [13611 octets] ##########
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
10 avril 2013 à 23:59
OK. Maintenant tu vas faire ceci:

* Télécharge et installe Malwarebytes
* A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
* Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme). C'est très important
* Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet puis "Rechercher"
* Ne t'inquiète pas, l'analyse peut durer plusieurs heures en fonction du nombre de fichiers et infections à analyser
* A la fin de l'analyse, clique sur "Afficher les résultats"
* Coche tous les éléments détectés puis clique sur "Supprimer la sélection"
* Enregistre le rapport
* S'il t'est demandé de redémarrer l'ordinateur, clique sur Yes
* Un rapport apparait après la suppression : poste le dans ta prochaine réponse.

Smart
0
Réponse 6 / 11
nemausus30 Messages postés 176 Date d'inscription jeudi 6 septembre 2012 Statut Membre Dernière intervention 25 juin 2015
11 avril 2013 à 08:47
bonjour voici le rapport MBAM àplus
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.04.10.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
gab :: PC-DE-GAB [administrateur]

11/04/2013 01:34:34
mbam-log-2013-04-11 (01-34-34).txt

Type d'examen: Examen complet (C:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 299135
Temps écoulé: 1 heure(s), 39 minute(s), 20 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
0
Réponse 7 / 11
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
11 avril 2013 à 09:39
Relance ZHPDiag, clique sur la flèche verte pour installer la mise à jour.
Clique sur la loupe avec un "+" pour faire un scan.

- Pour transmettre le rapport clique sur ce lien: http://pjjoint.malekal.com/
- Clique sur Parcourir et cherche le répertoire C:\ZHP
- Sélectionne le fichier ZHPDiag.txt. puis clique sur "Ouvrir"
- Ensuite Clique sur "Envoyer le fichier".
- Copie le lien obtenu dans ta réponse.


Ne copie pas le rapport dans ta réonse

Smùart
0
Réponse 8 / 11
nemausus30 Messages postés 176 Date d'inscription jeudi 6 septembre 2012 Statut Membre Dernière intervention 25 juin 2015
11 avril 2013 à 11:29
desolé mais ZHPDiag ne répond pas j'essrai ce soir caprice de mon ordinateur
0
Réponse 9 / 11
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
11 avril 2013 à 14:56
Surprenant. On verra ce soir

Smart
0
Réponse 10 / 11
nemausus30 Messages postés 176 Date d'inscription jeudi 6 septembre 2012 Statut Membre Dernière intervention 25 juin 2015
11 avril 2013 à 20:40
bonsoir smart ça y est voici le lien ça à été long mais j'y suis arrivé.
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130411_t7r5n13o15
0
Réponse 11 / 11
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
12 avril 2013 à 17:38
Il n'y a aucun fichier associé au lien que tu as donné

Smart
0