Bonsoir,
Effectivement Jean-Pierre, j'ai été victime de rogue, je ne savais pas ce que c'était.
Pour Fill :
Je n'ai pas de cracks ou des keygens, mon Windows Vist est légal.
J'ai réutilisé Malawarebyte, pas d'éléments infectés, de même avec ADWCleaner.
Voilà ci-dessous le rapport de ZHDiag :
Merci d'avance.
~ Rapport de ZHPDiag v2013.9.14.26 - Nicolas Coolman (14/09/2013)
~ Lancé par home (15/09/2013 18:40:13)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v29.0.1547.66
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RJ34F
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Kaspersky PURE v9.1.0.124
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3069 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 60 GB (40%) free of 151 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-HOME
~ User Name: home
~ All Users Names: home, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\home\AppData\Roaming\
~ %Desktop% : C:\Users\home\Desktop\
~ %Favorites% : C:\Users\home\Favorites\
~ %LocalAppData% : C:\Users\home\AppData\Local\
~ %StartMenu% : C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 60 Go of 151 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 67 Go of 146 Go)
F:\ CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.21A5424935A32080A58DD40F2712212C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.31/07/2013 - 10:52:44.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/12
~ Mes musiques (My Musics) : 1/77
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/200
~ Mes Documents (My Documents) : 2/5085
~ Mon Bureau (My Desktop) : 1/11
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 19s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3440]
[MD5.738C509C58B4551D923040B3C9AF479C] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416] [PID.3504]
[MD5.DBC3E8226BE6FE67FAE94025C80FE907] - (.TOSHIBA CORPORATION - ConfigFree(TM) Task tray menu.) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe [1056768] [PID.2556]
[MD5.CE87A83903854454C7CD4155087EBC93] - (.TOSHIBA Corporation. - HDMICtrlMan.exe.) -- C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe [716800] [PID.3700]
[MD5.A2B790F9A751F24F17967F9A5574186D] - (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe [348760] [PID.2068]
[MD5.6E95474CB9E22BC9768EFA176C6A0A29] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2620]
[MD5.1439BEF04FB79753E22CC630BE390069] - (.Pas de propriétaire - fr.) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [430080] [PID.3300]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.928]
[MD5.039BED1F63A61D0D4CA807F2DE36F24A] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648] [PID.1776]
[MD5.5EA80B00E1F5931641E8B95A23B7342D] - (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe [278528] [PID.1548]
[MD5.E681281D9BFC9D45D3B72532717E5880] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.3836]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.1756]
[MD5.F064D3DA9BCEC02D9782D39446603DCA] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager.) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe [405504] [PID.3492]
[MD5.25CA1677AAA3CDC99CD4FCF940886F3C] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [49152] [PID.4800]
[MD5.7013E5F3C17912647108DED4E98D4E12] - (.Synaptics, Inc. - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [95528] [PID.5740]
[MD5.BA0786EF85AA005F92DFC391264D6E7C] - (.Hewlett-Packard Co. - HPNetworkCommunicator.) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe [643944] [PID.5952]
[MD5.D15FE044EF9776466FBA00D7FBD7B7B6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7953408] [PID.4464]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5252]
[MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904] [PID.1048]
[MD5.26757A5A06C37EF44BE544EB7E98D9D3] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\Windows\system32\Ati2evxx.exe [643072] [PID.1260]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1528]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1472]
[MD5.596E452B5152EC9AFE8153D296459D2B] - (.TOSHIBA CORPORATION - Service of ConfigFree..) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960] [PID.2108]
[MD5.6E5B42219F1FE4A3D087D9D501E343D5] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992] [PID.2148]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2224]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2288]
[MD5.D955D5DE998DB2476BF0892BE3A96C26] - (.O2Micro International - O2 Flash Memory Service.) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536] [PID.2384]
[MD5.E47F35A87FF0DA38DEF37A0EB0C2D2DF] - (.TOSHIBA Corporation - TOSHIBA Navi Support Service.) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312] [PID.2632]
[MD5.C5AC715B65B01788ABC22D10749DDDD8] - (.TOSHIBA Corporation - TDCSrv Application.) -- C:\Windows\system32\TODDSrv.exe [129632] [PID.2652]
[MD5.DA6903958CBDC091FFCBBCA70CCFF34C] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [431456] [PID.2680]
[MD5.D785400C22135A12FE4E48CACBEE699D] - (.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752] [PID.2720]
[MD5.22690DFFC7F2A18279A7A0489AA02BAC] - (.TOSHIBA Corporation - TosIPCSrv.exe.) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976] [PID.2788]
[MD5.332D341D92B933600D41953B08360DFB] - (.Ulead Systems, Inc. - ULCDRSvr.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152] [PID.2828]
[MD5.CD5F291A1161F15896D1A4D63DAFF5DF] - (.Conexant Systems, Inc. - Modem Audio Service.) -- C:\Windows\system32\DRIVERS\xaudio.exe [386560] [PID.2964]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [amfclgbdpgndipgoegfpkkgobahigbcl] New Tab Page v.1.4 (Activé)
G2 - GCE: Preference [User Data\Default] [ejnmnhkgiphcaeefbaooconkceehicfi] DealPly Shopping v.3.5.0.0 (Activé) =>PUP.DealPly
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.4.5, (Désactivé)
G2 - GCE: Preference [User Data\Default] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG SafeGuard v.15.4.0.5 (Désactivé)
~ Google Browser: 13 Legitimates Filtered in 00mn 11s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 2
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{C3F96DA5-7330-4948-B99C-15FDB4035089} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: CB LCL.lnk . (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe
O4 - GS\Desktop [Public]: EcoFax.lnk . (.Fax - Fax.) -- C:\Program Files\OVH\EcoFax\Fax.exe
O4 - GS\Desktop [Public]: Pinnacle Studio 14.lnk . (.Pinnacle Systems - Studio program file.) -- C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe
O4 - GS\Desktop [Public]: Systweak PhotoStudio.lnk . (...) -- C:\Program Files\Systweak\PhotoStudio2\PhotoStudio.exe (.not file.)
O4 - GS\Desktop [Public]: TOSHIBA DVD PLAYER.lnk . (.TOSHIBA Corporation - TOSHIBA DVD PLAYER.) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TosHDDVD.exe
O4 - GS\Desktop [Public]: Yahoo! Mail.lnk . (.Yahoo! Inc. - YMMAPI Module.) -- C:\Program Files\Yahoo!\Common\ymmapi.dll http://mail.yahoo.com =>Toolbar.Yahoo
O4 - GS\Program [Public]: Photo Story 3 for Windows.lnk . (.Microsoft Corp. - Photo Story 3 for Windows.) -- C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe
O4 - GS\Program [Public]: Yahoo! Mail.lnk . (.Yahoo! Inc. - YMMAPI Module.) -- C:\Program Files\Yahoo!\Common\ymmapi.dll http://mail.yahoo.com =>Toolbar.Yahoo
O4 - GS\Desktop [home]: ConvertMovie 5.0.lnk . (.http://movavi.com - movavi video converter.) -- C:\Program Files\ConvertMovie 5.0\ConvertMovie.exe
O4 - GS\Desktop [home]: Cubase Essential 5.lnk . (.Steinberg Media Technologies - Cubase Essential.) -- C:\Program Files\Steinberg\Cubase Essential 5\Cubase Essential 5.exe
O4 - GS\Desktop [home]: Disque E.lnk . (...) -- E:\
O4 - GS\Desktop [home]: FileZilla.lnk . (...) -- C:\Program Files\FileZilla\FileZilla.exe
O4 - GS\Desktop [home]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [home]: webcam.lnk . (...) -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
~ Global Startup: 67 Legitimates Filtered in 00mn 04s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: e-Carte Bleue LCL.lnk . (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe
O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office 2000 component.) -- C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - HKLM\..\Run: [TPwrMain] . (.TOSHIBA Corporation - TOSHIBA Power Saver.) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] . (...) -- C:\Windows\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HDMICtrlMan] . (.TOSHIBA Corporation. - HDMICtrlMan.exe.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [StartCCC] . (...) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ITSecMng] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe (.not file.)
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [HP Photosmart 5510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-961105498-2226889285-733739720-1000\..\Run: [TOSCDSPD] TOSCDSPD.exe
O4 - HKUS\S-1-5-21-961105498-2226889285-733739720-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-961105498-2226889285-733739720-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-961105498-2226889285-733739720-1000\..\Run: [HP Photosmart 5510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
O4 - HKUS\S-1-5-21-961105498-2226889285-733739720-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files\Hewlett-Packard\SmartPrint\smartprint.ico
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Mon Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\kbrd.ico
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} -- C:\Toshiba\Webshops\ebay.ico (.not file.)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} -- C:\Toshiba\Webshops\amazon.ico (.not file.)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} ((no name)) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{67F353A7-B7EB-4620-9C44-A97443539322}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{67F353A7-B7EB-4620-9C44-A97443539322}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{67F353A7-B7EB-4620-9C44-A97443539322}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{67F353A7-B7EB-4620-9C44-A97443539322}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (...) -- igfxdev.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab - Logon Visualizer.) -- C:\Windows\system32\klogon.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Google - Google Desktop.) - C:\Program Files\google\google~3\goec62~1.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [4606] (...) -- C:\Users\home\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [LaunchApp] (...) -- C:\Program Files\MyPC Backup\MyPC Backup.exe (.not file.) [0] =>PUP.MyPCBackup
[MD5.00000000000000000000000000000000] [APT] [{1B5E9A5C-0409-4D72-8CD8-ABB20406150C}] (...) -- F:\install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2D03B61D-A868-409D-B316-0087E52B2B25}] (...) -- C:\Windows\unvise32qt.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4277BF15-E111-4001-87EB-28449150525E}] (...) -- C:\Users\home\AppData\Roaming\Delivery\uninst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4C5C96D8-FD77-4965-A9CD-C8EB92376090}] (...) -- C:\Program Files\STEINB~1\MASTER~1\UNWISE.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{54106EED-1929-4852-B80B-6195A65EF691}] (...) -- C:\Program Files\Hide IP\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6DC65126-D1AB-48AA-8339-1238DA2AE7C4}] (...) -- C:\Program Files\Steinberg\Cubasis VST 4\Setupmme.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{808CD8F7-698D-4B90-8AF7-9A6066A572A0}] (...) -- C:\Program Files\STEINB~1\CUBASI~1\VSTPLU~1\UNINST~1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{848BD075-976A-4FD2-A5F9-02CD83E52A08}] (...) -- C:\Program Files\STEINB~1\CUBASI~1\UNINST~1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{938BDC0E-4083-4BD8-8A7A-5CD0971CDECD}] (...) -- C:\Program Files\Steinberg\Asio\Wpsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A14CBD84-1291-45FF-81FB-4934FF0662C2}] (...) -- F:\SETUP.exe (.not file.) [0]
[MD5.D58C39DF31181A602991B992151DE075] [APT] [{B4427CD0-536A-482B-83FD-7E53E8382D59}] (...) -- E:\logiciels\heroglyph-25-pinstudio.exe [85358920]
[MD5.00000000000000000000000000000000] [APT] [{CC0E6BB9-31DF-47AA-9C57-2A31FCDDAF4B}] (...) -- C:\Program Files\Hide IP\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DA568136-6818-4CF0-82C8-5A4731D94A6C}] (...) -- C:\Program Files\STEINB~1\MASTER~1\UNWISE.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F9554197-879B-4BA2-A090-22BC916C41DA}] (...) -- C:\Users\home\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_fr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FD5F0636-3B42-4DA3-9A0E-2911065CCB67}] (...) -- C:\Windows\system32\QuickTime.cpl (.not file.) [0]
~ Scheduled Task: 94 Legitimates Filtered in 00mn 15s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: YahooYMailTo Class - {A17E30C4-A9BA-11D4-8673-60DB54C10000} . (.Yahoo! Inc. - YMMAPI Module.) -- C:\Program Files\Yahoo!\Common\ymmapi.dll =>Toolbar.Yahoo
O40 - ASIC: YMailAttach Class - {AA218328-0EA8-4D70-8972-E987A9190FF4} . (.Yahoo! Inc. - YMMAPI Module.) -- C:\Program Files\Yahoo!\Common\ymmapi.dll =>Toolbar.Yahoo
~ Active Setup: 18 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: ConvertMovie 5.0 - (.MOVAVI.) [HKLM] -- ConvertMovie 5.0
O42 - Logiciel: Jaquette.dot 2.1 - (.JulotSoft.) [HKLM] -- Jaquette.dot_is1
O42 - Logiciel: OVH EcoFax - (...) [HKLM] -- OVH EcoFax
~ Logic: 146 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\DefaultPackStatus]
[HKCU\Software\Football News App]
[HKCU\Software\IncrediMail]
[HKCU\Software\SHOUTcast]
[HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager
[HKCU\Software\Yahoo] =>Toolbar.Yahoo
[HKCU\Software\moosware.net]
[HKCU\Software\ƒAƒvƒŠƒPü[ƒVƒ‡ƒ“ ƒEƒBƒUü[ƒh‚Åɶɬ‚³‚ꂽƒìü[ƒJƒ‹ ƒAƒvƒŠƒPü[ƒVƒ‡ƒ“]
[HKLM\Software\PandoBar]
[HKLM\Software\Updater By Sweetpacks] =>Adware.Boxore
[HKLM\Software\Yahoo] =>Toolbar.Yahoo
~ Key Software: 262 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/08/2008 - 09:19:31 - [46,363] ----D C:\Program Files\BB
O43 - CFD: 28/07/2009 - 10:09:45 - [3,709] ----D C:\Program Files\ConvertMovie 5.0
O43 - CFD: 01/09/2013 - 12:57:20 - [0] ----D C:\Program Files\LemurLeap =>PUP.LemurLeap
O43 - CFD: 16/03/2012 - 13:13:15 - [18,525] ----D C:\Program Files\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 27/11/2009 - 12:58:18 - [0,302] ----D C:\Program Files\Common Files\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 16/03/2012 - 10:48:57 - [0,004] ----D C:\ProgramData\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 30/09/2008 - 19:08:42 - [0] ----D C:\Users\home\AppData\Roaming\Deliver
O43 - CFD: 08/01/2011 - 18:11:37 - [0] ----D C:\Users\home\AppData\Roaming\WebRadioTools
O43 - CFD: 31/12/2012 - 10:55:31 - [0,001] ----D C:\Users\home\AppData\Local\Digital_Distribution
O43 - CFD: 03/03/2012 - 15:55:00 - [0] ----D C:\Users\home\AppData\Local\Yahoo =>Toolbar.Yahoo
O43 - CFD: 30/09/2008 - 23:02:43 - [4,384] ----D C:\Users\home\AppData\Local\{2A3A87EA-8F41-42C4-B71D-A6054BA116B3}
O43 - CFD: 29/08/2008 - 12:22:11 - [0,002] ----D C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Band-in-a-Box
~ 39 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 315 Legitimates Filtered in 00mn 53s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.20C9DF804ACA0B7084D52C7957473300] - 15/09/2013 - 17:05:13 ---A- . (...) -- C:\Windows\System32\rpcnetp.dll [17408]
O44 - LFC:[MD5.B58500E322C2DE46EC898927B8B932EB] - 15/09/2013 - 17:04:59 ---A- . (...) -- C:\Windows\System32\rpcnetp.exe [17408]
O44 - LFC:[MD5.02592B4A7A224BE03AF2B20FED055F94] - 11/09/2013 - 13:01:22 ---A- . (...) -- C:\Windows\album.ini [28]
O44 - LFC:[MD5.0F7E4DA36C8E2B5392F0D04C5475A12E] - 11/09/2013 - 13:01:22 ---A- . (...) -- C:\Windows\pstudio.ini [1420]
O44 - LFC:[MD5.8EDC9E6D4646348D4BD18A36E83FD39B] - 01/09/2013 - 12:18:06 ---A- . (...) -- C:\Windows\DPINST.LOG [292738]
~ Files: 38 Legitimates Filtered in 00mn 49s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{7f3988d9-bb44-11de-9f84-001e685bcb3d}\AutoRun\command - Clé orpheline
O51 - MPSK:{7f3988dc-bb44-11de-9f84-001e685bcb3d}\AutoRun\command - Clé orpheline
O51 - MPSK:{86e9154a-4829-11dd-b86a-806e6f6e6963}\AutoRun\command. (...) -- F:\Player.exe (.not file.)
O51 - MPSK:{ad9a3627-bb3e-11de-b6ec-001e685bcb3d}\AutoRun\command - Clé orpheline
O51 - MPSK:{ad9a362f-bb3e-11de-b6ec-001e685bcb3d}\AutoRun\command - Clé orpheline
O51 - MPSK:{b66ba259-01bf-11df-adcf-c94499f4dc77}\AutoRun\command - Clé orpheline
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Desktop SMS [Key] . (...) -- C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Football News [Key] . (...) -- C:\Program Files\Football News App\Football News.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Pando [Key] . (...) -- C:\Program Files\Pando Networks\Pando\Pando.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Picasa Media Detector [Key] . (...) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe (.not file.)
~ SMSR Keys: 25 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F8A6018193BE629B8EA4C5D7B2452B70] - 16/09/2004 - 13:26:40 ---A- . (...) -- C:\Windows\System32\Drivers\ADFUUD.SYS [12634]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
~ Legacy: 79 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {A190CCD8-AAA3-48E4-9A89-8B3F18D9474E} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.027976FF04C80D40DA7EA5D50A5BDE6E] [SPRF][07/09/2008] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.5B916C6D5261705D5B104F1C67B6DBD6] [SPRF][23/02/2013] (...) -- C:\Users\home\AppData\Local\d3d9caps.dat [680]
[MD5.6E1799926209C193FDB2E05A271C5B49] [SPRF][01/09/2013] (...) -- C:\Users\home\AppData\Local\Temp\BackupSetup.exe [10340624]
[MD5.0B9C06FF408E5E250DFF249822347EB0] [SPRF][26/08/2013] (...) -- C:\Users\home\AppData\Local\Temp\defaultCache.reg [1409740]
[MD5.FBC207AD85D053D4FD9DD93C595D1A1D] [SPRF][15/09/2013] (.Pas de propriétaire - HOSTS Anti-PUPs/Adwares.) -- C:\Users\home\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe [285455]
[MD5.BCB0728F4B117855765CE8FE883B5E9B] [SPRF][01/09/2013] (...) -- C:\Users\home\AppData\Local\Temp\NEventMessages.dll [1536]
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\home\AppData\Local\Temp\Quarantine.exe [344583]
[MD5.8287D0E6DA60B6E9153D7EDC2C322097] [SPRF][23/08/2013] (...) -- C:\Users\home\AppData\LocalLow\SkwConfig.bin [6876]
[MD5.720CBF9C4E60540122BED3EA8CC0EAAC] [SPRF][15/09/2013] (...) -- C:\Users\home\Desktop\adwcleaner.exe [1037278]
~ Files: 14 Legitimates Filtered in 00mn 05s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{643CBA70-E1E2-4676-ACB8-301C90FE8D61}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\lxdjcoms.exe (.not file.)
O87 - FAEL: "{4388310A-E2E3-4F72-976C-D343F5A86338}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\lxdjcoms.exe (.not file.)
O87 - FAEL: "{886B8679-EB98-4B6A-9443-51FEA3CEC517}" |In - Private - P6 - TRUE | .(...) -- C:\Users\home\AppData\Local\Temp\lxdj\wireless\FRENCH\lxdjwpss.exe (.not file.)
O87 - FAEL: "{0C1F939B-FCD4-424A-9DF6-30F28D972788}" |In - Private - P17 - TRUE | .(...) -- C:\Users\home\AppData\Local\Temp\lxdj\wireless\FRENCH\lxdjwpss.exe (.not file.)
O87 - FAEL: "{9D197C02-C0A0-4731-97B2-FFC2C31C9102}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe (.not file.)
O87 - FAEL: "{16726FA2-8910-4A90-8584-B68A370AC86C}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe (.not file.)
O87 - FAEL: "{52B16C34-87AE-4C28-BAD4-7BCBC877F8EE}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdjtime.exe (.not file.)
O87 - FAEL: "{D63C1A14-B55E-449C-8360-32BC7CA949A1}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdjtime.exe (.not file.)
O87 - FAEL: "TCP Query User{BF80B869-3626-4C1C-80B3-46174D71D99A}C:\program files\mediacoder\mediacoder.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\mediacoder\mediacoder.exe (.not file.)
O87 - FAEL: "UDP Query User{FD402232-4C9C-4FD9-B161-1AB85825FAD6}C:\program files\mediacoder\mediacoder.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\mediacoder\mediacoder.exe (.not file.)
O87 - FAEL: "{9A49A407-88A5-4BD7-9B5F-9FCC5B6C39C7}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
O87 - FAEL: "{7FA82369-FEE3-4C53-AF09-D18B7E9B63C7}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
O87 - FAEL: "{D3A4A823-1D12-4FF4-BE6C-99BAD3B00D95}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
O87 - FAEL: "{FB498DDC-9E06-4645-ABD8-FFBC8C19171A}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
O87 - FAEL: "TCP Query User{77C40342-9A52-492D-BAAE-BCD280594AC9}C:\program files\hp\common\hpdevicedetection3.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\hp\common\hpdevicedetection3.exe (.not file.)
O87 - FAEL: "UDP Query User{2FD9628E-3D68-41AD-8A22-3F2A5A0AC0E0}C:\program files\hp\common\hpdevicedetection3.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\hp\common\hpdevicedetection3.exe (.not file.)
O87 - FAEL: "TCP Query User{1437F0AF-CEA0-47E9-A53F-28B6DE1D27C4}C:\xampp\mysql\bin\mysqld.exe" | In - Private - P6 - TRUE | .(...) -- C:\xampp\mysql\bin\mysqld.exe
O87 - FAEL: "UDP Query User{FD176963-C2A9-4945-B8C7-F894A3B2B1D8}C:\xampp\mysql\bin\mysqld.exe" | In - Private - P17 - TRUE | .(...) -- C:\xampp\mysql\bin\mysqld.exe
~ Firewall: 230 Legitimates Filtered in 00mn 02s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "86DA14F42F9826243AC2F2070BF1ECE9" . (.Photo Story 3 for Windows.) -- C:\Windows\Installer\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}\PhotoStory3_ICON
~ Update Products: 153 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CE385FEE7CC6033ECB346BED67F900DB] [WIS][18/02/2008] (.O2Micro - O2Micro Flash Memory Card Reader Driver.) -- C:\Windows\Installer\3c6fc.msi [419328]
[MD5.ACB61AB0E3640BEE1B87C187D8D44195] [WIS][13/06/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\79c54.msi [1615360]
~ WIS: 165 Legitimates Filtered in 00mn 14s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 30/01/2008 643072 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SR - | Auto 01/10/2010 348760 | (AVP) . (.Kaspersky Lab.) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
SR - | Auto 25/12/2007 40960 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
SR - | Auto 21/12/2009 743992 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
SS - | Demand 18/02/2008 1836544 | (GoogleDesktopManager) . (.Google.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
SS - | Auto 28/12/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/12/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/12/2011 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 12/02/2007 65536 | (o2flash) . (.O2Micro International.) - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 12/05/2010 124368 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
SR - | Auto 21/01/2008 83312 | (TNaviSrv) . (.TOSHIBA Corporation.) - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
SR - | Auto 21/11/2007 129632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 17/01/2008 431456 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
SR - | Auto 19/06/2009 144752 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 03/12/2007 126976 | (TOSHIBA SMART Log Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
SR - | Auto 23/08/2006 49152 | (UleadBurningHelper) . (.Ulead Systems, Inc..) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/10/2007 386560 | (XAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\DRIVERS\xaudio.exe
~ Services: Scanned in 00mn 15s
---\\ Scan Additionnel (O88)
Database Version : 12917 - (14/09/2013)
Clés trouvées (Keys found) : 19
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 7
[HKLM\Software\Google\Chrome\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi] =>PUP.DealPly^
[HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06663B56-0D73-4f9f-BCC5-4AA941470AFD}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06663B56-0D73-4f9f-BCC5-4AA941470AFD}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL] =>PUP.BearShare
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Program Files\LemurLeap =>PUP.LemurLeap^
C:\Program Files\Yahoo! =>Toolbar.Yahoo^
C:\Program Files\Common Files\Yahoo! =>Toolbar.Yahoo^
C:\ProgramData\Yahoo! =>Toolbar.Yahoo^
C:\Users\home\AppData\Local\Yahoo =>Toolbar.Yahoo^
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi =>PUP.DealPly^
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^
C:\Program Files\Yahoo!\Common\ymmapi.dll =>Toolbar.Yahoo^
[HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager^
[HKCU\Software\Yahoo] =>Toolbar.Yahoo^
[HKLM\Software\Updater By Sweetpacks] =>Adware.Boxore^
[HKLM\Software\Yahoo] =>Toolbar.Yahoo^
~ Additionnel Scan: 337281 Items scanned in 00mn 47s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/32930303-pup-wedownloadmanager =>PUP.weDownloadManager
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/32865753-pup-lemurleap =>PUP.LemurLeap
~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter
~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare
~ http://nicolascoolman.webs.com/apps/blog/show/28441146-pup-imesh =>PUP.iMesh
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ MSI: 13 link(s) detected in 00mn 47s
~ 1521 Legitimates filtered by white list
End of the scan (608 lines in 04mn 37s)(0)
Divers adware
Maître astucien
Grand Maître astucien
À LA UNE
PRATIQUE
LOGITHÈQUE
TABLETTE ET MOBILE
BONS PLANS
FONDS D'ÉCRAN
JEUX
FORUM
dans le bandeau au-dessus de ton message et dans la fenêtre qui s'affiche, demande au modérateur de déplacer ton sujet vers le forum Sécurité puis clique sur Envoyer
ZHPFix (de Nicolas Coolman)
et modifie ton titre de cette manière : 
