Sujet Précédent Sujet Suivant

Hijack this.....

Résolu/Fermé
nadege1976 Messages postés 12 Date d'inscription dimanche 24 juin 2012 Statut Membre Dernière intervention 5 avril 2013 - 5 avril 2013 à 09:33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 - 10 avril 2013 à 10:54
Bonjour,

Je crois avoir un pc, infecté de virus.
Je viens de faire un rapport avec hijackthis, mais j'ai peur d'effacer un peu tout et n'importe quoi sachant que je ne suis pas une experte en la matière
Est ce que quelqu'un pourrait il m'aider a supprimer correctement ce que je dois supprimer, afin de rendre mon pc plus performant.

Je suis sous Windows 8

Merci



31 réponses

  • 1
  • 2
Réponse 1 / 31
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
5 avril 2013 à 10:07
Bonjour,

On va faire un diagnostic plus poussé de ton PC:

Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Une fois le téléchargement achevé, double clique sur ZHPDiag.exe et suis les instructions.

/!\Utilisateurs de Vista, Windows 7 et Windows 8 : Clique droit sur le logo de ZHPDiag.exe, « exécuter en tant qu'Administrateur »

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
- Double clique sur le raccourci ZHPDiag sur ton Bureau pour le lancer.
- Si tu possèdes Avast 6 ou 7 comme antivirus, à l'alerte choisis "lancer normalement"
- Si tu obtiens le message "Voulez-vous autoriser le programme suivant..." tu réponds Oui
(/!\L'outil a créé 2 icônes ZHPDiag et ZHPFix)
- Clique sur la loupe avec le "+" pour lancer l'analyse.
- Laisse l'outil travailler, il peut être assez long.
- Ferme ZHPDiag en fin d'analyse.
- Pour transmettre le rapport clique sur ce lien: http://pjjoint.malekal.com/
- Clique sur Parcourir et cherche le répertoire C:\ZHP
- Sélectionne le fichier ZHPDiag.txt. puis clique sur "Ouvrir"
- Ensuite Clique sur "Envoyer le fichier".
- Copie le lien obtenu dans ta réponse.

Smart
1
Réponse 2 / 31
nadege1976 Messages postés 12 Date d'inscription dimanche 24 juin 2012 Statut Membre Dernière intervention 5 avril 2013
5 avril 2013 à 10:13
Merci

je fais ca de suite puis je reviens
0
Réponse 3 / 31
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
5 avril 2013 à 10:30
OK. :-)

Smart
0
Réponse 4 / 31
nadege1976 Messages postés 12 Date d'inscription dimanche 24 juin 2012 Statut Membre Dernière intervention 5 avril 2013
5 avril 2013 à 10:38
Alors voici le lien

https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130405_n5j15x5v8y13
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
5 avril 2013 à 12:02
Tout d'abord désinstalle Spybot, il ne sert à rien et ne fait que ralentir ton PC
Évite de télécharger des cracks et/ou keygen, lis ce dossier ci-dessous:
Les dangers des cr@cks

J'ai vu que tu avais déjà passé AdwCleaner en mode suppression
Peux poster le contenu de ces rapports
C:\AdwCleaner[S1].txt
C:\AdwCleaner[S2].txt

Smart
0
Réponse 6 / 31
nadege1976 Messages postés 12 Date d'inscription dimanche 24 juin 2012 Statut Membre Dernière intervention 5 avril 2013
5 avril 2013 à 13:10
erci pour le lien j'irai voir ca de plus près ;) ;)

Spybot est désinstaller

C :\AdwCleaner [1].txt

# AdwCleaner v2.109 - Rapport créé le 02/02/2013 à 12:27:01
# Mis à jour le 26/01/2013 par Xplode
# Système d'exploitation : Windows 8 (64 bits)
# Nom d'utilisateur : nadege - NADÈGE
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\nadege\Downloads\adwcleaner.exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : Application Updater
Arrêté & Supprimé : WajamUpdater

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files (x86)\Application Updater
Dossier Supprimé : C:\Program Files (x86)\Babylon
Dossier Supprimé : C:\Program Files (x86)\Common Files\spigot
Dossier Supprimé : C:\Program Files (x86)\Conduit
Dossier Supprimé : C:\Program Files (x86)\Giant Savings
Dossier Supprimé : C:\Program Files (x86)\Nosibay
Dossier Supprimé : C:\Program Files (x86)\PriceGong
Dossier Supprimé : C:\Program Files (x86)\Software
Dossier Supprimé : C:\Program Files (x86)\SweetIM
Dossier Supprimé : C:\Program Files (x86)\Wajam
Dossier Supprimé : C:\Program Files\Babylon
Dossier Supprimé : C:\ProgramData\boost_interprocess
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Dossier Supprimé : C:\ProgramData\Software
Dossier Supprimé : C:\ProgramData\SweetIM
Dossier Supprimé : C:\ProgramData\Tarma Installer
Dossier Supprimé : C:\Users\nadege\AppData\Local\Conduit
Dossier Supprimé : C:\Users\nadege\AppData\Local\Giant Savings
Dossier Supprimé : C:\Users\nadege\AppData\Local\Software
Dossier Supprimé : C:\Users\nadege\AppData\Local\Wajam
Dossier Supprimé : C:\Users\nadege\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\nadege\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\nadege\AppData\LocalLow\PriceGong
Dossier Supprimé : C:\Users\nadege\AppData\LocalLow\Search Settings
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\2YourFace
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\CT2851639
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\extensions\crossriderapp4479@crossrider.com
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\Smartbar
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\SweetPacksToolbarData
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\Nosibay
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\pdfforge
Dossier Supprimé : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Dossier Supprimé : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Fichier Supprimé : C:\END
Fichier Supprimé : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Fichier Supprimé : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\searchplugins\babylon1.xml

***** [Registre] *****

Clé Supprimée : HKCU\Software\2YourFace
Clé Supprimée : HKCU\Software\APN PIP
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\Giant Savings
Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKCU\Software\AppDataLow\Software\Search Settings
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\Cr_Installer
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Nosibay
Clé Supprimée : HKCU\Software\Search Settings
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\Wajam
Clé Supprimée : HKCU\Software\aeded9b36fbd46
Clé Supprimée : HKLM\Software\Application Updater
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Clé Supprimée : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Clé Supprimée : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Clé Supprimée : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Clé Supprimée : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Clé Supprimée : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Clé Supprimée : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\sim-packages
Clé Supprimée : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Clé Supprimée : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Clé Supprimée : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Clé Supprimée : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2851639
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Clé Supprimée : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Clé Supprimée : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\Software\PIP
Clé Supprimée : HKLM\Software\Search Settings
Clé Supprimée : HKLM\Software\Wajam
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\aeded9b36fbd46
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lmblfngognklgemafekefcdjcnkdhmdm
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\2YourFace
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Tarma Installer
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Bubble Dock]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [support@2yourface.com]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Navigateurs] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v18.0.1 (fr)

Fichier : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\prefs.js

C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\user.js ... Supprimé !

Supprimée : user_pref("CT2851639.1000082.isDisplayHidden", "true");
Supprimée : user_pref("CT2851639.1000082.isPlayDisplay", "true");
Supprimée : user_pref("CT2851639.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Supprimée : user_pref("CT2851639.1000234.TWC_TMP_city", "");
Supprimée : user_pref("CT2851639.1000234.TWC_TMP_country", "FR");
Supprimée : user_pref("CT2851639.1000234.TWC_locId", "USNY0996");
Supprimée : user_pref("CT2851639.1000234.TWC_location", "New York, NY");
Supprimée : user_pref("CT2851639.1000234.TWC_region", "FR");
Supprimée : user_pref("CT2851639.1000234.TWC_temp_dis", "C");
Supprimée : user_pref("CT2851639.1000234.TWC_wind_dis", "kmh");
Supprimée : user_pref("CT2851639.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"13ÃfÆ'Ã+â€(TM)Ãf†Ã[...]
Supprimée : user_pref("CT2851639.CBOpenMAMSettings.enc", "MA==");
Supprimée : user_pref("CT2851639.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT2851639.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Supprimée : user_pref("CT2851639.FirstTime", "true");
Supprimée : user_pref("CT2851639.FirstTimeFF3", "true");
Supprimée : user_pref("CT2851639.LoginRevertSettingsEnabled", true);
Supprimée : user_pref("CT2851639.PairingKey.enc", "NjA0QTlFMkY4ODAzNDY0N0Y2NjlCN0JBRUJGMzM0QzIxREQ0QzY4OA==");
Supprimée : user_pref("CT2851639.RevertSettingsEnabled", true);
Supprimée : user_pref("CT2851639.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Supprimée : user_pref("CT2851639.UserID", "UN92285067861822764");
Supprimée : user_pref("CT2851639.addressBarTakeOverEnabledInHidden", "true");
Supprimée : user_pref("CT2851639.autoDisableScopes", -1);
Supprimée : user_pref("CT2851639.browser.search.defaultthis.engineName", true);
Supprimée : user_pref("CT2851639.cbcountry_001.enc", "RlI=");
Supprimée : user_pref("CT2851639.cbfirsttime.enc", "RnJpIE5vdiAyMyAyMDEyIDE4OjM4OjAwIEdNVCswMTAw");
Supprimée : user_pref("CT2851639.defaultSearch", "true");
Supprimée : user_pref("CT2851639.enableAlerts", "always");
Supprimée : user_pref("CT2851639.enableFix404ByUser", "FALSE");
Supprimée : user_pref("CT2851639.enableSearchFromAddressBar", "true");
Supprimée : user_pref("CT2851639.firstTimeDialogOpened", "true");
Supprimée : user_pref("CT2851639.fixPageNotFoundError", "true");
Supprimée : user_pref("CT2851639.fixPageNotFoundErrorByUser", "true");
Supprimée : user_pref("CT2851639.fixPageNotFoundErrorInHidden", "true");
Supprimée : user_pref("CT2851639.fixUrls", true);
Supprimée : user_pref("CT2851639.homepageuserchanged", true);
Supprimée : user_pref("CT2851639.installType", "xpe");
Supprimée : user_pref("CT2851639.isCheckedStartAsHidden", true);
Supprimée : user_pref("CT2851639.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT2851639.isFirstTimeToolbarLoading", "false");
Supprimée : user_pref("CT2851639.isNewTabEnabled", true);
Supprimée : user_pref("CT2851639.isPerformedSmartBarTransition", "true");
Supprimée : user_pref("CT2851639.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Supprimée : user_pref("CT2851639.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Supprimée : user_pref("CT2851639.keyword", true);
Supprimée : user_pref("CT2851639.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Supprimée : user_pref("CT2851639.lastVersion", "10.14.42.7");
Supprimée : user_pref("CT2851639.migrateAppsAndComponents", true);
Supprimée : user_pref("CT2851639.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.google.fr%2[...]
Supprimée : user_pref("CT2851639.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Supprimée : user_pref("CT2851639.openThankYouPage", "true");
Supprimée : user_pref("CT2851639.openUninstallPage", "false");
Supprimée : user_pref("CT2851639.revertSettingsEnabled", "false");
Supprimée : user_pref("CT2851639.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");
Supprimée : user_pref("CT2851639.search.searchAppId", "129351529700743801");
Supprimée : user_pref("CT2851639.search.searchCount", "2");
Supprimée : user_pref("CT2851639.searchInNewTabEnabledByUser", "true");
Supprimée : user_pref("CT2851639.searchInNewTabEnabledInHidden", "true");
Supprimée : user_pref("CT2851639.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT2851639.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT2851639.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Supprimée : user_pref("CT2851639.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Supprimée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Supprimée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Supprimée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Supprimée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Supprimée : user_pref("CT2851639.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1359477848139");
Supprimée : user_pref("CT2851639.serviceLayer_services_appsMetadata_lastUpdate", "1359564248056");
Supprimée : user_pref("CT2851639.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1359308622338");
Supprimée : user_pref("CT2851639.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358344451161");
Supprimée : user_pref("CT2851639.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359634399879");
Supprimée : user_pref("CT2851639.serviceLayer_services_login_10.14.42.7_lastUpdate", "1359793058668");
Supprimée : user_pref("CT2851639.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1359308622459");
Supprimée : user_pref("CT2851639.serviceLayer_services_searchAPI_lastUpdate", "1359564248308");
Supprimée : user_pref("CT2851639.serviceLayer_services_serviceMap_lastUpdate", "1359751092992");
Supprimée : user_pref("CT2851639.serviceLayer_services_toolbarContextMenu_lastUpdate", "1359308622231");
Supprimée : user_pref("CT2851639.serviceLayer_services_toolbarSettings_lastUpdate", "1359793058593");
Supprimée : user_pref("CT2851639.serviceLayer_services_translation_lastUpdate", "1359751093612");
Supprimée : user_pref("CT2851639.settingsINI", true);
Supprimée : user_pref("CT2851639.shouldFirstTimeDialog", "false");
Supprimée : user_pref("CT2851639.smartbar.CTID", "CT2851639");
Supprimée : user_pref("CT2851639.smartbar.Uninstall", "0");
Supprimée : user_pref("CT2851639.smartbar.homepage", true);
Supprimée : user_pref("CT2851639.smartbar.isHidden", false);
Supprimée : user_pref("CT2851639.smartbar.toolbarName", "uTorrentBar_FR ");
Supprimée : user_pref("CT2851639.startPage", "userChanged");
Supprimée : user_pref("CT2851639.toolbarBornServerTime", "23-11-2012");
Supprimée : user_pref("CT2851639.toolbarCurrentServerTime", "2-2-2013");
Supprimée : user_pref("CT2851639.uTTorrents.enc", "eyJidWlsZCI6Mjg3MDUsImxhYmVsIjpbXSwidG9ycmVudHMiOltbIjZEOTk4Q[...]
Supprimée : user_pref("CT2851639.url_history0001.enc", "bWFnbmV0Oj94dD11cm46YnRpaDoyMjFjN2NkOGViOWZjOTM2YjkwMTli[...]
Supprimée : user_pref("CT2851639_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Supprimée : user_pref("Smartbar.ConduitHomepagesList", "");
Supprimée : user_pref("Smartbar.ConduitSearchEngineList", "");
Supprimée : user_pref("Smartbar.ConduitSearchUrlList", "");
Supprimée : user_pref("Smartbar.keywordURLSelectedCTID", "CT2851639");
Supprimée : user_pref("extensions.BabylonToolbar.admin", false);
Supprimée : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Supprimée : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Supprimée : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Supprimée : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Supprimée : user_pref("extensions.BabylonToolbar.excTlbr", false);
Supprimée : user_pref("extensions.BabylonToolbar.id", "a8007ca700000000000016e543a410d3");
Supprimée : user_pref("extensions.BabylonToolbar.instlDay", "15691");
Supprimée : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Supprimée : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Supprimée : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Supprimée : user_pref("extensions.BabylonToolbar.rvrt", "false");
Supprimée : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Supprimée : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Supprimée : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
Supprimée : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
Supprimée : user_pref("extensions.BabylonToolbar_i.babExt", "");
Supprimée : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113357&tt=5112_8");
Supprimée : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", false);
Supprimée : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Supprimée : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Supprimée : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.915:57:16");
Supprimée : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CU[...]
Supprimée : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2851639&SearchSource=13[...]
Supprimée : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Supprimée : user_pref("smartbar.machineId", "A1LWUFVOJJEJ8GUHWZLFATUKMOAKSV2LL10MPJGHZM18SEYP70PBLMISR8CATAOYE6B[...]
Supprimée : user_pref("smartbar.originalHomepage", "hxxp://google.fr/");
Supprimée : user_pref("smartbar.originalSearchAddressUrl", "");
Supprimée : user_pref("smartbar.originalSearchEngine", false);
Supprimée : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Supprimée : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Supprimée : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Supprimée : user_pref("sweetim.toolbar.Visibility.enable", "true");
Supprimée : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Supprimée : user_pref("sweetim.toolbar.cargo", "3.1010000.00000");
Supprimée : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Supprimée : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Supprimée : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Supprimée : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Supprimée : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Supprimée : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Supprimée : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Supprimée : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Supprimée : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Supprimée : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Supprimée : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Supprimée : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Supprimée : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Supprimée : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Supprimée : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Supprimée : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Supprimée : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Supprimée : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Supprimée : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Supprimée : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Supprimée : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Supprimée : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Supprimée : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Supprimée : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Supprimée : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Supprimée : user_pref("sweetim.toolbar.mode.debug", "false");
Supprimée : user_pref("sweetim.toolbar.newtab.created", "false");
Supprimée : user_pref("sweetim.toolbar.newtab.enable", "true");
Supprimée : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Supprimée : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Supprimée : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Supprimée : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Supprimée : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Supprimée : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Supprimée : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Supprimée : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Supprimée : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Supprimée : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Supprimée : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Supprimée : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Supprimée : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Supprimée : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Supprimée : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Supprimée : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Supprimée : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Supprimée : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Supprimée : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Supprimée : user_pref("sweetim.toolbar.scripts.2.callback", "");
Supprimée : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Supprimée : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Supprimée : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Supprimée : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Supprimée : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Supprimée : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Supprimée : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Supprimée : user_pref("sweetim.toolbar.search.history.capacity", "10");
Supprimée : user_pref("sweetim.toolbar.searchguard.enable", "false");
Supprimée : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Supprimée : user_pref("sweetim.toolbar.simapp_id", "{018999B6-6B0B-11E2-BEB5-4C72B98E2D19}");
Supprimée : user_pref("sweetim.toolbar.version", "1.9.0.0");

*************************

AdwCleaner[R1].txt - [32342 octets] - [02/02/2013 12:26:21]
AdwCleaner[S1].txt - [32716 octets] - [02/02/2013 12:27:01]

########## EOF - C:\AdwCleaner[S1].txt - [32777 octets] ##########









C:\AdwCleaner[S2].txt


# AdwCleaner v2.109 - Rapport créé le 02/02/2013 à 13:00:47
# Mis à jour le 26/01/2013 par Xplode
# Système d'exploitation : Windows 8 (64 bits)
# Nom d'utilisateur : nadege - NADÈGE
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\nadege\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Navigateurs] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v18.0.1 (fr)

Fichier : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [32342 octets] - [02/02/2013 12:26:21]
AdwCleaner[R2].txt - [1053 octets] - [02/02/2013 12:59:17]
AdwCleaner[R3].txt - [1054 octets] - [02/02/2013 12:59:29]
AdwCleaner[S1].txt - [32829 octets] - [02/02/2013 12:27:01]
AdwCleaner[S2].txt - [989 octets] - [02/02/2013 13:00:47]

########## EOF - C:\AdwCleaner[S2].txt - [1048 octets] ##########



# AdwCleaner v2.109 - Rapport créé le 02/02/2013 à 13:00:47
# Mis à jour le 26/01/2013 par Xplode
# Système d'exploitation : Windows 8 (64 bits)
# Nom d'utilisateur : nadege - NADÈGE
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\nadege\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Navigateurs] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v18.0.1 (fr)

Fichier : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [32342 octets] - [02/02/2013 12:26:21]
AdwCleaner[R2].txt - [1053 octets] - [02/02/2013 12:59:17]
AdwCleaner[R3].txt - [1054 octets] - [02/02/2013 12:59:29]
AdwCleaner[S1].txt - [32829 octets] - [02/02/2013 12:27:01]
AdwCleaner[S2].txt - [989 octets] - [02/02/2013 13:00:47]

########## EOF - C:\AdwCleaner[S2].txt - [1048 octets] ##########



Désolé, mais j'ai pas su faire autrement que l'afficher sur le forum.

;)
0
Réponse 7 / 31
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
5 avril 2013 à 14:10
Ton ordinateur est infecté par plusieurs logiciels publicitaires... Pour éviter ce genre de problème :
- Ne télécharge aucun programme proposé dans des publicités ou sur des sites suspects. A noter que certains sites connus comme O1net, Softronic, Tuto4PC, etc modifient parfois les programmes proposés au téléchargement pour y ajouter des logiciels publicitaires ==> Préfère toujours le téléchargement directement sur le site de l'éditeur.
- Au cours de l'installation d'un programme gratuit, lis bien attentivement et décoche tous les programmes additionnels qui sont proposés, en particulier les barres d'outils.
Pour ton information lis ces dossier sur les Programmes Potentiellement Indésirables et Les Barres d'Outils ce n'est pas obligatoires

Poste celui-ci également
C:\AdwCleaner[S3].txt

Smart
0
Réponse 8 / 31
nadege1976 Messages postés 12 Date d'inscription dimanche 24 juin 2012 Statut Membre Dernière intervention 5 avril 2013
5 avril 2013 à 14:39
Whouaaaa que de choses a lire....Merci pour ces liens à lire j'espère ne plus me faire avoir à l'avenir.
Oui j'avoue telecharger via 01net ou clubic ect ect.

:)

C:\AdwCleaner[S3].txt

# AdwCleaner v2.109 - Rapport créé le 05/04/2013 à 07:00:53
# Mis à jour le 26/01/2013 par Xplode
# Système d'exploitation : Windows 8 (64 bits)
# Nom d'utilisateur : nadege - NADÈGE
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\nadege\Documents\Logiciels\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files (x86)\Optimizer Pro
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Dossier Supprimé : C:\Users\nadege\AppData\Local\SwvUpdater
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\BabSolution
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Dossier Supprimé : C:\Users\nadege\AppData\Roaming\Optimizer Pro
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registre] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\Search Settings
Clé Supprimée : HKCU\Software\BabylonToolbar
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\Optimizer Pro
Clé Supprimée : HKCU\Software\aeded9b36fbd46
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap

***** [Navigateurs] *****

-\\ Internet Explorer v10.0.9200.16519

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v19.0.2 (fr)

Fichier : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\prefs.js

C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\user.js ... Supprimé !

Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", true);
Supprimée : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=120518&babsrc[...]

*************************

AdwCleaner[R1].txt - [32342 octets] - [02/02/2013 13:26:21]
AdwCleaner[R2].txt - [1053 octets] - [02/02/2013 13:59:17]
AdwCleaner[R3].txt - [1054 octets] - [02/02/2013 13:59:29]
AdwCleaner[R4].txt - [2591 octets] - [05/04/2013 07:00:18]
AdwCleaner[S1].txt - [32829 octets] - [02/02/2013 13:27:01]
AdwCleaner[S2].txt - [1117 octets] - [02/02/2013 14:00:47]
AdwCleaner[S3].txt - [2492 octets] - [05/04/2013 07:00:53]

########## EOF - C:\AdwCleaner[S3].txt - [2552 octets] ##########
0
Réponse 9 / 31
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
Modifié par Smart91 le 5/04/2013 à 15:26
Ta version d'adwCleaner n'est pas à jour, J'aurais dû le voir avant
Relance AdwCleaner et choisis désinstaller.
Ensuite télécharge le depuis ce lien:
http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner

Relance le en mode suppression et poste le rapport

Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
0
Réponse 10 / 31
nadege1976 Messages postés 12 Date d'inscription dimanche 24 juin 2012 Statut Membre Dernière intervention 5 avril 2013
5 avril 2013 à 15:54
Voici le rapport !


# AdwCleaner v2.200 - Rapport créé le 05/04/2013 à 15:47:13
# Mis à jour le 02/04/2013 par Xplode
# Système d'exploitation : Windows 8 (64 bits)
# Nom d'utilisateur : nadege - NADÈGE
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\nadege\Downloads\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files (x86)\Supreme Savings
Dossier Supprimé : C:\Users\nadege\AppData\Local\PackageAware
Fichier Supprimé : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\searchplugins\delta.xml

***** [Registre] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]

***** [Navigateurs] *****

-\\ Internet Explorer v10.0.9200.16519

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v19.0.2 (fr)

Fichier : C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\prefs.js

Supprimée : user_pref("browser.search.selectedEngine", "Delta Search");
Supprimée : user_pref("extensions.delta.admin", false);
Supprimée : user_pref("extensions.delta.aflt", "babsst");
Supprimée : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Supprimée : user_pref("extensions.delta.autoRvrt", "false");
Supprimée : user_pref("extensions.delta.dfltLng", "en");
Supprimée : user_pref("extensions.delta.excTlbr", false);
Supprimée : user_pref("extensions.delta.id", "a8007ca700000000000016e543a410d3");
Supprimée : user_pref("extensions.delta.instlDay", "15772");
Supprimée : user_pref("extensions.delta.instlRef", "sst");
Supprimée : user_pref("extensions.delta.newTab", false);
Supprimée : user_pref("extensions.delta.prdct", "delta");
Supprimée : user_pref("extensions.delta.prtnrId", "delta");
Supprimée : user_pref("extensions.delta.rvrt", "false");
Supprimée : user_pref("extensions.delta.smplGrp", "none");
Supprimée : user_pref("extensions.delta.tlbrId", "base");
Supprimée : user_pref("extensions.delta.tlbrSrchUrl", "");
Supprimée : user_pref("extensions.delta.vrsn", "1.8.10.0");
Supprimée : user_pref("extensions.delta.vrsnTs", "1.8.10.09:37:42");
Supprimée : user_pref("extensions.delta.vrsni", "1.8.10.0");

*************************

AdwCleaner[S1].txt - [2632 octets] - [05/04/2013 15:47:13]

########## EOF - C:\AdwCleaner[S1].txt - [2692 octets] ##########
0
Réponse 11 / 31
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
5 avril 2013 à 16:07
OK. Maintenant tu vas faire ceci:

* Télécharge et installe Malwarebytes
* A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
* Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme). C'est très important
* Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet puis "Rechercher"
* Ne t'inquiète pas, l'analyse peut durer plusieurs heures en fonction du nombre de fichiers et infections à analyser
* A la fin de l'analyse, clique sur "Afficher les résultats"
* Coche tous les éléments détectés puis clique sur "Supprimer la sélection"
* Enregistre le rapport
* S'il t'est demandé de redémarrer l'ordinateur, clique sur Yes
* Un rapport apparait après la suppression : poste le dans ta prochaine réponse.

Smart
0
Réponse 12 / 31
nadege1976 Messages postés 12 Date d'inscription dimanche 24 juin 2012 Statut Membre Dernière intervention 5 avril 2013
5 avril 2013 à 16:23
Ok super !!!!!! merci beaucoup ;)

Bon si j'ai bien compris, je posterai pas un nouveau message au moins avant demain matin lol.

Je vais suivre pas à pas tes recommandations puis je te tiendrais au courant, et je posterai le rapport.

Merci encore une fois pour cette aide

cordialement

Nadège
0
Réponse 13 / 31
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
5 avril 2013 à 16:50
OK. A demain ou peut-être à tout à l'heure, cela dépend du scan MBAM :-)

Smart
0
Réponse 14 / 31
nadege1976 Messages postés 12 Date d'inscription dimanche 24 juin 2012 Statut Membre Dernière intervention 5 avril 2013
5 avril 2013 à 18:12
Ben finalement cela a été bien plus rapide que c e que je pensai ;)

Le rapport, le voici ;)


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Version de la base de données: v2013.04.05.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
nadege :: NADÈGE [administrateur]

05/04/2013 16:22:09
mbam-log-2013-04-05 (16-22-09).txt

Type d'examen: Examen complet (C:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 377049
Temps écoulé: 1 heure(s), 15 minute(s), 43 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
0
Réponse 15 / 31
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
5 avril 2013 à 19:48
Refais un scan ZHPDiag et poste le rapport via pjjoint

Smart
0
Réponse 16 / 31
nadege1976
8 avril 2013 à 16:36
Bonjour,

Me re-voila.

Je post donc le rapport, désolé pour ne pas l'avoir poster avant, c'est la faute du week end lol ;)
J'éspère que tu es toujours la, et que tu pourras regarder mon rapport?!!!
Cordialement !
Nadège.

Rapport de ZHPDiag v2013.4.4.17 par Nicolas Coolman, Update du 04/04/2013
Run by nadege at 08/04/2013 16:24:40
State : Nouvelle version disponible
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16519
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 4M2MG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3658 MB (76% free)
System Restore: Activé (Enable)
System drive C: has 393 GB (87%) free of 448 GB

---\\ Logged in mode
~ Computer Name: NADÈGE
~ User Name: nadege
~ All Users Names: nadege, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\nadege\AppData\Roaming\
~ %Desktop% : C:\Users\nadege\Desktop\
~ %Favorites% : C:\Users\nadege\Favorites\
~ %LocalAppData% : C:\Users\nadege\AppData\Local\
~ %StartMenu% : C:\Users\nadege\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 393 Go of 448 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Free 0 Go of 2 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2769AF459DDA7140B73227C31DCE61BD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.04/02/2013 - 23:39:47.) -- C:\Windows\System32\wininet.dll [2246656]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/675
~ Mes Favoris (My Favorites) : 1/38
~ Mes Documents (My Documents) : 2/180
~ Mon Bureau (My Desktop) : 7/198
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 06s



---\\ Processus lancés
[MD5.7853D2AB445C10F97610B2B05FA4CF0A] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [512360] [PID.3884]
[MD5.1B38F4C2BCDB133B757E22BEB61FB3FC] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1176176] [PID.2884]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.2420]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917400] [PID.2628]
[MD5.CC94B2146C58DBD29976AEE9F841E2BA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6471680] [PID.4572]
~ Processes Running: Scanned in 00mn 03s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\prefs.js
M3 - MFPP: Plugins - [nadege] -- C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\searchplugins\utorrentbarfr-customized-web-search.xml
M3 - MFPP: Plugins - [nadege] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [nadege] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [nadege] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [nadege] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [nadege] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [nadege] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [nadege] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml
M3 - MFPP: Plugins - [nadege] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo.xml
M0 - MFSP: prefs.js [nadege - wfchkby5.default] http://www.google.fr
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16384 (win8_rtm.120725-1247)) -- C:\Windows\SysWOW64\ieframe.dll
R3 - URLSearchHook: IObit Apps Toolbar [64Bits] - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) (6, 7, 0, 4) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\6.7\iobitappsToolbarIE.dll
R3 - URLSearchHook: (no name) [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) (No version) -- (.not file.)
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IObit Apps Toolbar [64Bits] - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\6.7\iobitappsToolbarIE.dll
~ BHO: 5 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\nadege\Desktop\Agenda.url . (...) -- C:\Documents And Settings\nadege\Desktop\Agenda.url
O4 - Global Startup: C:\Documents And Settings\nadege\Desktop\Gmail.URL . (...) -- C:\Documents And Settings\nadege\Desktop\Gmail.URL
O4 - GS\Desktop: HP Officejet 5600 series - Raccourci.lnk - Clé orpheline
O4 - Global Startup: C:\Documents And Settings\nadege\Desktop\Météo 12 jours.URL . (...) -- C:\Documents And Settings\nadege\Desktop\Météo 12 jours.URL
~ Global Startup: Scanned in 00mn 00s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 6 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBBF4675-2E0B-4BAE-BB19-9FD41889B630}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9D611D2-4A6F-4168-BF28-9583C27D99C2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BBBF4675-2E0B-4BAE-BB19-9FD41889B630}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F9D611D2-4A6F-4168-BF28-9583C27D99C2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Dritek WMI Service (DsiWMIService) . (.Dritek System Inc. - Dritek WMI Service.) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) . (.SurfRight B.V. - HitmanPro Scheduler.) - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) . (.Dritek System INC. - RfBtnSvc Application.) - C:\Windows\RfBtnSvc64.exe
~ Services: 13 Legitimates Scanned in 01mn 07s



---\\ Enumération Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 2 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [314]
[MD5.A35F3BCC83B932F0F50571F7B12632DF] [APT] [ALU] (...) -- C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [3331216]
[MD5.BD0BA490E0300E859DB99DA3AB024371] [APT] [ALUAgent] (...) -- C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [39568]
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\WINDOWS\AutoKMS\AutoKMS.exe (.not file.) [0]
[MD5.A05EACA4BAA606947B948B3EE213F8D1] [APT] [Power Management] (.Acer Incorporated.) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [5294736]
[MD5.00000000000000000000000000000000] [APT] [{87D2E17E-20EE-44E3-96F7-FA1B1F4B0F7B}] (...) -- C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe (.not file.) [0] =>Toolbar.Tarma
~ Scheduled Task: 12 Legitimates Scanned in 00mn 28s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 9 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (aswFW) . (.AVAST Software - avast! Filtering TDI driver.) - C:\Windows\system32\drivers\aswFW.sys
~ Drivers: 40 Legitimates Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: EBP Auto-entrepreneur Pratic Open Line 2013 5.0 - (.EBP.) [HKLM][64Bits] -- EBP Auto-entrepreneur Pratic Open Line 2013 5.0
O42 - Logiciel: Light Image Resizer 4.4.1.4 - (.ObviousIdea.) [HKLM][64Bits] -- {EBE030DD-D404-4D92-85E9-8C3624820808}_is1
O42 - Logiciel: avast! Internet Security v8.0.1483.0 - (.AVAST Software.) [HKLM][64Bits] -- avast
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKLM][64Bits] -- uTorrent
~ Logic: 85 Legitimates Scanned in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Supreme Savings]
[HKCU\Software\BitTorrent]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\DomaIQ]
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
~ Key Software: 181 Legitimates Scanned in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/01/2013 - 17:53:27 - [5,086] ----D C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD: 05/04/2013 - 12:47:29 - [1,294] ----D C:\Program Files (x86)\Spybot - Search & Destroy 2
O43 - CFD: 12/12/2012 - 10:53:19 - [0,924] ----D C:\Program Files (x86)\uTorrent
O43 - CFD: 31/01/2013 - 13:03:36 - [15,522] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 18/01/2013 - 17:25:48 - [304,757] --H-D C:\ProgramData\{43B55ACB-A031-4DC3-AA95-8492F35E13ED}
O43 - CFD: 18/01/2013 - 17:23:01 - [10,667] --H-D C:\ProgramData\{DD7CFB04-42B1-4737-ACA3-D31B857C0687}
O43 - CFD: 31/10/2012 - 19:58:21 - [0,261] ----D C:\Users\nadege\AppData\Roaming\lm
O43 - CFD: 17/12/2012 - 17:24:52 - [0,001] ----D C:\Users\nadege\AppData\Roaming\PDF Pro 10
O43 - CFD: 07/04/2013 - 09:54:34 - [2,657] ----D C:\Users\nadege\AppData\Roaming\uTorrent
O43 - CFD: 18/01/2013 - 17:36:04 - [0] ----D C:\Users\nadege\AppData\Local\Stimulsoft
O43 - CFD: 18/01/2013 - 17:36:17 - [0] ----D C:\Users\nadege\AppData\Local\StimulsoftReportsResources
~ Program Folder: 158 Legitimates Scanned in 00mn 43s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5C32CBFDFD2EF7F0A0A08DFE03CD0EFA] - 05/04/2013 - 14:47:40 ---A- . (...) -- C:\AdwCleaner[S1].txt [2761]
O44 - LFC:[MD5.1582578921B738B981596C0AFF2A109B] - 05/04/2013 - 08:55:34 ---A- . (...) -- C:\UsbFix [Clean 2] NADÈGE.txt [8028]
O44 - LFC:[MD5.38E0F1C28DC1280D82A0A50EB68E0F31] - 05/04/2013 - 08:48:08 ----- . (...) -- C:\UsbFix [Scan 1] NADÈGE.txt [6667]
~ Files: 123 Legitimates Scanned in 00mn 33s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.296A08CB3CAA48C8B06ED42EA3F1C145] - 01/04/2013 - 08:22:32 ---A- - C:\Windows\Prefetch\HPPSDR.EXE-58D6C017.pf
O45 - LFCP:[MD5.1A85C6BF2157C34EEB7CE66DC49E7A0C] - 01/04/2013 - 08:25:03 ---A- - C:\Windows\Prefetch\HPDIAGNOSTICCOREUI.EXE-E552A55F.pf
O45 - LFCP:[MD5.EDD24B2C88D1A9070596C423D641CD63] - 01/04/2013 - 16:30:17 ---A- - C:\Windows\Prefetch\NETPLWIZ.EXE-AFF278BB.pf
O45 - LFCP:[MD5.784386D4277B0000B8F9F5B2CBB715B1] - 01/04/2013 - 16:31:42 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.D1F083C7BA5AD288FF1AD21E7A1C647F] - 02/04/2013 - 15:03:12 ---A- - C:\Windows\Prefetch\TCT-NEIGE.EXE-6B9FD2B2.pf
O45 - LFCP:[MD5.F6A10257763C2C030A4278D4CD091717] - 03/04/2013 - 12:48:49 ---A- - C:\Windows\Prefetch\OPTPROREMINDER.EXE-EBA8C8D1.pf
O45 - LFCP:[MD5.1036ABC652EEE04CB6F09E7FDF6C4227] - 05/04/2013 - 05:55:53 ---A- - C:\Windows\Prefetch\RESIZE.EXE-5E7A1952.pf
O45 - LFCP:[MD5.3150301929F443DB3495CF28F7AFD4DF] - 05/04/2013 - 05:58:44 ---A- - C:\Windows\Prefetch\ONENOTE.EXE-7A7C97BB.pf
O45 - LFCP:[MD5.D5FF4D47FE7A52550600A0040922D332] - 05/04/2013 - 05:59:44 ---A- - C:\Windows\Prefetch\MSHTA.EXE-ED0DFDDF.pf
O45 - LFCP:[MD5.7AEF3A95DB8DFC388C93ECFBCA28EF82] - 05/04/2013 - 08:14:42 ---A- - C:\Windows\Prefetch\SPYBOTSD2(3).TMP-247BC9BF.pf
O45 - LFCP:[MD5.869208AB6A3399F15AED2745B1EBF0F5] - 05/04/2013 - 08:14:42 ---A- - C:\Windows\Prefetch\SPYBOTSD2(3).TMP-F66703A0.pf
O45 - LFCP:[MD5.A2776ABEFA0A270724C4F1E33C01F84E] - 05/04/2013 - 08:21:23 ---A- - C:\Windows\Prefetch\SPYBOT_SEARCH_DESTROY_2_27_03-E4458552.pf
O45 - LFCP:[MD5.71CD7DB7A8EC7F445E7D9D426D5D658C] - 05/04/2013 - 08:21:27 ---A- - C:\Windows\Prefetch\SPYBOT_SEARCH_DESTROY_2_27_03-FD61A110.pf
O45 - LFCP:[MD5.92E4CA4CD4D34323A643CB964DB56B2D] - 05/04/2013 - 08:48:44 ---A- - C:\Windows\Prefetch\GIMP-2.8.EXE-C510E11E.pf
O45 - LFCP:[MD5.138F720FCA9954F1812AEC708265B669] - 05/04/2013 - 08:59:34 ---A- - C:\Windows\Prefetch\GO.EXE-34414F70.pf
O45 - LFCP:[MD5.11BC958D69F528F4AF525C7BA29B06D3] - 05/04/2013 - 09:19:58 ---A- - C:\Windows\Prefetch\UNINS000.EXE-6B3C5C94.pf
O45 - LFCP:[MD5.9BA09BE41F779698646A412FE4BD1FA7] - 05/04/2013 - 10:44:30 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.B8A70977BF3BB2C12DBCF303832FC415] - 05/04/2013 - 11:45:40 ---A- - C:\Windows\Prefetch\UNINS000.EXE-7905E4F2.pf
O45 - LFCP:[MD5.4511DFBD0A33618CCA318CFE2AA01BA7] - 05/04/2013 - 12:21:39 ---A- - C:\Windows\Prefetch\IDCARD.EXE-3E87601F.pf
O45 - LFCP:[MD5.CBD798631E89F9AF72071FCEAB250714] - 05/04/2013 - 15:13:22 ---A- - C:\Windows\Prefetch\UNINS000.EXE-B2F9B9B1.pf
O45 - LFCP:[MD5.BDAFD2DFCC4EEBB6BDBF8BB3E38A1D12] - 05/04/2013 - 15:13:25 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-53C840C8.pf
O45 - LFCP:[MD5.D7AB4885CD96ED753531713307A081DF] - 05/04/2013 - 19:43:02 ---A- - C:\Windows\Prefetch\TWITTER-WIN8.EXE-E9757E8E.pf
O45 - LFCP:[MD5.F5C293ECF1A907BD72FA248FC187F269] - 06/04/2013 - 06:57:05 ---A- - C:\Windows\Prefetch\BYTECODEGENERATOR.EXE-353D57C0.pf
O45 - LFCP:[MD5.C5679B1E8C49AA0D87B094E08D5EE5E0] - 06/04/2013 - 06:58:35 ---A- - C:\Windows\Prefetch\EBP.INVOICING.APPLICATION.EXE-8384E454.pf
O45 - LFCP:[MD5.DA9F440906DC221EA470FD99115F514B] - 06/04/2013 - 07:04:08 ---A- - C:\Windows\Prefetch\EBP.WEBCLIENT.EXE-2AFB847A.pf
O45 - LFCP:[MD5.0845B0B3D1C1C2C3EBF6B191C9C96659] - 06/04/2013 - 20:23:30 ---A- - C:\Windows\Prefetch\LIVECOMM.EXE-C9701AA1.pf
O45 - LFCP:[MD5.6F72A9D6BCC11CA15940A1466D570A78] - 07/04/2013 - 07:36:32 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-2E583999.pf
O45 - LFCP:[MD5.7A2E581C5E694059F67E09E16259BF34] - 07/04/2013 - 11:55:32 ---A- - C:\Windows\Prefetch\RFBTNSVC64.EXE-4CA3F3BE.pf
O45 - LFCP:[MD5.30A541D2166384AA4B07D30CB9781625] - 07/04/2013 - 20:32:58 ---A- - C:\Windows\Prefetch\EPOWERBUTTON.EXE-80D380BE.pf
O45 - LFCP:[MD5.078C34DC74A6F865B9783C36D56A749A] - 08/04/2013 - 14:30:34 ---A- - C:\Windows\Prefetch\RICONMAN.EXE-D63AD6B8.pf
O45 - LFCP:[MD5.38A886096328E3589FD77EBDAE8CE8DD] - 08/04/2013 - 14:33:12 ---A- - C:\Windows\Prefetch\HITMANPRO.EXE-EC5CE514.pf
O45 - LFCP:[MD5.D268CD6805610DE1163C5BDB48280F30] - 08/04/2013 - 14:33:12 ---A- - C:\Windows\Prefetch\LMUTILPS32.EXE-9827F12C.pf
O45 - LFCP:[MD5.A396C208C511D945B72F4EBA07BD0CDB] - 08/04/2013 - 14:35:54 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.9CDF99978BAE79B3FA97BD75ED0E4596] - 08/04/2013 - 15:15:01 ---A- - C:\Windows\Prefetch\DKRUN32.EXE-8583E6AC.pf
O45 - LFCP:[MD5.9AD7ABA66083C68E97F16093F375FDF7] - 08/04/2013 - 15:15:10 ---A- - C:\Windows\Prefetch\LMANAGER.EXE-49876884.pf
O45 - LFCP:[MD5.090D8A3FCDA08B4B703F760B9A365AEF] - 08/04/2013 - 15:22:36 ---A- - C:\Windows\Prefetch\MMDX64FX.EXE-4C9473D7.pf
O45 - LFCP:[MD5.0AFBAD3FD466381E2B113B5686A2CFE4] - 08/04/2013 - 15:22:38 ---A- - C:\Windows\Prefetch\HD-LOGROTATOR.EXE-AAB4E25E.pf
O45 - LFCP:[MD5.96CC29B608CAC71C8E0BFAB036331F89] - 08/04/2013 - 15:26:05 ---A- - C:\Windows\Prefetch\EPOWERSVC.EXE-76E124E6.pf
O45 - LFCP:[MD5.CE94E3DC6C24DFE2FBE98C13D20BBA12] - 08/04/2013 - 15:26:41 ---A- - C:\Windows\Prefetch\SETAPM.EXE-9D9BA1F2.pf
O45 - LFCP:[MD5.CC11E1DA67C3BD4F04B11DAE64215121] - 09/03/2013 - 09:16:08 ---A- - C:\Windows\Prefetch\GIMP-2.8.4-SETUP.TMP-15731882.pf
O45 - LFCP:[MD5.F0DC5B5925D6B5CD702FCD7B0D262E21] - 09/03/2013 - 09:16:10 ---A- - C:\Windows\Prefetch\GIMP-2.8.4-SETUP.TMP-1014D41C.pf
O45 - LFCP:[MD5.A498561B80D36E3ECC382FAA345BA3B6] - 09/03/2013 - 09:21:21 ---A- - C:\Windows\Prefetch\GIMP-2.8.2-SETUP-1.TMP-CF66C8F2.pf
O45 - LFCP:[MD5.61B4CE3BD12E04F07A560E6D392E0C4C] - 27/03/2013 - 09:02:08 ---A- - C:\Windows\Prefetch\LIGHT_IMAGE_RESIZER4_SETUP_SO-73180A1D.pf
O45 - LFCP:[MD5.4876687896C4F4BD111F9E8478F05812] - 27/03/2013 - 09:02:10 ---A- - C:\Windows\Prefetch\LIGHT_IMAGE_RESIZER4_SETUP_SO-3AE36651.pf
O45 - LFCP:[MD5.7198C63DC3AD101841F63B131422B0BA] - 31/03/2013 - 12:49:19 ---A- - C:\Windows\Prefetch\PICKERHOST.EXE-03F09186.pf
~ Prefetcher: 222 Legitimates Scanned in 00mn 04s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 19 Legitimates Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3
~ MWPE Keys: 7 Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26/07/2012 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/04/2013 - 05:28:19 ---A- C:\Users\nadege\AppData\Roaming\Thunderbird\Crash Reports\InstallTime20130328110546 [10]
O61 - LFC: 05/04/2013 - 05:28:26 ---A- C:\Users\nadege\AppData\Local\Thunderbird\Mozilla Thunderbird\active-update.xml [57]
O61 - LFC: 05/04/2013 - 05:28:27 ---A- C:\Users\nadege\AppData\Local\Thunderbird\Mozilla Thunderbird\updates.xml [4577]
O61 - LFC: 05/04/2013 - 05:47:17 -SHA- C:\Users\nadege\Documents\aviva 17.01.13\Thumbs.db [47104]
O61 - LFC: 05/04/2013 - 05:48:12 -SHA- C:\Users\nadege\Documents\SITE INTERNET\GOOGLE DOCS\etude de marche aout 2012\Thumbs.db [89600]
O61 - LFC: 05/04/2013 - 05:58:43 ---A- C:\Users\nadege\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat [196488]
O61 - LFC: 05/04/2013 - 08:20:35 ---A- C:\Users\nadege\Downloads\spybot_search_destroy_2_27_03_2013_fr_10965.exe [55454464]
O61 - LFC: 05/04/2013 - 08:42:21 ---A- C:\Users\nadege\Downloads\UsbFix.exe [1024813]
O61 - LFC: 05/04/2013 - 08:48:35 ---A- C:\Users\nadege\.gimp-2.8\themerc [355]
O61 - LFC: 05/04/2013 - 08:48:46 ---A- C:\Users\nadege\.gimp-2.8\pluginrc [277770]
O61 - LFC: 05/04/2013 - 08:51:13 ---A- C:\Users\nadege\.gimp-2.8\colorrc [739]
O61 - LFC: 05/04/2013 - 08:51:13 ---A- C:\Users\nadege\.gimp-2.8\controllerrc [1863]
O61 - LFC: 05/04/2013 - 08:51:13 ---A- C:\Users\nadege\.gimp-2.8\dockrc [1124]
O61 - LFC: 05/04/2013 - 08:51:13 ---A- C:\Users\nadege\.gimp-2.8\menurc [72513]
O61 - LFC: 05/04/2013 - 08:51:13 ---A- C:\Users\nadege\.gimp-2.8\sessionrc [821]
O61 - LFC: 05/04/2013 - 08:51:14 ---A- C:\Users\nadege\.gimp-2.8\toolrc [3996]
O61 - LFC: 05/04/2013 - 08:51:15 ---A- C:\Users\nadege\.gimp-2.8\parasiterc [102]
O61 - LFC: 05/04/2013 - 08:51:15 ---A- C:\Users\nadege\.gimp-2.8\tags.xml [34247]
O61 - LFC: 05/04/2013 - 08:51:15 ---A- C:\Users\nadege\.gimp-2.8\templaterc [4817]
O61 - LFC: 05/04/2013 - 08:51:15 ---A- C:\Users\nadege\.gimp-2.8\unitrc [1178]
O61 - LFC: 05/04/2013 - 14:46:44 ---A- C:\Users\nadege\Downloads\adwcleaner.exe [613083]
O61 - LFC: 05/04/2013 - 15:14:20 ---A- C:\Users\nadege\Downloads\mbam-setup-1.70.0.1100.exe [10156344]
O61 - LFC: 06/04/2013 - 06:58:46 ---A- C:\Users\nadege\AppData\Local\EBP\Invoicing5.0FR03\Info.xml [231]
O61 - LFC: 07/04/2013 - 07:36:27 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\dlimagecache\1D67A7A87EE6B20D306B59AC55A6F73A9A1D3540 [37532]
O61 - LFC: 07/04/2013 - 08:06:22 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\settings.dat.old [103300]
O61 - LFC: 07/04/2013 - 08:36:22 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\settings.dat [103309]
O61 - LFC: 07/04/2013 - 08:47:54 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\dht_feed.dat.old [2]
O61 - LFC: 07/04/2013 - 08:52:33 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\resume.dat.old [138920]
O61 - LFC: 07/04/2013 - 08:52:59 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\dht_feed.dat [2]
O61 - LFC: 07/04/2013 - 08:54:34 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\resume.dat [137984]
~ 9 Fichiers temporaires (Temporary files)
~ Files: 1208 Legitimates Scanned in 02mn 49s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {CBDC6EAF-A75F-42B2-AF86-7BCFD5227B58} - (Yahoo! Search) - http://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 34 Legitimates Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{10CD693B-E6B9-4432-A5A1-D83B48189770}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{F960B88E-3FBC-4039-B7EC-A1ED7A59AAB2}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "TCP Query User{FF114904-12AA-4B28-8A17-E17245E6C8A1}C:\windows\kmsemulator.exe" | In - Public - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe
O87 - FAEL: "UDP Query User{BD56F3FE-59FC-46FD-B837-992806E07759}C:\windows\kmsemulator.exe" | In - Public - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe
~ Firewall: 223 Legitimates Scanned in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : v2.11417 - (04/04/2013)
Clés trouvées (Keys found) : 85
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel: Scanned in 00mn 54s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "7672DADFAC1183D4C94C8477C03ECCB7" . (.Notification Center.) -- C:\Windows\Installer\{FDAD2767-11CA-4D38-9CC4-48770CE3CC7B}\BlueStacksIcon
~ Update Products: 94 Legitimates Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 07/11/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 07/03/2013 136912 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SS - | Auto 05/12/2012 393080 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
SR - | Auto 05/12/2012 384888 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
SS - | Demand 31/07/2012 466064 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
SR - | Auto 21/08/2012 348784 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Demand 31/07/2012 659600 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
SR - | Auto 29/03/2013 109352 | (HitmanProScheduler) . (.SurfRight B.V..) - C:\Program Files\HitmanPro\hmpsched.exe
SR - | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 14/12/2012 398184 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 14/12/2012 682344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 11/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 26/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 04/09/2012 93296 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by nadege at 08/04/2013 16:35:59

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



End of the scan (673 lines in 11mn 19s)(0)
0
Réponse 17 / 31
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
8 avril 2013 à 16:52
La version de ZHPDiag n'est plus à jour ( normal depuis 5 jours).
Relance ZHPDiag, clique sur la fléche verte pour installer la mise à jour et poste le rapport via pjjoint
Très important utilise pjjoint poster le rapport

Smart
0
Réponse 18 / 31
nadege1976
8 avril 2013 à 17:22
Ok Ok pour la mise à jour


nouveau rapport

Rapport de ZHPDiag v2013.4.7.45 par Nicolas Coolman, Update du 07/04/2013
Run by nadege at 08/04/2013 17:12:07
State : Version à jour.
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16519
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 4M2MG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3658 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 393 GB (87%) free of 448 GB

---\\ Logged in mode
~ Computer Name: NADÈGE
~ User Name: nadege
~ All Users Names: nadege, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\nadege\AppData\Roaming\
~ %Desktop% : C:\Users\nadege\Desktop\
~ %Favorites% : C:\Users\nadege\Favorites\
~ %LocalAppData% : C:\Users\nadege\AppData\Local\
~ %StartMenu% : C:\Users\nadege\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 393 Go of 448 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Free 0 Go of 2 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2769AF459DDA7140B73227C31DCE61BD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.04/02/2013 - 23:39:47.) -- C:\Windows\System32\wininet.dll [2246656]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/675
~ Mes Favoris (My Favorites) : 1/38
~ Mes Documents (My Documents) : 2/180
~ Mon Bureau (My Desktop) : 7/198
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.7853D2AB445C10F97610B2B05FA4CF0A] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [512360] [PID.3884]
[MD5.1B38F4C2BCDB133B757E22BEB61FB3FC] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1176176] [PID.2884]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.2420]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917400] [PID.2628]
[MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.4192]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.4176]
[MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - Hôte Microsoft WWA.) -- C:\Windows\syswow64\wwahost.exe [333824] [PID.5028]
[MD5.B4773405A0C1632A3584D77C65D0B63E] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [389016] [PID.1056]
[MD5.605664E657464F558F51C84A0F93029F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6558208] [PID.4140]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\prefs.js
M3 - MFPP: Plugins - [nadege] -- C:\Users\nadege\AppData\Roaming\Mozilla\Firefox\Profiles\wfchkby5.default\searchplugins\utorrentbarfr-customized-web-search.xml
M3 - MFPP: Plugins - [nadege] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo.xml
~ Firefox Browser: 13 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16384 (win8_rtm.120725-1247)) -- C:\Windows\SysWOW64\ieframe.dll
R3 - URLSearchHook: IObit Apps Toolbar [64Bits] - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) (6, 7, 0, 4) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\6.7\iobitappsToolbarIE.dll =>PUP.Dealio
R3 - URLSearchHook: (no name) [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) (No version) -- (.not file.) =>PUP.Dealio
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IObit Apps Toolbar [64Bits] - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\6.7\iobitappsToolbarIE.dll =>PUP.Dealio
~ BHO: 5 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\nadege\Desktop\Agenda.url . (...) -- C:\Documents And Settings\nadege\Desktop\Agenda.url
O4 - Global Startup: C:\Documents And Settings\nadege\Desktop\Gmail.URL . (...) -- C:\Documents And Settings\nadege\Desktop\Gmail.URL
O4 - GS\Desktop: HP Officejet 5600 series - Raccourci.lnk - Clé orpheline
O4 - Global Startup: C:\Documents And Settings\nadege\Desktop\Météo 12 jours.URL . (...) -- C:\Documents And Settings\nadege\Desktop\Météo 12 jours.URL
~ Global Startup: Scanned in 00mn 00s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 6 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBBF4675-2E0B-4BAE-BB19-9FD41889B630}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9D611D2-4A6F-4168-BF28-9583C27D99C2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BBBF4675-2E0B-4BAE-BB19-9FD41889B630}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F9D611D2-4A6F-4168-BF28-9583C27D99C2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
~ Services: 13 Legitimates Scanned in 01mn 48s



---\\ Enumération Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 2 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [314]
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\WINDOWS\AutoKMS\AutoKMS.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{87D2E17E-20EE-44E3-96F7-FA1B1F4B0F7B}] (...) -- C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe (.not file.) [0] =>Toolbar.Tarma
~ Scheduled Task: 12 Legitimates Scanned in 00mn 08s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 9 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
~ Drivers: 40 Legitimates Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: avast! Internet Security v8.0.1483.0 - (.AVAST Software.) [HKLM][64Bits] -- avast
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKLM][64Bits] -- uTorrent
~ Logic: 83 Legitimates Scanned in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Supreme Savings]
[HKCU\Software\BitTorrent]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\DomaIQ]
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
~ Key Software: 181 Legitimates Scanned in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/01/2013 - 17:53:27 - [5,086] ----D C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD: 05/04/2013 - 12:47:29 - [1,294] ----D C:\Program Files (x86)\Spybot - Search & Destroy 2
O43 - CFD: 12/12/2012 - 10:53:19 - [0,924] ----D C:\Program Files (x86)\uTorrent
O43 - CFD: 31/01/2013 - 13:03:36 - [15,522] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 18/01/2013 - 17:25:48 - [304,757] --H-D C:\ProgramData\{43B55ACB-A031-4DC3-AA95-8492F35E13ED}
O43 - CFD: 31/10/2012 - 19:58:21 - [0,262] ----D C:\Users\nadege\AppData\Roaming\lm
O43 - CFD: 07/04/2013 - 09:54:34 - [2,657] ----D C:\Users\nadege\AppData\Roaming\uTorrent
~ Program Folder: 158 Legitimates Scanned in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5C32CBFDFD2EF7F0A0A08DFE03CD0EFA] - 05/04/2013 - 14:47:40 ---A- . (...) -- C:\AdwCleaner[S1].txt [2761]
O44 - LFC:[MD5.1582578921B738B981596C0AFF2A109B] - 05/04/2013 - 08:55:34 ---A- . (...) -- C:\UsbFix [Clean 2] NADÈGE.txt [8028]
O44 - LFC:[MD5.38E0F1C28DC1280D82A0A50EB68E0F31] - 05/04/2013 - 08:48:08 ----- . (...) -- C:\UsbFix [Scan 1] NADÈGE.txt [6667]
~ Files: 123 Legitimates Scanned in 00mn 11s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.EDD24B2C88D1A9070596C423D641CD63] - 01/04/2013 - 16:30:17 ---A- - C:\Windows\Prefetch\NETPLWIZ.EXE-AFF278BB.pf
O45 - LFCP:[MD5.784386D4277B0000B8F9F5B2CBB715B1] - 01/04/2013 - 16:31:42 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.D1F083C7BA5AD288FF1AD21E7A1C647F] - 02/04/2013 - 15:03:12 ---A- - C:\Windows\Prefetch\TCT-NEIGE.EXE-6B9FD2B2.pf
O45 - LFCP:[MD5.F6A10257763C2C030A4278D4CD091717] - 03/04/2013 - 12:48:49 ---A- - C:\Windows\Prefetch\OPTPROREMINDER.EXE-EBA8C8D1.pf
O45 - LFCP:[MD5.1036ABC652EEE04CB6F09E7FDF6C4227] - 05/04/2013 - 05:55:53 ---A- - C:\Windows\Prefetch\RESIZE.EXE-5E7A1952.pf
O45 - LFCP:[MD5.3150301929F443DB3495CF28F7AFD4DF] - 05/04/2013 - 05:58:44 ---A- - C:\Windows\Prefetch\ONENOTE.EXE-7A7C97BB.pf
O45 - LFCP:[MD5.D5FF4D47FE7A52550600A0040922D332] - 05/04/2013 - 05:59:44 ---A- - C:\Windows\Prefetch\MSHTA.EXE-ED0DFDDF.pf
O45 - LFCP:[MD5.138F720FCA9954F1812AEC708265B669] - 05/04/2013 - 08:59:34 ---A- - C:\Windows\Prefetch\GO.EXE-34414F70.pf
O45 - LFCP:[MD5.9BA09BE41F779698646A412FE4BD1FA7] - 05/04/2013 - 10:44:30 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.4511DFBD0A33618CCA318CFE2AA01BA7] - 05/04/2013 - 12:21:39 ---A- - C:\Windows\Prefetch\IDCARD.EXE-3E87601F.pf
O45 - LFCP:[MD5.BDAFD2DFCC4EEBB6BDBF8BB3E38A1D12] - 05/04/2013 - 15:13:25 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-53C840C8.pf
O45 - LFCP:[MD5.D7AB4885CD96ED753531713307A081DF] - 05/04/2013 - 19:43:02 ---A- - C:\Windows\Prefetch\TWITTER-WIN8.EXE-E9757E8E.pf
O45 - LFCP:[MD5.F5C293ECF1A907BD72FA248FC187F269] - 06/04/2013 - 06:57:05 ---A- - C:\Windows\Prefetch\BYTECODEGENERATOR.EXE-353D57C0.pf
O45 - LFCP:[MD5.C5679B1E8C49AA0D87B094E08D5EE5E0] - 06/04/2013 - 06:58:35 ---A- - C:\Windows\Prefetch\EBP.INVOICING.APPLICATION.EXE-8384E454.pf
O45 - LFCP:[MD5.0845B0B3D1C1C2C3EBF6B191C9C96659] - 06/04/2013 - 20:23:30 ---A- - C:\Windows\Prefetch\LIVECOMM.EXE-C9701AA1.pf
O45 - LFCP:[MD5.6F72A9D6BCC11CA15940A1466D570A78] - 07/04/2013 - 07:36:32 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-2E583999.pf
O45 - LFCP:[MD5.7A2E581C5E694059F67E09E16259BF34] - 07/04/2013 - 11:55:32 ---A- - C:\Windows\Prefetch\RFBTNSVC64.EXE-4CA3F3BE.pf
O45 - LFCP:[MD5.30A541D2166384AA4B07D30CB9781625] - 07/04/2013 - 20:32:58 ---A- - C:\Windows\Prefetch\EPOWERBUTTON.EXE-80D380BE.pf
O45 - LFCP:[MD5.078C34DC74A6F865B9783C36D56A749A] - 08/04/2013 - 14:30:34 ---A- - C:\Windows\Prefetch\RICONMAN.EXE-D63AD6B8.pf
O45 - LFCP:[MD5.D268CD6805610DE1163C5BDB48280F30] - 08/04/2013 - 14:33:12 ---A- - C:\Windows\Prefetch\LMUTILPS32.EXE-9827F12C.pf
O45 - LFCP:[MD5.A396C208C511D945B72F4EBA07BD0CDB] - 08/04/2013 - 14:35:54 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.9CDF99978BAE79B3FA97BD75ED0E4596] - 08/04/2013 - 15:15:01 ---A- - C:\Windows\Prefetch\DKRUN32.EXE-8583E6AC.pf
O45 - LFCP:[MD5.090D8A3FCDA08B4B703F760B9A365AEF] - 08/04/2013 - 15:22:36 ---A- - C:\Windows\Prefetch\MMDX64FX.EXE-4C9473D7.pf
O45 - LFCP:[MD5.0AFBAD3FD466381E2B113B5686A2CFE4] - 08/04/2013 - 15:22:38 ---A- - C:\Windows\Prefetch\HD-LOGROTATOR.EXE-AAB4E25E.pf
O45 - LFCP:[MD5.96CC29B608CAC71C8E0BFAB036331F89] - 08/04/2013 - 15:26:05 ---A- - C:\Windows\Prefetch\EPOWERSVC.EXE-76E124E6.pf
O45 - LFCP:[MD5.F46E4811BF8F6C6FAAB100BCC2A73B91] - 08/04/2013 - 16:07:57 ---A- - C:\Windows\Prefetch\LIVECOMM.EXE-F1928578.pf
~ Prefetcher: 228 Legitimates Scanned in 00mn 01s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 19 Legitimates Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
~ MWPE Keys: 7 Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26/07/2012 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/04/2013 - 05:28:19 ---A- C:\Users\nadege\AppData\Roaming\Thunderbird\Crash Reports\InstallTime20130328110546 [10]
O61 - LFC: 05/04/2013 - 05:28:26 ---A- C:\Users\nadege\AppData\Local\Thunderbird\Mozilla Thunderbird\active-update.xml [57]
O61 - LFC: 05/04/2013 - 05:28:27 ---A- C:\Users\nadege\AppData\Local\Thunderbird\Mozilla Thunderbird\updates.xml [4577]
O61 - LFC: 05/04/2013 - 05:47:17 -SHA- C:\Users\nadege\Documents\aviva 17.01.13\Thumbs.db [47104]
O61 - LFC: 05/04/2013 - 05:48:12 -SHA- C:\Users\nadege\Documents\SITE INTERNET\GOOGLE DOCS\etude de marche aout 2012\Thumbs.db [89600]
O61 - LFC: 05/04/2013 - 05:58:43 ---A- C:\Users\nadege\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat [196488]
O61 - LFC: 05/04/2013 - 08:20:35 ---A- C:\Users\nadege\Downloads\spybot_search_destroy_2_27_03_2013_fr_10965.exe [55454464]
O61 - LFC: 05/04/2013 - 08:42:21 ---A- C:\Users\nadege\Downloads\UsbFix.exe [1024813]
O61 - LFC: 05/04/2013 - 14:46:44 ---A- C:\Users\nadege\Downloads\adwcleaner.exe [613083]
O61 - LFC: 05/04/2013 - 15:14:20 ---A- C:\Users\nadege\Downloads\mbam-setup-1.70.0.1100.exe [10156344]
O61 - LFC: 06/04/2013 - 06:58:46 ---A- C:\Users\nadege\AppData\Local\EBP\Invoicing5.0FR03\Info.xml [231]
O61 - LFC: 07/04/2013 - 07:36:27 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\dlimagecache\1D67A7A87EE6B20D306B59AC55A6F73A9A1D3540 [37532]
O61 - LFC: 07/04/2013 - 08:06:22 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\settings.dat.old [103300]
O61 - LFC: 07/04/2013 - 08:36:22 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\settings.dat [103309]
O61 - LFC: 07/04/2013 - 08:47:54 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\dht_feed.dat.old [2]
O61 - LFC: 07/04/2013 - 08:52:33 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\resume.dat.old [138920]
O61 - LFC: 07/04/2013 - 08:52:59 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\dht_feed.dat [2]
O61 - LFC: 07/04/2013 - 08:54:34 ---A- C:\Users\nadege\AppData\Roaming\uTorrent\resume.dat [137984]
~ 9 Fichiers temporaires (Temporary files)
~ Files: 1228 Legitimates Scanned in 00mn 31s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {CBDC6EAF-A75F-42B2-AF86-7BCFD5227B58} - (Yahoo! Search) - http://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 34 Legitimates Scanned in 00mn 01s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{10CD693B-E6B9-4432-A5A1-D83B48189770}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{F960B88E-3FBC-4039-B7EC-A1ED7A59AAB2}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "TCP Query User{FF114904-12AA-4B28-8A17-E17245E6C8A1}C:\windows\kmsemulator.exe" | In - Public - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe
O87 - FAEL: "UDP Query User{BD56F3FE-59FC-46FD-B837-992806E07759}C:\windows\kmsemulator.exe" | In - Public - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe
~ Firewall: 223 Legitimates Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : v2.11492 - (07/04/2013)
Clés trouvées (Keys found) : 85
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel: Scanned in 01mn 17s



---\\ Product Upgrade Codes (O90)
~ Update Products: 94 Legitimates Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 07/11/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 07/03/2013 136912 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SS - | Auto 05/12/2012 393080 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
SR - | Auto 05/12/2012 384888 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
SS - | Demand 31/07/2012 466064 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
SR - | Auto 21/08/2012 348784 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Demand 31/07/2012 659600 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
SR - | Auto 29/03/2013 109352 | (HitmanProScheduler) . (.SurfRight B.V..) - C:\Program Files\HitmanPro\hmpsched.exe
SR - | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 14/12/2012 398184 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 14/12/2012 682344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 11/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 26/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 04/09/2012 93296 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SS - | Auto 20/09/2012 29696 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by nadege at 08/04/2013 17:22:23

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 2449 Legitimates filtered by white list
End of the scan (607 lines in 10mn 16s)(0)
0
Réponse 19 / 31
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
8 avril 2013 à 18:02
J'avais bien dit, je l'ai même mis en gras d'utiliser pjjoint pour héberger le rapport et me donner le lien pour y accéder

Smart
0
Réponse 20 / 31
nadege1976
9 avril 2013 à 07:34
Bonjour,

Mille excuse

Le lien du rapport

http://pjjoint.malekal.com/files.php?id=ZHPDiag_20130409_i9j15u10l910
0

Discussions similaires

Erreur 403: You don't have permission to access on this server ?
yamelle -
WolfTenBA -

19 réponses
Iptv smarters pro
Jeje1385 -
MICH-Bunny -

2 réponses
Câbles PCIe non détectés
adn.bsr -
epango -

17 réponses
download failed bc. you may not have purchased this app.
jonas-kobb -
Begue2000 -

7 réponses
https:www.google.fr
retardeur -
retardeur -

2 réponses