Pub et messages
Fermé
pascal135
Messages postés
26
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
26 avril 2014
-
7 nov. 2013 à 14:00
Utilisateur anonyme - 7 nov. 2013 à 20:42
Utilisateur anonyme - 7 nov. 2013 à 20:42
A voir également:
- Pub et messages
- Youtube sans pub - Accueil - Streaming
- Netflix avec pub avis - Accueil - Streaming
- Comment récupérer les messages supprimés sur whatsapp - Guide
- Comment savoir si quelqu'un lit mes messages sur whatsapp - Accueil - Messagerie instantanée
- Stop pub gratuit - Télécharger - Divers Utilitaires
3 réponses
Utilisateur anonyme
7 nov. 2013 à 14:06
7 nov. 2013 à 14:06
bonjour,
* Télécharge et enregistre ZHPDiag sur ton bureau :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
/!\Utilisateur de Vista, Seven et W8 :
* Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »
=> L'icône est sous forme de parchemin.
* Clique sur configurer, puis sur la loupe + .
* Laisse travailler l'outil, même s'il semble bloqué !
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur Cjoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
tuto zhpdiag :
http://nicolascoolman.webs.com/tutorials.htm
* Télécharge et enregistre ZHPDiag sur ton bureau :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
/!\Utilisateur de Vista, Seven et W8 :
* Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »
=> L'icône est sous forme de parchemin.
* Clique sur configurer, puis sur la loupe + .
* Laisse travailler l'outil, même s'il semble bloqué !
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur Cjoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
tuto zhpdiag :
http://nicolascoolman.webs.com/tutorials.htm
pascal135
Messages postés
26
Date d'inscription
lundi 10 mars 2008
Statut
Membre
Dernière intervention
26 avril 2014
8
7 nov. 2013 à 20:39
7 nov. 2013 à 20:39
~ Rapport de ZHPDiag v2013.11.7.13 - Nicolas Coolman (07/11/2013)
~ Lancé par maissane (07/11/2013 18:09:06)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721 (Defaut)
GCIE: Google Chrome v23.0.1271.97
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : B7D9D
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Norton AntiVirus v21.1.0.18
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v3.16 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (15% free)
System Restore: Activé (Enable)
System drive C: has 77 GB (70%) free of 109 GB
---\\ Mode de connexion au système
~ Computer Name: MAISSANE
~ User Name: maissane
~ All Users Names: maissane, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\maissane\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\maissane\AppData\Roaming\
~ %Desktop% : C:\Users\maissane\Desktop\
~ %Favorites% : C:\Users\maissane\Favorites\
~ %LocalAppData% : C:\Users\maissane\AppData\Local\
~ %StartMenu% : C:\Users\maissane\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 77 Go of 109 Go)
D: Hard drive, Flash drive, Thumb drive (Free 73 Go of 109 Go)
E: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4FEB264B47360B7296AEA4E052F88D8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/09/2013 - 00:28:06.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 04s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/488
~ Mes musiques (My Musics) : 1/3
~ Mes Favoris (My Favorites) : 1/71
~ Mes Documents (My Documents) : 1/110
~ Mon Bureau (My Desktop) : 2/867
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 08s
---\\ Processus lancés
[MD5.3E3A97C7C7E79DF8F08F22F0666D9E03] - (.Symantec Corporation - Norton Identity Safe.) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424] [PID.316]
[MD5.8A0B0E4102C2CCA25DA3134FE12FCC3E] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [91136] [PID.2312]
[MD5.E66E725E10B9CB8A6F5C74D7CA9E98A9] - (...) -- C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2864096] [PID.1852] =>PUP.BitGuard
[MD5.981E3DCB80E50011EB2D528BEC9AD782] - (.SEC - Samsung Recovery Solution 4.) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2247168] [PID.2372]
[MD5.2798942CAA300C48F3265F1B30DC9F73] - (...) -- C:\Users\maissane\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.exe [2082664] [PID.3612] =>PUP.Eorezo
[MD5.472DC56D3F40B50B7B977822A206E7B9] - (.Nero AG - Nero SecurDisc Host.) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe [1600816] [PID.4000]
[MD5.F72C5D0F567BE8D63DE4BCE0C8E2C0CB] - (.Nero AG - InCD.) -- C:\Program Files\Nero\Tools\InCD\InCD.exe [1060136] [PID.3712]
[MD5.70189D91A5347F5E34039D06C7E58419] - (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856] [PID.1152] =>Toolbar.Conduit
[MD5.0BA966FD5349BDF9895F40C045A7C7EC] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2524]
[MD5.13B671D7253F29DA148569288CECF74B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.684]
[MD5.052F402E557C9EC01B188AD56E336029] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.3028]
[MD5.11DFC7FF30B9B44F1477989C8FFF478F] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032] [PID.4036] =>PUP.SweetIM
[MD5.2B3DB9C9D7E206CFCF3E327709BEF3AD] - (.Intel Corporation - igfxsrvc Module.) -- C:\windows\system32\igfxsrvc.exe [252952] [PID.2784]
[MD5.6017CA94BE482BCB527D92C6D481B2CC] - (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe [287216] [PID.1176] =>PUP.FrameFox
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\maissane\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.2332]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Users\maissane\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [PID.2188]
[MD5.A4159CBC4FC1EC188948DC5E65DF5150] - (.TomTom - MyTomTom.) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608] [PID.1644]
[MD5.AC0D70BB32F4FBE173A9B9899BCFFB3E] - (.Alliance MCA - FaxTray Application for Internet Fax.) -- C:\Program Files\Axmapresse\Fax-Internet\faxtray.exe [816352] [PID.3056]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.576]
[MD5.2D08AC1443FFA7FBED9A5EA5FD49AEB3] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1242728] [PID.5164]
[MD5.E85D5AABE354C66EED43FC4495AB543A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8186368] [PID.3016]
[MD5.7720251986778B402978761589434491] - (.Symantec Corporation - Symantec Error Reporting.) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\symerr.exe [54096] [PID.0]
[MD5.4F1FFD438750EBEF6B93F326E29759B6] - (.Nero AG - incdsrv.) -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe [1420592] [PID.1188]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1824]
[MD5.34AE0DFA3EE3B5B9975042D87332D0B7] - (...) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520] [PID.1908] =>Adware.Bandoo
[MD5.7D2633295EB6FF2B938185874884059D] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.12]
[MD5.917A6788B6054CBA5BCD5C8C8BADEF74] - (.Nero AG - Nero Registry InCD Service.) -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe [53560] [PID.620]
[MD5.B5D5DA8230D3D3525839D939A9196C3E] - (.Pas de propriétaire - OberonGameConsoleService.) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312] [PID.1296]
[MD5.F85AE59A52885F4B09AADAFB23001A3B] - (...) -- C:\windows\SYSTEM32\Rezip.exe [311296] [PID.2032]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2164]
[MD5.3199A477F0F06EEDE41BD55179F8EB05] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92592] [PID.2248]
[MD5.A6CAC3BF5BAE0B02A5D2100A5397DFFD] - (.WebConnect - WebConnect.) -- C:\Program Files\WebConnect\updateWebConnect.exe [65320] [PID.2292] =>PUP.WebConnect
[MD5.A6CAC3BF5BAE0B02A5D2100A5397DFFD] - (.WebConnect - WebConnect.) -- C:\Program Files\WebConnect\bin\utilWebConnect.exe [65320] [PID.2444] =>PUP.WebConnect
[MD5.DD0042F0C3B606A6A8B92D49AFB18AD6] - (.Yahoo! Inc. - AutoUpater Service Module.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392] [PID.2640]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2744]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3452]
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664] [PID.2188]
[MD5.081DBA7C93F21B61DF1C5CE9E8AD0522] - (.DoctorSoft - APLanMgrC.) -- C:\Program Files\AnyPC Client\APLanMgrC.exe [79360] [PID.2928]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\windows\system32\sppsvc.exe [3179520] [PID.5704]
~ Processes Running: Scanned in 01mn 23s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\maissane\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\prefs.js
C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\user.js
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\BitGuard.xml =>PUP.BitGuard
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\dalesearch.xml =>Hijacker.Dalesearch
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\fileconverter-15-b2-customized-web-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\recherche-alot.xml =>Adware.Comet
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\safesearch.xml
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\Web Search.xml =>Parasite.Pugi
M0 - MFSP: prefs.js [maissane - z6pc1gi0.default] https://fr.ask.com/
M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\appbar@alot.com] [] ALOT Appbar v1.1.6000 (..)
M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\pricepeep@getpricepeep.com] [] PricePeep v2.2.0.3 (..) =>Adware.PricePeep
M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\{51fc8eac-778f-4dc4-9d69-c6993c8062dd}] [] QuickShare Widget v2.2.0.3 (..) =>PUP.QuickShare
M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\{b376e27c-a5dd-4635-891d-7aec90390d08}] [] FileConverter 1.5 B2 v10.20.0.513 (..)
P2 - FPN: [HKLM] [@camfrogweb.com/Camfrog Web Plugin,version=2,0] - (.Camshare Inc. - Camfrog Web FF Plugin ver:2,0,12,93.) -- C:\Program Files\CFWebAdvancedU2\npcamfrogweb.dll
P2 - FPN: [HKLM] [@www.dlmanager.net/omaha/tools//Software Update;version=8] - (...) -- C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll (.not file.) =>Adware.Boxore
P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=3] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll
P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=9] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll
~ Firefox Browser: 43 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.do
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.msn.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://search.safefinder.com/?q= =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://search.safefinder.com/?q= =>Hijacker.SmartBar
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.offerbox.com;<local> =>PUP.OfferBox
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:56847 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
O1 - Hosts: 0.0.0.0 boxore.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 boxore.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 boxore.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 dlmanager.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.dlmanager.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 dlmanager.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.dlmanager.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 dlmanager.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.dlmanager.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 www.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 dist.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 file.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 log.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 ads.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 prof.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 soft.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 upd.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 dfr.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 lollipop-network.com =>Adware.Lollipop
O1 - Hosts: 0.0.0.0 www.lollipop-network.com =>Adware.Lollipop
O1 - Hosts: 0.0.0.0 download.lollipop-network.com =>Adware.Lollipop
O1 - Hosts: 0.0.0.0 offers.lollipop-network.com =>Adware.Lollipop
~ Hosts File: Scanned in 00mn 46s
~ Nombre de lignes (Lines number): 50
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0033426 - {11111111-1111-1111-1111-110311341126} . (.Plus HD - Plus-HD-2.3 BHO.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll =>Adware.PlusHD
O2 - BHO: WiseConvert 1.5 - {19803860-b306-423c-bbb5-f60a7d82cde5} Clé orpheline =>Toolbar.Conduit
O2 - BHO: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} . (.Web Connect - WebConnect.) -- C:\Program Files\WebConnect\WebConnectbho.dll =>PUP.WebConnect
O2 - BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} . (...) -- mscoree.dll (.not file.) =>PUP.QuickShare
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} . (.Search Results LLC. - Search Results.) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll =>Adware.Bandoo
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM
O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Clé orpheline =>Adware.PricePeep
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
~ BHO: 34 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (...) -- (.not file.) =>Toolbar.Ask
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - [HKLM]{EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar: QuickShare Widget - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>PUP.QuickShare
O3 - Toolbar: Norton Identity Safe Toolbar - [HKLM]{A13C2648-91D4-4bf3-BC6D-0079707C4389} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{19803860-B306-423C-BBB5-F60A7D82CDE5} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{A13C2648-91D4-4BF3-BC6D-0079707C4389} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Norton AntiVirus.lnk . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\uistub.exe
O4 - GS\QuickLaunch [maissane]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [maissane]: Pages Annuaire.lnk - Clé orpheline
O4 - GS\TaskBar [maissane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [maissane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [maissane]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [maissane]: Accueil Fax-Internet.lnk . (...) -- C:\Program Files\Axmapresse\Fax-Internet\statfax.exe
O4 - GS\Desktop [maissane]: Driver Genius.lnk . (.Driver-Soft Inc. - Driver Genius.) -- C:\Program Files\Driver-Soft\DriverGenius\DriverGenius.exe
O4 - GS\Desktop [maissane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [maissane]: Microsoft Word 2010.lnk . (.Microsoft Corporation - Microsoft Office Client Virtualization Hand.) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.exe
O4 - GS\Desktop [maissane]: Radio Fr Solo.lnk . (...) -- C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe
O4 - GS\Desktop [maissane]: Search.lnk . (...) -- C:\ProgramData\DSearchLink\DSearchLink.exe =>Toolbar.DeltaSearch
~ Global Startup: 69 Legitimates Filtered in 00mn 27s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Lancement Application Fax.lnk . (.Alliance MCA - FaxTray Application for Internet Fax.) -- C:\Program Files\Axmapresse\Fax-Internet\faxtray.exe
O4 - GS\Startup [maissane]: OneNote 2010 - Capture d'écran et lancement.lnk . (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [NBHGui] . (.Nero AG - Nero SecurDisc Host.) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] . (.Nero AG - InCD.) -- C:\Program Files\Nero\Tools\InCD\InCD.exe
O4 - HKLM\..\Run: [YSearchProtection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe =>PUP.SweetIM
O4 - HKLM\..\Run: [Bouygues Connection Manager] . (.Bouygues - Internet Mobile 3G+ Bouygues Telecom.) -- C:\Program Files\Bouygues Telecom\Internet 3G+\Bouygues.exe
O4 - HKLM\..\Run: [FrameFox Extensions] . (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe =>PUP.FrameFox
O4 - HKLM\..\RunOnce: [upt4pc_fr_38.exe] . (...) -- C:\Users\maissane\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.exe =>PUP.Eorezo
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [DatingNotifier] Clé orpheline
O4 - HKCU\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\maissane\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\maissane\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [MyTomTomSA.exe] . (.TomTom - MyTomTom.) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [DatingNotifier] Clé orpheline
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\maissane\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\maissane\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [MyTomTomSA.exe] . (.TomTom - MyTomTom.) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} ((no name)) - http://www.liberticam.com/download/CFWebU.exe
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} ((no name)) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{29B826EC-D13C-43C9-8C6A-673AAEA74246}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{29B826EC-D13C-43C9-8C6A-673AAEA74246}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{29B826EC-D13C-43C9-8C6A-673AAEA74246}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll =>PUP.BitGuard
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BitGuard (BitGuard) . (...) - C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard
O23 - Service: DefaultTabUpdate (DefaultTabUpdate) . (...) - C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe =>Adware.Bandoo
O23 - Service: Duuqu Update Service (dqupdate) (dqupdate) . (.Duuqu Group - Duuqu Installer.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe
O23 - Service: Update WebConnect (Update WebConnect) . (.WebConnect - WebConnect.) - C:\Program Files\WebConnect\updateWebConnect.exe =>PUP.WebConnect
O23 - Service: Util WebConnect (Util WebConnect) . (.WebConnect - WebConnect.) - C:\Program Files\WebConnect\bin\utilWebConnect.exe =>PUP.WebConnect
~ Services: 16 Legitimates Filtered in 23mn 15s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AmiUpdXp.job [368] =>PUP.Software.Updater
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job [876]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job [880]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job [1884] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job [1188] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-enabler.job [1088] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-updater.job [1284] =>Adware.PlusHD
[MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineCore] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360]
[MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineUA] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360]
[MD5.D7A7FF0EC451F7980CC3AE394AC48EB7] [APT] [Plus-HD-2.3-chromeinstaller] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [466280] =>Adware.PlusHD
[MD5.C7E5BE547E41553461B925B7FB26F561] [APT] [Plus-HD-2.3-codedownloader] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [491880] =>Adware.PlusHD
[MD5.F393EEE835F3F7111A3B6E91571ACD26] [APT] [Plus-HD-2.3-enabler] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [348008] =>Adware.PlusHD
[MD5.C32038A5543158EBDC99E73E6A070A43] [APT] [Plus-HD-2.3-updater] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe [367976] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [{911E56E8-2D4F-4F4B-A7F9-A9F661173E71}] (...) -- E:\INSTMSI.exe (.not file.) [0]
~ Scheduled Task: 44 Legitimates Filtered in 01mn 35s
---\\ Logiciels installés (O42)
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: BitGuard - (.MediaTechSoft Inc..) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>PUP.BitGuard
O42 - Logiciel: DefaultTab - (.Search Results, LLC.) [HKLM] -- DefaultTab =>Adware.Bandoo
O42 - Logiciel: Plus-HD-2.3 - (.Plus HD.) [HKLM] -- Plus-HD-2.3 =>Adware.PlusHD
O42 - Logiciel: QuickShare - (.Linkury Inc..) [HKLM] -- {AF860F85-54A3-4A28-879B-BF9E6E325776} =>PUP.QuickShare
O42 - Logiciel: SafeFax 3.0.999 - (.Alliance MCA.) [HKLM] -- SafeFax_is1
O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM] -- {7683B745-6060-41FD-AA75-0BBB383FEAD4} =>PUP.SweetIM
O42 - Logiciel: Update Manager for SweetPacks 1.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {EA8FA6BE-29BE-4AF2-9352-841F83215EB0} =>PUP.SweetIM
O42 - Logiciel: WebConnect 3.0.0 - (.Web Connect.) [HKLM] -- WebConnect =>PUP.WebConnect
O42 - Logiciel: tuto4pc_fr_38 - (.TUTO4PC.) [HKLM] -- tuto4pc_fr_38_is1 =>PUP.Eorezo
~ Logic: 118 Legitimates Filtered in 00mn 04s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5e55dcd9b76eb940]
[HKCU\Software\APN PIP]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Duuqu]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Rencontres Hard]
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\TutoTag] =>Spyware.AgenceExclusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Wajam] =>Toolbar.Wajam
[HKCU\Software\WebConnect] =>PUP.WebConnect
[HKCU\Software\delta LTD]
[HKLM\Software\5e55dcd9b76eb940]
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Default Tab] =>Adware.Bandoo
[HKLM\Software\DomaIQ] =>Adware.DomaIQ
[HKLM\Software\Duuqu]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\PCPowerSpeed] =>PUP.PCPowerSpeed
[HKLM\Software\PIP]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Vittalia] =>PUP.Vittalia
[HKLM\Software\Wajam] =>Toolbar.Wajam
[HKLM\Software\babylontoolbar] =>Toolbar.Babylon
[HKLM\Software\iLividSRTB] =>Adware.Bandoo
[HKLM\Software\lollipop] =>Adware.Lollipop
~ Key Software: 233 Legitimates Filtered in 00mn 04s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/10/2013 - 08:49:33 - [0,851] ----D C:\Program Files\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 14/10/2013 - 12:21:31 - [3,377] ----D C:\Program Files\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 16/05/2013 - 14:19:48 - [2,156] ----D C:\Program Files\Duuqu
O43 - CFD: 02/08/2013 - 14:36:07 - [0,390] ----D C:\Program Files\FrameFox =>PUP.FrameFox
O43 - CFD: 15/12/2012 - 13:11:54 - [0,298] ----D C:\Program Files\lang
O43 - CFD: 14/10/2013 - 15:19:29 - [0,015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 14/10/2013 - 12:23:40 - [5,513] ----D C:\Program Files\Plus-HD-2.3 =>Adware.PlusHD
O43 - CFD: 05/10/2013 - 18:55:04 - [8,545] ----D C:\Program Files\SweetIM =>PUP.SweetIM
O43 - CFD: 26/07/2013 - 08:40:10 - [2,430] ----D C:\Program Files\tuto4pc_fr_38 =>PUP.Eorezo
O43 - CFD: 30/10/2013 - 13:51:16 - [2,369] ----D C:\Program Files\WebConnect =>PUP.WebConnect
O43 - CFD: 05/11/2013 - 17:00:56 - [8,154] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 14/10/2013 - 12:21:27 - [0,403] ----D C:\ProgramData\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 22/12/2012 - 12:28:59 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 19/09/2013 - 16:20:52 - [0,147] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
O43 - CFD: 18/10/2013 - 09:02:43 - [0,002] ----D C:\ProgramData\NCOTEMP
O43 - CFD: 05/09/2011 - 19:16:13 - [0,001] ----D C:\ProgramData\Partner
O43 - CFD: 22/12/2012 - 12:13:43 - [2,513] ----D C:\Users\maissane\AppData\Roaming\DefaultTab =>Adware.Bandoo
O43 - CFD: 27/09/2013 - 14:31:01 - [0,876] ----D C:\Users\maissane\AppData\Local\BeamriseUninstall =>Hijacker.Beamrise
O43 - CFD: 14/10/2013 - 12:21:27 - [0] ----D C:\Users\maissane\AppData\Local\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 16/05/2013 - 14:19:43 - [0] ----D C:\Users\maissane\AppData\Local\Duuqu
O43 - CFD: 17/10/2012 - 15:16:10 - [0] ----D C:\Users\maissane\AppData\Local\messengerdusexe
O43 - CFD: 28/04/2013 - 16:45:58 - [0] ----D C:\Users\maissane\AppData\Local\pur-flirt
O43 - CFD: 28/09/2013 - 09:57:28 - [0] ----D C:\Users\maissane\AppData\Local\Supreme Savings =>PUP.RewardsArcade
O43 - CFD: 22/12/2012 - 12:13:31 - [0,285] ----D C:\Users\maissane\AppData\Local\SwvUpdater =>PUP.Software.Updater
O43 - CFD: 07/11/2013 - 19:31:34 - [1,988] ----D C:\Users\maissane\AppData\Local\tuto4pc_fr_38 =>PUP.Eorezo
O43 - CFD: 27/10/2013 - 19:29:04 - [0,751] ----D C:\Users\maissane\AppData\Local\YappyzUninstall =>PUP.Yappyz
O43 - CFD: 30/10/2013 - 14:29:43 - [0,001] ----D C:\Users\maissane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
~ 441 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 673 Legitimates Filtered in 01mn 27s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.462F7DBFBBB599527C986A3F876179FA] - 06/11/2013 - 13:09:57 ---A- . (...) -- C:\Windows\ntbtlog.txt [3250]
O44 - LFC:[MD5.FE4D955BE910575D5654E80A7EB76FE1] - 07/11/2013 - 17:26:54 ---A- . (...) -- C:\SrvError.Log [262123]
O44 - LFC:[MD5.95190605FC653695C32008A89F6F9847] - 07/11/2013 - 18:15:38 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [24464]
O44 - LFC:[MD5.95190605FC653695C32008A89F6F9847] - 07/11/2013 - 18:15:38 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [24464]
O44 - LFC:[MD5.3D5A6F114214DE1771C1C29590850F77] - 27/10/2013 - 19:46:56 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [300]
O44 - LFC:[MD5.E3F4F3BA037CB5511D4C3F921EDBB68C] - 30/10/2013 - 13:25:09 ---A- . (...) -- C:\Windows\wininit.ini [65]
~ Files: 15 Legitimates Filtered in 01mn 11s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.502DC5C3CB27A4D46A53B4EFFA1E6401] - 06/11/2013 - 13:17:29 ---A- - C:\Windows\Prefetch\FRAMEFOX.EXE-AE0924FD.pf =>PUP.FrameFox
O45 - LFCP:[MD5.46720CC3674A5A69D386876DF5A630F7] - 07/11/2013 - 14:51:18 ---A- - C:\Windows\Prefetch\OBERONGAMECONSOLESERVICE.EXE-443D4C7B.pf
O45 - LFCP:[MD5.0DA599D171E5EC9DAEFF46359FD99DBB] - 07/11/2013 - 17:26:12 ---A- - C:\Windows\Prefetch\DUUQUCRASHHANDLER.EXE-EB7754F5.pf
O45 - LFCP:[MD5.E8B43B3647DE0F56AB0C7DA8C77CFD89] - 07/11/2013 - 17:26:21 ---A- - C:\Windows\Prefetch\NST.EXE-D9753F47.pf
O45 - LFCP:[MD5.F549F6CF9ECC8497FFED9958C01336C4] - 07/11/2013 - 17:26:25 ---A- - C:\Windows\Prefetch\BITGUARD.EXE-D66C64B1.pf =>PUP.BitGuard
O45 - LFCP:[MD5.140489FDBDB9BB1FCAC5E040CBDC58C7] - 07/11/2013 - 17:26:42 ---A- - C:\Windows\Prefetch\INCD.EXE-E5B36EE8.pf
O45 - LFCP:[MD5.8591161AC27BEFB92BBDDBF450998AC7] - 07/11/2013 - 17:26:42 ---A- - C:\Windows\Prefetch\NBHGUI.EXE-AC9A4EAB.pf
O45 - LFCP:[MD5.9D5356CF1C67CEDC47D5E88AFED7917D] - 07/11/2013 - 17:26:43 ---A- - C:\Windows\Prefetch\SEARCHPROTECTION.EXE-5F59DE6E.pf =>Toolbar.Conduit
O45 - LFCP:[MD5.89F12DAA58ECB4089B9C2BD8BA44009E] - 07/11/2013 - 17:26:55 ---A- - C:\Windows\Prefetch\FAXTRAY.EXE-46607940.pf
O45 - LFCP:[MD5.8F8EDA3C688FC29E2C59A6C3685B88AC] - 07/11/2013 - 19:31:29 ---A- - C:\Windows\Prefetch\UPT4PC_FR_38.EXE-308AD67E.pf
~ Prefetcher: 118 Legitimates Filtered in 00mn 04s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0f8be8b8-6550-11e2-9978-0024545925f7}\AutoRun\command. (...) -- E:\AutoLaunch.exe (.not file.)
O51 - MPSK:{0f8be8f5-6550-11e2-9978-0024545925f7}\AutoRun\command. (...) -- E:\AutoLaunch.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (...) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg [14733] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [462968] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe [50296] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe [53880] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll [436856] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll [520824] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:57 ---A- . (.Search Results, LLC.) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\update.exe [813664] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:44:43 ---A- . (.MindAd.) -- C:\Users\maissane\Downloads\setup (17).exe [614520]
O61 - LFC: 05/11/2013 - 19:44:55 RSHA- . (...) -- C:\Users\maissane\ntuser.pol [290]
O61 - LFC: 06/11/2013 - 19:44:34 ---A- . (...) -- C:\Users\maissane\Downloads\FlvPlayerSetup (7).exe [796848]
O61 - LFC: 07/11/2013 - 19:42:47 ---A- . (...) -- C:\Users\maissane\AppData\Local\avgchrome\avgp [110729]
O61 - LFC: 07/11/2013 - 19:43:01 ---A- . (...) -- C:\Users\maissane\AppData\Local\Google\Chrome\User Data\Local State [50880]
O61 - LFC: 07/11/2013 - 19:43:34 ---A- . (...) -- C:\Users\maissane\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.cyp [544] =>PUP.Eorezo
O61 - LFC: 07/11/2013 - 19:44:18 ---A- . (...) -- C:\Users\maissane\AppData\Roaming\ZHP\Log.txt [25693] =>.Nicolas Coolman
O61 - LFC: 07/11/2013 - 19:44:18 ---A- . (...) -- C:\Users\maissane\AppData\Roaming\ZHP\TestsZHPDiag.txt [2896] =>.Nicolas Coolman
~ 16 Fichiers temporaires (Temporary files)
~ Files: 191 Legitimates Filtered in 02mn 11s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Beamrise.FXR3NKGWYDKTHPYULIFC7D4RVI> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\maissane\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Yappyz.FXR3NKGWYDKTHPYULIFC7D4RVI> <Yappyz>[HKLM\..\Shell\open\Command] (...) -- C:\Users\maissane\AppData\Local\Yappyz\Application\yappyz.exe (.not file.) =>PUP.Yappyz
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [maissane - z6pc1gi0.default] user_pref("extensions.asktb.ff-original-keyword-url", "");
O69 - SBI: SearchScopes [HKCU] 2F08D3A986A84CCE9E880F91EF7A63B9 - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - https://search.safefinder.com/?q= =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Doko Search) - http://www.do =>Hijacker.Doko
O69 - SBI: SearchScopes [HKCU] {3BA0170A-3F54-4764-84D0-604C7CAAECCE} - (Search Here) - http://www.mysearchresults.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} - (Norton Safe Search) - http://nortonsafe.search.ask.com
O69 - SBI: SearchScopes [HKCU] {BD85CCEB-F468-4A5E-A42F-60E16F1AF6E0} - (Yahoo!Search) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][17/08/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.FFB1E0D8C849B301B163B12563086BA1] [SPRF][11/02/2012] (...) -- C:\Users\maissane\AppData\Roaming\wklnhst.dat [530]
[MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][04/10/2013] (...) -- C:\Users\maissane\Desktop\AdwCleaner_1.606_En.exe [581957]
[MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][27/10/2013] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\maissane\Desktop\FLVMPlayer.exe [4953944]
~ Files: 5 Legitimates Filtered in 00mn 01s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "9EE58E3C298524145B73CBBED3CAC4D3" . (.Internet Explorer Toolbar 4.6 by SweetPacks.) -- C:\windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}\ARPPRODUCTICON.exe =>PUP.SweetIM
~ Update Products: 110 Legitimates Filtered in 00mn 00s
---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5e55dcd9b76eb940\2.6.1694.246\upd]:="upd="
[HKCU\Software\5e55dcd9b76eb940\2.7.1769.27\upd]:="upd="
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Eazel
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:version="2.6.1694.246" =>Hijacker.Eazel
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132"
[HKCU\Software\5e55dcd9b76eb940] =>Toolbar.Babylon^
[HKCU\Software\5e55dcd9b76eb940]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKCU\Software\5e55dcd
~ Lancé par maissane (07/11/2013 18:09:06)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721 (Defaut)
GCIE: Google Chrome v23.0.1271.97
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : B7D9D
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Norton AntiVirus v21.1.0.18
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v3.16 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (15% free)
System Restore: Activé (Enable)
System drive C: has 77 GB (70%) free of 109 GB
---\\ Mode de connexion au système
~ Computer Name: MAISSANE
~ User Name: maissane
~ All Users Names: maissane, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\maissane\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\maissane\AppData\Roaming\
~ %Desktop% : C:\Users\maissane\Desktop\
~ %Favorites% : C:\Users\maissane\Favorites\
~ %LocalAppData% : C:\Users\maissane\AppData\Local\
~ %StartMenu% : C:\Users\maissane\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 77 Go of 109 Go)
D: Hard drive, Flash drive, Thumb drive (Free 73 Go of 109 Go)
E: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4FEB264B47360B7296AEA4E052F88D8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/09/2013 - 00:28:06.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 04s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/488
~ Mes musiques (My Musics) : 1/3
~ Mes Favoris (My Favorites) : 1/71
~ Mes Documents (My Documents) : 1/110
~ Mon Bureau (My Desktop) : 2/867
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 08s
---\\ Processus lancés
[MD5.3E3A97C7C7E79DF8F08F22F0666D9E03] - (.Symantec Corporation - Norton Identity Safe.) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424] [PID.316]
[MD5.8A0B0E4102C2CCA25DA3134FE12FCC3E] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [91136] [PID.2312]
[MD5.E66E725E10B9CB8A6F5C74D7CA9E98A9] - (...) -- C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2864096] [PID.1852] =>PUP.BitGuard
[MD5.981E3DCB80E50011EB2D528BEC9AD782] - (.SEC - Samsung Recovery Solution 4.) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2247168] [PID.2372]
[MD5.2798942CAA300C48F3265F1B30DC9F73] - (...) -- C:\Users\maissane\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.exe [2082664] [PID.3612] =>PUP.Eorezo
[MD5.472DC56D3F40B50B7B977822A206E7B9] - (.Nero AG - Nero SecurDisc Host.) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe [1600816] [PID.4000]
[MD5.F72C5D0F567BE8D63DE4BCE0C8E2C0CB] - (.Nero AG - InCD.) -- C:\Program Files\Nero\Tools\InCD\InCD.exe [1060136] [PID.3712]
[MD5.70189D91A5347F5E34039D06C7E58419] - (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856] [PID.1152] =>Toolbar.Conduit
[MD5.0BA966FD5349BDF9895F40C045A7C7EC] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2524]
[MD5.13B671D7253F29DA148569288CECF74B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.684]
[MD5.052F402E557C9EC01B188AD56E336029] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.3028]
[MD5.11DFC7FF30B9B44F1477989C8FFF478F] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032] [PID.4036] =>PUP.SweetIM
[MD5.2B3DB9C9D7E206CFCF3E327709BEF3AD] - (.Intel Corporation - igfxsrvc Module.) -- C:\windows\system32\igfxsrvc.exe [252952] [PID.2784]
[MD5.6017CA94BE482BCB527D92C6D481B2CC] - (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe [287216] [PID.1176] =>PUP.FrameFox
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\maissane\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.2332]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Users\maissane\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [PID.2188]
[MD5.A4159CBC4FC1EC188948DC5E65DF5150] - (.TomTom - MyTomTom.) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608] [PID.1644]
[MD5.AC0D70BB32F4FBE173A9B9899BCFFB3E] - (.Alliance MCA - FaxTray Application for Internet Fax.) -- C:\Program Files\Axmapresse\Fax-Internet\faxtray.exe [816352] [PID.3056]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.576]
[MD5.2D08AC1443FFA7FBED9A5EA5FD49AEB3] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1242728] [PID.5164]
[MD5.E85D5AABE354C66EED43FC4495AB543A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8186368] [PID.3016]
[MD5.7720251986778B402978761589434491] - (.Symantec Corporation - Symantec Error Reporting.) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\symerr.exe [54096] [PID.0]
[MD5.4F1FFD438750EBEF6B93F326E29759B6] - (.Nero AG - incdsrv.) -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe [1420592] [PID.1188]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1824]
[MD5.34AE0DFA3EE3B5B9975042D87332D0B7] - (...) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520] [PID.1908] =>Adware.Bandoo
[MD5.7D2633295EB6FF2B938185874884059D] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.12]
[MD5.917A6788B6054CBA5BCD5C8C8BADEF74] - (.Nero AG - Nero Registry InCD Service.) -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe [53560] [PID.620]
[MD5.B5D5DA8230D3D3525839D939A9196C3E] - (.Pas de propriétaire - OberonGameConsoleService.) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312] [PID.1296]
[MD5.F85AE59A52885F4B09AADAFB23001A3B] - (...) -- C:\windows\SYSTEM32\Rezip.exe [311296] [PID.2032]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2164]
[MD5.3199A477F0F06EEDE41BD55179F8EB05] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92592] [PID.2248]
[MD5.A6CAC3BF5BAE0B02A5D2100A5397DFFD] - (.WebConnect - WebConnect.) -- C:\Program Files\WebConnect\updateWebConnect.exe [65320] [PID.2292] =>PUP.WebConnect
[MD5.A6CAC3BF5BAE0B02A5D2100A5397DFFD] - (.WebConnect - WebConnect.) -- C:\Program Files\WebConnect\bin\utilWebConnect.exe [65320] [PID.2444] =>PUP.WebConnect
[MD5.DD0042F0C3B606A6A8B92D49AFB18AD6] - (.Yahoo! Inc. - AutoUpater Service Module.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392] [PID.2640]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2744]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3452]
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664] [PID.2188]
[MD5.081DBA7C93F21B61DF1C5CE9E8AD0522] - (.DoctorSoft - APLanMgrC.) -- C:\Program Files\AnyPC Client\APLanMgrC.exe [79360] [PID.2928]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\windows\system32\sppsvc.exe [3179520] [PID.5704]
~ Processes Running: Scanned in 01mn 23s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\maissane\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\prefs.js
C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\user.js
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\BitGuard.xml =>PUP.BitGuard
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\dalesearch.xml =>Hijacker.Dalesearch
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\fileconverter-15-b2-customized-web-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\recherche-alot.xml =>Adware.Comet
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\safesearch.xml
M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\Web Search.xml =>Parasite.Pugi
M0 - MFSP: prefs.js [maissane - z6pc1gi0.default] https://fr.ask.com/
M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\appbar@alot.com] [] ALOT Appbar v1.1.6000 (..)
M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\pricepeep@getpricepeep.com] [] PricePeep v2.2.0.3 (..) =>Adware.PricePeep
M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\{51fc8eac-778f-4dc4-9d69-c6993c8062dd}] [] QuickShare Widget v2.2.0.3 (..) =>PUP.QuickShare
M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\{b376e27c-a5dd-4635-891d-7aec90390d08}] [] FileConverter 1.5 B2 v10.20.0.513 (..)
P2 - FPN: [HKLM] [@camfrogweb.com/Camfrog Web Plugin,version=2,0] - (.Camshare Inc. - Camfrog Web FF Plugin ver:2,0,12,93.) -- C:\Program Files\CFWebAdvancedU2\npcamfrogweb.dll
P2 - FPN: [HKLM] [@www.dlmanager.net/omaha/tools//Software Update;version=8] - (...) -- C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll (.not file.) =>Adware.Boxore
P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=3] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll
P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=9] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll
~ Firefox Browser: 43 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.do
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.msn.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://search.safefinder.com/?q= =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://search.safefinder.com/?q= =>Hijacker.SmartBar
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.offerbox.com;<local> =>PUP.OfferBox
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:56847 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
O1 - Hosts: 0.0.0.0 boxore.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 boxore.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 boxore.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 dlmanager.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.dlmanager.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 dlmanager.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.dlmanager.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 dlmanager.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.dlmanager.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 www.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 dist.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 file.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 log.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 ads.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 prof.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 soft.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 upd.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 dfr.eorezo.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 lollipop-network.com =>Adware.Lollipop
O1 - Hosts: 0.0.0.0 www.lollipop-network.com =>Adware.Lollipop
O1 - Hosts: 0.0.0.0 download.lollipop-network.com =>Adware.Lollipop
O1 - Hosts: 0.0.0.0 offers.lollipop-network.com =>Adware.Lollipop
~ Hosts File: Scanned in 00mn 46s
~ Nombre de lignes (Lines number): 50
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0033426 - {11111111-1111-1111-1111-110311341126} . (.Plus HD - Plus-HD-2.3 BHO.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll =>Adware.PlusHD
O2 - BHO: WiseConvert 1.5 - {19803860-b306-423c-bbb5-f60a7d82cde5} Clé orpheline =>Toolbar.Conduit
O2 - BHO: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} . (.Web Connect - WebConnect.) -- C:\Program Files\WebConnect\WebConnectbho.dll =>PUP.WebConnect
O2 - BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} . (...) -- mscoree.dll (.not file.) =>PUP.QuickShare
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} . (.Search Results LLC. - Search Results.) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll =>Adware.Bandoo
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM
O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Clé orpheline =>Adware.PricePeep
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
~ BHO: 34 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (...) -- (.not file.) =>Toolbar.Ask
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - [HKLM]{EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar: QuickShare Widget - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>PUP.QuickShare
O3 - Toolbar: Norton Identity Safe Toolbar - [HKLM]{A13C2648-91D4-4bf3-BC6D-0079707C4389} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{19803860-B306-423C-BBB5-F60A7D82CDE5} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{A13C2648-91D4-4BF3-BC6D-0079707C4389} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Norton AntiVirus.lnk . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\uistub.exe
O4 - GS\QuickLaunch [maissane]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [maissane]: Pages Annuaire.lnk - Clé orpheline
O4 - GS\TaskBar [maissane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [maissane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [maissane]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [maissane]: Accueil Fax-Internet.lnk . (...) -- C:\Program Files\Axmapresse\Fax-Internet\statfax.exe
O4 - GS\Desktop [maissane]: Driver Genius.lnk . (.Driver-Soft Inc. - Driver Genius.) -- C:\Program Files\Driver-Soft\DriverGenius\DriverGenius.exe
O4 - GS\Desktop [maissane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [maissane]: Microsoft Word 2010.lnk . (.Microsoft Corporation - Microsoft Office Client Virtualization Hand.) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.exe
O4 - GS\Desktop [maissane]: Radio Fr Solo.lnk . (...) -- C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe
O4 - GS\Desktop [maissane]: Search.lnk . (...) -- C:\ProgramData\DSearchLink\DSearchLink.exe =>Toolbar.DeltaSearch
~ Global Startup: 69 Legitimates Filtered in 00mn 27s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Lancement Application Fax.lnk . (.Alliance MCA - FaxTray Application for Internet Fax.) -- C:\Program Files\Axmapresse\Fax-Internet\faxtray.exe
O4 - GS\Startup [maissane]: OneNote 2010 - Capture d'écran et lancement.lnk . (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [NBHGui] . (.Nero AG - Nero SecurDisc Host.) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] . (.Nero AG - InCD.) -- C:\Program Files\Nero\Tools\InCD\InCD.exe
O4 - HKLM\..\Run: [YSearchProtection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe =>PUP.SweetIM
O4 - HKLM\..\Run: [Bouygues Connection Manager] . (.Bouygues - Internet Mobile 3G+ Bouygues Telecom.) -- C:\Program Files\Bouygues Telecom\Internet 3G+\Bouygues.exe
O4 - HKLM\..\Run: [FrameFox Extensions] . (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe =>PUP.FrameFox
O4 - HKLM\..\RunOnce: [upt4pc_fr_38.exe] . (...) -- C:\Users\maissane\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.exe =>PUP.Eorezo
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [DatingNotifier] Clé orpheline
O4 - HKCU\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\maissane\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\maissane\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [MyTomTomSA.exe] . (.TomTom - MyTomTom.) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [DatingNotifier] Clé orpheline
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\maissane\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\maissane\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [MyTomTomSA.exe] . (.TomTom - MyTomTom.) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} ((no name)) - http://www.liberticam.com/download/CFWebU.exe
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} ((no name)) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{29B826EC-D13C-43C9-8C6A-673AAEA74246}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{29B826EC-D13C-43C9-8C6A-673AAEA74246}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{29B826EC-D13C-43C9-8C6A-673AAEA74246}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll =>PUP.BitGuard
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BitGuard (BitGuard) . (...) - C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard
O23 - Service: DefaultTabUpdate (DefaultTabUpdate) . (...) - C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe =>Adware.Bandoo
O23 - Service: Duuqu Update Service (dqupdate) (dqupdate) . (.Duuqu Group - Duuqu Installer.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe
O23 - Service: Update WebConnect (Update WebConnect) . (.WebConnect - WebConnect.) - C:\Program Files\WebConnect\updateWebConnect.exe =>PUP.WebConnect
O23 - Service: Util WebConnect (Util WebConnect) . (.WebConnect - WebConnect.) - C:\Program Files\WebConnect\bin\utilWebConnect.exe =>PUP.WebConnect
~ Services: 16 Legitimates Filtered in 23mn 15s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AmiUpdXp.job [368] =>PUP.Software.Updater
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job [876]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job [880]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job [1884] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job [1188] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-enabler.job [1088] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-updater.job [1284] =>Adware.PlusHD
[MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineCore] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360]
[MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineUA] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360]
[MD5.D7A7FF0EC451F7980CC3AE394AC48EB7] [APT] [Plus-HD-2.3-chromeinstaller] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [466280] =>Adware.PlusHD
[MD5.C7E5BE547E41553461B925B7FB26F561] [APT] [Plus-HD-2.3-codedownloader] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [491880] =>Adware.PlusHD
[MD5.F393EEE835F3F7111A3B6E91571ACD26] [APT] [Plus-HD-2.3-enabler] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [348008] =>Adware.PlusHD
[MD5.C32038A5543158EBDC99E73E6A070A43] [APT] [Plus-HD-2.3-updater] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe [367976] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [{911E56E8-2D4F-4F4B-A7F9-A9F661173E71}] (...) -- E:\INSTMSI.exe (.not file.) [0]
~ Scheduled Task: 44 Legitimates Filtered in 01mn 35s
---\\ Logiciels installés (O42)
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: BitGuard - (.MediaTechSoft Inc..) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>PUP.BitGuard
O42 - Logiciel: DefaultTab - (.Search Results, LLC.) [HKLM] -- DefaultTab =>Adware.Bandoo
O42 - Logiciel: Plus-HD-2.3 - (.Plus HD.) [HKLM] -- Plus-HD-2.3 =>Adware.PlusHD
O42 - Logiciel: QuickShare - (.Linkury Inc..) [HKLM] -- {AF860F85-54A3-4A28-879B-BF9E6E325776} =>PUP.QuickShare
O42 - Logiciel: SafeFax 3.0.999 - (.Alliance MCA.) [HKLM] -- SafeFax_is1
O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM] -- {7683B745-6060-41FD-AA75-0BBB383FEAD4} =>PUP.SweetIM
O42 - Logiciel: Update Manager for SweetPacks 1.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {EA8FA6BE-29BE-4AF2-9352-841F83215EB0} =>PUP.SweetIM
O42 - Logiciel: WebConnect 3.0.0 - (.Web Connect.) [HKLM] -- WebConnect =>PUP.WebConnect
O42 - Logiciel: tuto4pc_fr_38 - (.TUTO4PC.) [HKLM] -- tuto4pc_fr_38_is1 =>PUP.Eorezo
~ Logic: 118 Legitimates Filtered in 00mn 04s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5e55dcd9b76eb940]
[HKCU\Software\APN PIP]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Duuqu]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Rencontres Hard]
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\TutoTag] =>Spyware.AgenceExclusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Wajam] =>Toolbar.Wajam
[HKCU\Software\WebConnect] =>PUP.WebConnect
[HKCU\Software\delta LTD]
[HKLM\Software\5e55dcd9b76eb940]
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Default Tab] =>Adware.Bandoo
[HKLM\Software\DomaIQ] =>Adware.DomaIQ
[HKLM\Software\Duuqu]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\PCPowerSpeed] =>PUP.PCPowerSpeed
[HKLM\Software\PIP]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Vittalia] =>PUP.Vittalia
[HKLM\Software\Wajam] =>Toolbar.Wajam
[HKLM\Software\babylontoolbar] =>Toolbar.Babylon
[HKLM\Software\iLividSRTB] =>Adware.Bandoo
[HKLM\Software\lollipop] =>Adware.Lollipop
~ Key Software: 233 Legitimates Filtered in 00mn 04s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/10/2013 - 08:49:33 - [0,851] ----D C:\Program Files\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 14/10/2013 - 12:21:31 - [3,377] ----D C:\Program Files\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 16/05/2013 - 14:19:48 - [2,156] ----D C:\Program Files\Duuqu
O43 - CFD: 02/08/2013 - 14:36:07 - [0,390] ----D C:\Program Files\FrameFox =>PUP.FrameFox
O43 - CFD: 15/12/2012 - 13:11:54 - [0,298] ----D C:\Program Files\lang
O43 - CFD: 14/10/2013 - 15:19:29 - [0,015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 14/10/2013 - 12:23:40 - [5,513] ----D C:\Program Files\Plus-HD-2.3 =>Adware.PlusHD
O43 - CFD: 05/10/2013 - 18:55:04 - [8,545] ----D C:\Program Files\SweetIM =>PUP.SweetIM
O43 - CFD: 26/07/2013 - 08:40:10 - [2,430] ----D C:\Program Files\tuto4pc_fr_38 =>PUP.Eorezo
O43 - CFD: 30/10/2013 - 13:51:16 - [2,369] ----D C:\Program Files\WebConnect =>PUP.WebConnect
O43 - CFD: 05/11/2013 - 17:00:56 - [8,154] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 14/10/2013 - 12:21:27 - [0,403] ----D C:\ProgramData\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 22/12/2012 - 12:28:59 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 19/09/2013 - 16:20:52 - [0,147] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
O43 - CFD: 18/10/2013 - 09:02:43 - [0,002] ----D C:\ProgramData\NCOTEMP
O43 - CFD: 05/09/2011 - 19:16:13 - [0,001] ----D C:\ProgramData\Partner
O43 - CFD: 22/12/2012 - 12:13:43 - [2,513] ----D C:\Users\maissane\AppData\Roaming\DefaultTab =>Adware.Bandoo
O43 - CFD: 27/09/2013 - 14:31:01 - [0,876] ----D C:\Users\maissane\AppData\Local\BeamriseUninstall =>Hijacker.Beamrise
O43 - CFD: 14/10/2013 - 12:21:27 - [0] ----D C:\Users\maissane\AppData\Local\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 16/05/2013 - 14:19:43 - [0] ----D C:\Users\maissane\AppData\Local\Duuqu
O43 - CFD: 17/10/2012 - 15:16:10 - [0] ----D C:\Users\maissane\AppData\Local\messengerdusexe
O43 - CFD: 28/04/2013 - 16:45:58 - [0] ----D C:\Users\maissane\AppData\Local\pur-flirt
O43 - CFD: 28/09/2013 - 09:57:28 - [0] ----D C:\Users\maissane\AppData\Local\Supreme Savings =>PUP.RewardsArcade
O43 - CFD: 22/12/2012 - 12:13:31 - [0,285] ----D C:\Users\maissane\AppData\Local\SwvUpdater =>PUP.Software.Updater
O43 - CFD: 07/11/2013 - 19:31:34 - [1,988] ----D C:\Users\maissane\AppData\Local\tuto4pc_fr_38 =>PUP.Eorezo
O43 - CFD: 27/10/2013 - 19:29:04 - [0,751] ----D C:\Users\maissane\AppData\Local\YappyzUninstall =>PUP.Yappyz
O43 - CFD: 30/10/2013 - 14:29:43 - [0,001] ----D C:\Users\maissane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
~ 441 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 673 Legitimates Filtered in 01mn 27s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.462F7DBFBBB599527C986A3F876179FA] - 06/11/2013 - 13:09:57 ---A- . (...) -- C:\Windows\ntbtlog.txt [3250]
O44 - LFC:[MD5.FE4D955BE910575D5654E80A7EB76FE1] - 07/11/2013 - 17:26:54 ---A- . (...) -- C:\SrvError.Log [262123]
O44 - LFC:[MD5.95190605FC653695C32008A89F6F9847] - 07/11/2013 - 18:15:38 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [24464]
O44 - LFC:[MD5.95190605FC653695C32008A89F6F9847] - 07/11/2013 - 18:15:38 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [24464]
O44 - LFC:[MD5.3D5A6F114214DE1771C1C29590850F77] - 27/10/2013 - 19:46:56 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [300]
O44 - LFC:[MD5.E3F4F3BA037CB5511D4C3F921EDBB68C] - 30/10/2013 - 13:25:09 ---A- . (...) -- C:\Windows\wininit.ini [65]
~ Files: 15 Legitimates Filtered in 01mn 11s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.502DC5C3CB27A4D46A53B4EFFA1E6401] - 06/11/2013 - 13:17:29 ---A- - C:\Windows\Prefetch\FRAMEFOX.EXE-AE0924FD.pf =>PUP.FrameFox
O45 - LFCP:[MD5.46720CC3674A5A69D386876DF5A630F7] - 07/11/2013 - 14:51:18 ---A- - C:\Windows\Prefetch\OBERONGAMECONSOLESERVICE.EXE-443D4C7B.pf
O45 - LFCP:[MD5.0DA599D171E5EC9DAEFF46359FD99DBB] - 07/11/2013 - 17:26:12 ---A- - C:\Windows\Prefetch\DUUQUCRASHHANDLER.EXE-EB7754F5.pf
O45 - LFCP:[MD5.E8B43B3647DE0F56AB0C7DA8C77CFD89] - 07/11/2013 - 17:26:21 ---A- - C:\Windows\Prefetch\NST.EXE-D9753F47.pf
O45 - LFCP:[MD5.F549F6CF9ECC8497FFED9958C01336C4] - 07/11/2013 - 17:26:25 ---A- - C:\Windows\Prefetch\BITGUARD.EXE-D66C64B1.pf =>PUP.BitGuard
O45 - LFCP:[MD5.140489FDBDB9BB1FCAC5E040CBDC58C7] - 07/11/2013 - 17:26:42 ---A- - C:\Windows\Prefetch\INCD.EXE-E5B36EE8.pf
O45 - LFCP:[MD5.8591161AC27BEFB92BBDDBF450998AC7] - 07/11/2013 - 17:26:42 ---A- - C:\Windows\Prefetch\NBHGUI.EXE-AC9A4EAB.pf
O45 - LFCP:[MD5.9D5356CF1C67CEDC47D5E88AFED7917D] - 07/11/2013 - 17:26:43 ---A- - C:\Windows\Prefetch\SEARCHPROTECTION.EXE-5F59DE6E.pf =>Toolbar.Conduit
O45 - LFCP:[MD5.89F12DAA58ECB4089B9C2BD8BA44009E] - 07/11/2013 - 17:26:55 ---A- - C:\Windows\Prefetch\FAXTRAY.EXE-46607940.pf
O45 - LFCP:[MD5.8F8EDA3C688FC29E2C59A6C3685B88AC] - 07/11/2013 - 19:31:29 ---A- - C:\Windows\Prefetch\UPT4PC_FR_38.EXE-308AD67E.pf
~ Prefetcher: 118 Legitimates Filtered in 00mn 04s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0f8be8b8-6550-11e2-9978-0024545925f7}\AutoRun\command. (...) -- E:\AutoLaunch.exe (.not file.)
O51 - MPSK:{0f8be8f5-6550-11e2-9978-0024545925f7}\AutoRun\command. (...) -- E:\AutoLaunch.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (...) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg [14733] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [462968] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe [50296] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe [53880] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll [436856] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll [520824] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:43:57 ---A- . (.Search Results, LLC.) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\update.exe [813664] =>Adware.Bandoo
O61 - LFC: 05/11/2013 - 19:44:43 ---A- . (.MindAd.) -- C:\Users\maissane\Downloads\setup (17).exe [614520]
O61 - LFC: 05/11/2013 - 19:44:55 RSHA- . (...) -- C:\Users\maissane\ntuser.pol [290]
O61 - LFC: 06/11/2013 - 19:44:34 ---A- . (...) -- C:\Users\maissane\Downloads\FlvPlayerSetup (7).exe [796848]
O61 - LFC: 07/11/2013 - 19:42:47 ---A- . (...) -- C:\Users\maissane\AppData\Local\avgchrome\avgp [110729]
O61 - LFC: 07/11/2013 - 19:43:01 ---A- . (...) -- C:\Users\maissane\AppData\Local\Google\Chrome\User Data\Local State [50880]
O61 - LFC: 07/11/2013 - 19:43:34 ---A- . (...) -- C:\Users\maissane\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.cyp [544] =>PUP.Eorezo
O61 - LFC: 07/11/2013 - 19:44:18 ---A- . (...) -- C:\Users\maissane\AppData\Roaming\ZHP\Log.txt [25693] =>.Nicolas Coolman
O61 - LFC: 07/11/2013 - 19:44:18 ---A- . (...) -- C:\Users\maissane\AppData\Roaming\ZHP\TestsZHPDiag.txt [2896] =>.Nicolas Coolman
~ 16 Fichiers temporaires (Temporary files)
~ Files: 191 Legitimates Filtered in 02mn 11s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Beamrise.FXR3NKGWYDKTHPYULIFC7D4RVI> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\maissane\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Yappyz.FXR3NKGWYDKTHPYULIFC7D4RVI> <Yappyz>[HKLM\..\Shell\open\Command] (...) -- C:\Users\maissane\AppData\Local\Yappyz\Application\yappyz.exe (.not file.) =>PUP.Yappyz
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [maissane - z6pc1gi0.default] user_pref("extensions.asktb.ff-original-keyword-url", "");
O69 - SBI: SearchScopes [HKCU] 2F08D3A986A84CCE9E880F91EF7A63B9 - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - https://search.safefinder.com/?q= =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Doko Search) - http://www.do =>Hijacker.Doko
O69 - SBI: SearchScopes [HKCU] {3BA0170A-3F54-4764-84D0-604C7CAAECCE} - (Search Here) - http://www.mysearchresults.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} - (Norton Safe Search) - http://nortonsafe.search.ask.com
O69 - SBI: SearchScopes [HKCU] {BD85CCEB-F468-4A5E-A42F-60E16F1AF6E0} - (Yahoo!Search) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][17/08/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.FFB1E0D8C849B301B163B12563086BA1] [SPRF][11/02/2012] (...) -- C:\Users\maissane\AppData\Roaming\wklnhst.dat [530]
[MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][04/10/2013] (...) -- C:\Users\maissane\Desktop\AdwCleaner_1.606_En.exe [581957]
[MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][27/10/2013] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\maissane\Desktop\FLVMPlayer.exe [4953944]
~ Files: 5 Legitimates Filtered in 00mn 01s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "9EE58E3C298524145B73CBBED3CAC4D3" . (.Internet Explorer Toolbar 4.6 by SweetPacks.) -- C:\windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}\ARPPRODUCTICON.exe =>PUP.SweetIM
~ Update Products: 110 Legitimates Filtered in 00mn 00s
---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5e55dcd9b76eb940\2.6.1694.246\upd]:="upd="
[HKCU\Software\5e55dcd9b76eb940\2.7.1769.27\upd]:="upd="
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Eazel
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:version="2.6.1694.246" =>Hijacker.Eazel
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132"
[HKCU\Software\5e55dcd9b76eb940] =>Toolbar.Babylon^
[HKCU\Software\5e55dcd9b76eb940]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKCU\Software\5e55dcd
Utilisateur anonyme
7 nov. 2013 à 20:42
7 nov. 2013 à 20:42
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur Cjoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
