Virus

ASBH95 Messages postés 63 Statut Membre -  
ArnaudLy6 Messages postés 4695 Statut Membre -
Bonjour,

J'ai un virue du nom Boxore Client que je n'arrive pas à élimine, pourriez-vous m'indiquer des procédures à éxécuter.
Par avance Merci

11 réponses

  1. ArnaudLy6 Messages postés 4695 Statut Membre 189
     
    Salut,

    Télécharge AdwCleaner : https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/#q=adwcleaner&cur=1&url=%2F
    Ensuite suis ces étapes :

    - Lance le logiciel
    - Clique sur "Scanner"
    - Une fois le scan terminé, clique sur "Nettoyer"
    - Le logiciel va redémarrer ton ordinateur
    - Une fois ta session ouverte, tu devrais avoir un rapport de nettoyage
    - Colle ce rapport dans ton prochain message
    0
    1. ASBH95 Messages postés 63 Statut Membre
       
      attention je suis très très mauvais en informatique
      0
  2. ASBH95 Messages postés 63 Statut Membre
     
    # AdwCleaner v3.018 - Rapport créé le 16/02/2014 à 18:19:56
    # Mis à jour le 28/01/2014 par Xplode
    # Système d'exploitation : Windows 8 (64 bits)
    # Nom d'utilisateur : Cyrille - MAISON
    # Exécuté depuis : C:\Users\Cyrille\Downloads\adwcleaner.exe
    # Option : Scanner

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    ***** [ Navigateurs ] *****

    -\\ Internet Explorer v10.0.9200.16798

    -\\ Google Chrome v32.0.1700.107

    [ Fichier : C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    *************************

    AdwCleaner[R0].txt - [8228 octets] - [10/02/2014 22:58:56]
    AdwCleaner[R10].txt - [1961 octets] - [15/02/2014 23:35:43]
    AdwCleaner[R11].txt - [761 octets] - [16/02/2014 18:19:56]
    AdwCleaner[R1].txt - [1235 octets] - [10/02/2014 23:30:04]
    AdwCleaner[R2].txt - [2130 octets] - [13/02/2014 18:16:02]
    AdwCleaner[R3].txt - [1229 octets] - [13/02/2014 18:20:12]
    AdwCleaner[R4].txt - [1349 octets] - [13/02/2014 18:24:59]
    AdwCleaner[R5].txt - [1470 octets] - [13/02/2014 18:29:05]
    AdwCleaner[R6].txt - [1590 octets] - [13/02/2014 18:32:13]
    AdwCleaner[R7].txt - [1710 octets] - [13/02/2014 18:38:31]
    AdwCleaner[R8].txt - [2867 octets] - [13/02/2014 22:49:30]
    AdwCleaner[R9].txt - [1930 octets] - [13/02/2014 23:08:40]
    AdwCleaner[S0].txt - [7866 octets] - [10/02/2014 22:59:23]
    AdwCleaner[S1].txt - [1254 octets] - [10/02/2014 23:30:33]
    AdwCleaner[S2].txt - [1951 octets] - [13/02/2014 18:17:15]
    AdwCleaner[S3].txt - [1246 octets] - [13/02/2014 18:21:01]
    AdwCleaner[S4].txt - [1366 octets] - [13/02/2014 18:25:32]
    AdwCleaner[S5].txt - [1486 octets] - [13/02/2014 18:29:46]
    AdwCleaner[S6].txt - [1606 octets] - [13/02/2014 18:32:43]
    AdwCleaner[S7].txt - [2785 octets] - [13/02/2014 22:50:02]
    AdwCleaner[S8].txt - [1947 octets] - [13/02/2014 23:09:00]
    AdwCleaner[S9].txt - [2023 octets] - [15/02/2014 23:36:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R11].txt - [1961 octets] ##########
    voici le rapport comme demandé
    0
    1. ArnaudLy6 Messages postés 4695 Statut Membre 189
       
      Télécharge Malwarebytes Anti-Malware : https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

      - Lance-le
      - Clique sur l'onglet "mise à jour"
      - Clique ensuite sur " Rechercher des mises à jour"
      - Va dans l'onglet "Paramètres"
      - Va dans le sous-onglet "Paramètres d'examen"
      - Choisis pour les lignes Action pour[...](PUP) et Action pour[...](PUM) Afficher dans les résultats, pré-coché pour supression
      - Retourne dans l'onglet "Recherche"
      - Sélectionne " Exécuter un examen complet"
      - Clique sur "Rechercher"
      - Attends la fin de l'analyse
      - Une fois l'analyse terminée, clique sur "afficher les résultats"
      - Coche tous les éléments détectés
      - Enfin, clique sur "supprimer la sélection"
      - L'ordinateur devrait ensuite redémarrer

      Une fois que ton ordinateur a redémarré, relance Malwarebytes Anti-Malware et cette fois-ci rends toi dans l'onglet "Rapports/Logs",
      ouvre le rapport le plus récent et copie tout ce qu'il contient dans ton prochain message.
      0
  3. ASBH95 Messages postés 63 Statut Membre
     
    voici le rapport, mais Boxore est toujours présent

    Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    www.malwarebytes.org

    Version de la base de données: v2014.02.16.04

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16798
    Cyrille :: MAISON [administrateur]

    Protection: Désactivé

    16/02/2014 18:36:28
    mbam-log-2014-02-16 (18-36-28).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 404152
    Temps écoulé: 43 minute(s), 34 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 1
    C:\Users\Cyrille\AppData\Local\Temp\ICReinstall_7z922.exe (PUP.Optional.InstallCore.A) -> Mis en quarantaine et supprimé avec succès.

    (fin)
    0
  4. ArnaudLy6 Messages postés 4695 Statut Membre 189
     
    - Télécharge ZHPDiag : https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/#q=zhp+idag&cur=1&url=%2F
    - Lance-le (icone avec un parchemin)
    - Clique sur "Configurer"
    - Clique sur la loupe avec un +
    - Attends la fin de l'analyse
    - Une fois l'analyse terminée, un fichier bloc note devrait se créer sur ton bureau (il devrait s'appeler ZHPDiag)
    - Rends-toi sur ce site : https://www.cjoint.com/
    - Clique sur "Choisir un fichier" et choisis le bloc note ZHPDiag qui est sur ton bureau
    - Dans le type de diffusion choisis "Privée"
    - Dans le champ "Pour quelle durée" choisis 4 jours
    - Remplis ensuite la suite du formulaire
    - Enfin, donne-nous le lien du fichier que tu viens de mettre sur le site
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ASBH95 Messages postés 63 Statut Membre
     
    je n'arrives pas à avoir le lien du fichier mais j'ai copier l'ensemble de l'analyse

    ~ Rapport de ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
    ~ Lancé par Cyrille (16/02/2014 19:52:38)
    ~ Adresse du Site Web https://nicolascoolman.webs.com/
    ~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    ---\\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16798
    GCIE: Google Chrome v32.0.1700.107 (Defaut)

    ---\\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 8, 64-bit (Build 9200)
    Windows Server License Manager Script : OK
    ~ ion : Windows(R) Operating System, OEM_DM channel
    Windows ID Activation : OK
    ~ Windows Partial Key : HFPMG
    Windows License : OK
    ~ Windows Remaining Initializations Number : 998
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    ---\\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2013
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W8

    ---\\ Logiciels d'optimisation du système

    ---\\ Logiciels de partage PeerToPeer

    ---\\ Surveillance de Logiciels

    ---\\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 8084 MB (77% free)
    System Restore: Activé (Enable)
    System drive C: has 844 GB (93%) free of 906 GB

    ---\\ Mode de connexion au système
    ~ Computer Name: MAISON
    ~ User Name: Cyrille
    ~ All Users Names: Cyrille, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    ---\\ Variables d'environnement
    ~ System Unit : C:\
    ~ %AppZHP% : C:\Users\Cyrille\AppData\Roaming\ZHP\
    ~ %AppData% : C:\Users\Cyrille\AppData\Roaming\
    ~ %Desktop% : C:\Users\Cyrille\Desktop\
    ~ %Favorites% : C:\Users\Cyrille\Favorites\
    ~ %LocalAppData% : C:\Users\Cyrille\AppData\Local\
    ~ %StartMenu% : C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\
    ~ %Windir% : C:\Windows\
    ~ %System% : C:\Windows\System32\

    ---\\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 844 Go of 906 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 24 Go)
    E: CD-ROM drive (Not Inserted)

    ---\\ Etat du Centre de Sécurité Windows
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    ---\\ Recherche particulière de fichiers génériques
    [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
    [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
    [MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/02/2014 - 10:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
    [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/06/2013 - 04:23:30.) -- C:\Windows\System32\Winlogon.exe [517120]
    [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
    [MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
    [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
    [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
    [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
    [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
    [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/06/2013 - 04:07:49.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
    [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
    [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
    [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.20/06/2013 - 04:40:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
    [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
    [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/06/2013 - 04:43:45.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
    [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
    [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
    [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
    [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
    [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
    ~ Generic Processes: Scanned in 00mn 00s

    ---\\ Etat des fichiers cachés (Caché/Total)
    ~ Mes Favoris (My Favorites) : 1/8
    ~ Mes Documents (My Documents) : 1/188
    ~ Mon Bureau (My Desktop) : 1/7
    ~ Menu demarrer (Programs) : 1/22
    ~ Hidden Files: Scanned in 00mn 00s

    ---\\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3024]
    [MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.2284]
    [MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.2884]
    [MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3268]
    [MD5.6E0A993681A809FB61B2BF0D1959AAA4] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416] [PID.4976]
    [MD5.D213F06AE294341F3503FD74E22E7DDA] - (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136] [PID.4324]
    [MD5.E2043ABD9E13E1B7BF74B1D05E15AA47] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.4764]
    [MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.4556]
    [MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.492]
    [MD5.21CBCE4FC4B7916E7755710883C36AE1] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832] [PID.4204]
    [MD5.528F404CB22A7EA85795E2315BE4F482] - (.Pas de propriétaire - Rugbyrama (NO).) -- C:\Program Files\WindowsApps\25979Thitony.RugbyramaNO_1.0.0.7_neutral__c1x5g03cap1dy\Rugbyrama (NO).exe [84480] [PID.1800]
    [MD5.5CCF60E8557F42D6494ACE11144E16C3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.5388]
    ~ Processes Running: Scanned in 00mn 00s

    ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Default\Preferences
    G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    ~ Google Browser: 16 Legitimates Filtered in 00mn 01s

    ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
    ~ IE Browser: 18 Legitimates Filtered in 00mn 00s

    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
    F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
    F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    ---\\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 2037

    ---\\ Internet Explorer Toolbars (O3)
    O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
    O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    ---\\ Autres liens utilisateurs (O4)
    O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    O4 - GS\Desktop [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    O4 - GS\Desktop [Public]: HP Games.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
    O4 - GS\Desktop [Public]: HP Quick Start.lnk . (.Hewlett-Packard - HP Quick Start.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
    O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
    O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    O4 - GS\QuickLaunch [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    O4 - GS\QuickLaunch [Cyrille]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
    O4 - GS\QuickLaunch [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
    O4 - GS\TaskBar [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    O4 - GS\TaskBar [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.google.com/?gws_rd=ssl =>Hijacker.Browsers
    O4 - GS\Program [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
    O4 - GS\Desktop [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
    ~ Global Startup: 51 Legitimates Filtered in 00mn 00s

    ---\\ Applications lancées au démarrage du sytème (O4)
    O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office XP component.) -- C:\Program Files (x86)\Microsoft Office\Office10\OSA.exe =>.Microsoft Corporation
    O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
    O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
    O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
    O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
    O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
    O4 - HKLM\..\Wow6432Node\Run: [fst_fr_78] Clé orpheline =>PUA.FSTfr9
    O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    O4 - HKLM\..\Wow6432Node\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (.not file.) =>PUP.BrowserSafeguard
    O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
    O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
    O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
    ~ IE Extra Buttons: Scanned in 00mn 00s

    ---\\ Modification Domaine/Adresses DNS (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS1\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS1\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
    ~ Domain: Scanned in 00mn 00s

    ---\\ Protocole additionnel (O18)
    O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
    O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    ---\\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [{725D67D8-CCFA-4DB9-86C9-DEB07C659333}] (...) -- C:\Program Files (x86)\Desk 365\eUninstall.exe (.not file.) [0] =>Hijacker.22Find
    [MD5.00000000000000000000000000000000] [APT] [{EDBF8529-BDB9-4C04-A4B1-96048C7B9374}] (...) -- C:\Program Files (x86)\click-n-mark-5\Uninstall.exe (.not file.) [0]
    ~ Scheduled Task: 24 Legitimates Filtered in 00mn 07s

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: Bizzybolt - (.Bizzybolt.) [HKLM][64Bits] -- Bizzybolt =>PUP.Bizzybolt
    O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore
    O42 - Logiciel: BringStar - (.BringStar.) [HKLM][64Bits] -- BringStar
    O42 - Logiciel: OEM Application Profile - (.Nom de votre société.) [HKLM][64Bits] -- {C89A97B6-F991-EBB5-77B7-927BCF420EBE}
    O42 - Logiciel: PMU Poker - (.PMU.) [HKLM][64Bits] -- PMUPoker
    ~ Logic: 45 Legitimates Filtered in 00mn 00s

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\PMU]
    [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
    [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
    [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
    ~ Key Software: 257 Legitimates Filtered in 00mn 00s

    ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 - CFD: 16/02/2014 - 00:27:54 - [0] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
    O43 - CFD: 13/02/2014 - 19:03:40 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
    O43 - CFD: 16/02/2014 - 00:49:24 - [0,003] ----D C:\Users\Cyrille\AppData\Roaming\PMU
    O43 - CFD: 08/02/2014 - 18:43:48 - [0] ----D C:\Users\Cyrille\AppData\Roaming\wam
    O43 - CFD: 08/02/2014 - 18:43:49 - [0,628] ----D C:\Users\Cyrille\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
    O43 - CFD: 08/02/2014 - 18:50:11 - [0,002] ----D C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop
    ~ Program Folder: 127 Legitimates Filtered in 00mn 28s

    ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 - LFC:[MD5.17DC3AD4488BD77E7DB50E5BB23D8CD4] - 08/02/2014 - 18:31:05 ---A- . (...) -- C:\Windows\System32\RaCoInst.log [2662]
    O44 - LFC:[MD5.A828B9E8BBD15782F87F870ADC3B36C5] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\DPINST.LOG [13678]
    O44 - LFC:[MD5.E7BB47C90A87171B229275636599A404] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\Synaptics.log [1332]
    O44 - LFC:[MD5.0C81219B850B76C608F845EE8DF8F8E4] - 10/02/2014 - 22:48:55 ---A- . (...) -- C:\Windows\System32\Drivers\rtkhdaud.dat [8]
    O44 - LFC:[MD5.EF16C439EF0FEF1580C12A3C105C8E54] - 10/02/2014 - 22:49:15 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [445929]
    O44 - LFC:[MD5.4B916278E1487A5CD5F8F9A521980026] - 12/02/2014 - 00:29:51 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385614]
    O44 - LFC:[MD5.F548B91C5BEE2FB054D4EFF2E48308F6] - 12/02/2014 - 20:17:44 ---A- . (...) -- C:\Windows\IE10_main.log [1998]
    O44 - LFC:[MD5.E50972DF270BE239ABE99A6FEC24EB88] - 15/02/2014 - 12:13:45 ---A- . (...) -- C:\Windows\win.ini [188]
    O44 - LFC:[MD5.B06A2FFC4503DFF01BAD161F37FFE0F9] - 15/02/2014 - 12:13:53 ---A- . (...) -- C:\Windows\ODBC.INI [382]
    O44 - LFC:[MD5.59BC44F885368AF507A359C4054289A9] - 15/02/2014 - 21:00:06 ---A- . (...) -- C:\Windows\DtcInstall.log [5499]
    O44 - LFC:[MD5.97E1CD22CCEAA8F8EEDD93B277E11C34] - 15/02/2014 - 21:00:09 ---A- . (...) -- C:\Windows\iis.log [12507]
    O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:13 ---A- . (...) -- C:\Windows\diagerr.xml [22863]
    O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:15 ---A- . (...) -- C:\Windows\diagwrn.xml [22863]
    O44 - LFC:[MD5.704E305631A922F923C6261AC535DF9B] - 15/02/2014 - 22:02:27 ---A- . (...) -- C:\Windows\comsetup.log [6574]
    O44 - LFC:[MD5.87E5AAE1AA9431EF1DDEDC46D2145BDB] - 15/02/2014 - 23:23:14 ---A- . (...) -- C:\Windows\0 [32]
    ~ Files: 288 Legitimates Filtered in 00mn 08s

    ---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 - LFCP:[MD5.39EE9CFE54A00BA7D511ABE8C6C55DE8] - 09/02/2014 - 16:12:07 ---A- - C:\Windows\Prefetch\GROOVESTREAM.EXE-9A5570A8.pf
    O45 - LFCP:[MD5.D7880E4305A30BC0CBDDD8C853503A7A] - 09/02/2014 - 17:12:06 ---A- - C:\Windows\Prefetch\HPNETWORKCHECK.EXE-1B1BFCC5.pf
    O45 - LFCP:[MD5.D3D2A93AC881E46C01AD2CEBCAC55F29] - 10/02/2014 - 19:07:49 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-ACD94D17.pf =>Adware.Lollipop
    O45 - LFCP:[MD5.29B6EB28C0CC0A2898583299012520FF] - 10/02/2014 - 19:39:38 ---A- - C:\Windows\Prefetch\MOUNTVOL.EXE-84487FEE.pf
    O45 - LFCP:[MD5.4640A51D59ED7401C4043CB261312EF8] - 11/02/2014 - 23:52:54 ---A- - C:\Windows\Prefetch\WLRMDR.EXE-8CD26CA2.pf
    O45 - LFCP:[MD5.80AB3E312122B7045F93AF3AB72F62F9] - 12/02/2014 - 13:26:09 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-F9CF7E6E.pf
    O45 - LFCP:[MD5.05456697E1E97978F4F1371E8714D0F7] - 12/02/2014 - 13:49:11 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
    O45 - LFCP:[MD5.43CB099DE9ECC8B739669C8784DC3B65] - 12/02/2014 - 20:17:44 ---A- - C:\Windows\Prefetch\INTERNET-EXPLORER-10_INTERNET-4D180290.pf
    O45 - LFCP:[MD5.ADB994BAEBB196F333D08FAAF0CAD741] - 13/02/2014 - 18:41:11 ---A- - C:\Windows\Prefetch\SETUP (1).EXE-0EB61499.pf
    O45 - LFCP:[MD5.7DD855852DA8FD7114899580FD79F342] - 13/02/2014 - 18:44:50 ---A- - C:\Windows\Prefetch\ENHANCETRONICSETUP_20131220.E-6DE78913.pf
    O45 - LFCP:[MD5.EF40C6C8CD52C893C478C41F78EB0986] - 13/02/2014 - 19:43:56 ---A- - C:\Windows\Prefetch\INSTUP.EXE-A4CED936.pf
    O45 - LFCP:[MD5.21F0E975D50C66F244EB85440C975BE7] - 15/02/2014 - 11:34:49 ---A- - C:\Windows\Prefetch\UPFST_FR_78.EXE-8E04742E.pf =>PUA.FSTfr9
    O45 - LFCP:[MD5.62D28861F01AF256E14AED0C562BA3E8] - 15/02/2014 - 11:41:56 ---A- - C:\Windows\Prefetch\PREDM.TMP-8C2D42D4.pf
    O45 - LFCP:[MD5.DAC12829421BE2858F4B056FF010AD43] - 15/02/2014 - 13:00:30 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-CEA0AABB.pf
    O45 - LFCP:[MD5.F5002AFF71679992FBC1956F7F511039] - 15/02/2014 - 13:00:42 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-55154128.pf
    O45 - LFCP:[MD5.AA9176ACB9EA8A2F21546D9B26B7C4B3] - 15/02/2014 - 14:03:47 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-31CA2EBF.pf
    O45 - LFCP:[MD5.4F37154B9BA7F04B3F4AB2C0557DDDA8] - 15/02/2014 - 14:17:49 ---A- - C:\Windows\Prefetch\dynreservedpri.db
    O45 - LFCP:[MD5.526614A1EF1197DAF75045A214D1448A] - 15/02/2014 - 14:41:24 ---A- - C:\Windows\Prefetch\SP60497.EXE-B10C74AB.pf
    O45 - LFCP:[MD5.06A7D803EF48B87C37414FAC0DE7F336] - 15/02/2014 - 14:44:32 ---A- - C:\Windows\Prefetch\WINDOWS8-UPGRADEASSISTANT.EXE-1610A0E4.pf
    O45 - LFCP:[MD5.3732F9416D508F82519158752A76320C] - 15/02/2014 - 14:44:36 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-3BD0A795.pf
    O45 - LFCP:[MD5.EE4BC758D18977641F68058BEAF330DD] - 15/02/2014 - 14:51:23 ---A- - C:\Windows\Prefetch\SP61291 (2).EXE-584218AF.pf
    O45 - LFCP:[MD5.E3BEDB11F83E8DAD36CFAF1C06236962] - 15/02/2014 - 15:07:02 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-022A1004.pf
    O45 - LFCP:[MD5.98D8AAA5672DE2D242430889F03F135A] - 15/02/2014 - 15:13:10 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT (1).E-AFC38493.pf
    O45 - LFCP:[MD5.5A322FD59A45DD83CDCCCECE453F5756] - 15/02/2014 - 15:13:15 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-C61D8530.pf
    O45 - LFCP:[MD5.B6D04697D2428555B92BACB6CA19F671] - 15/02/2014 - 15:13:46 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-423C1BD1.pf
    O45 - LFCP:[MD5.ADDC59F5F6A22464ED0AD43795F500B7] - 15/02/2014 - 15:13:49 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-2D064BE2.pf
    O45 - LFCP:[MD5.70F3002EA4CF6FB7C0D872A06F043135] - 15/02/2014 - 15:19:19 ---A- - C:\Windows\Prefetch\UNINSTALL.BROWSERSAFEGUARD.EX-2C228AF7.pf =>PUP.BrowserSafeguard
    O45 - LFCP:[MD5.CC8CC2D845588D1ED3D1DBA65B3668EA] - 15/02/2014 - 23:52:40 ---A- - C:\Windows\Prefetch\WINAMAX POKER.EXE-C751BD0F.pf
    O45 - LFCP:[MD5.3953641177439C25DED0D9DE4DB0B0DD] - 16/02/2014 - 00:48:46 ---A- - C:\Windows\Prefetch\SETF530.TMP-F86418B4.pf
    O45 - LFCP:[MD5.F1889784179C4B29057D7E30CFEB2EAA] - 16/02/2014 - 00:48:56 ---A- - C:\Windows\Prefetch\SMARTINSTALLER.EXE-E3FA3FF7.pf
    O45 - LFCP:[MD5.C9EE4AF51EE127B4A4458813A9D68C90] - 16/02/2014 - 01:34:52 ---A- - C:\Windows\Prefetch\PMU.EXE-2FA80D2C.pf
    O45 - LFCP:[MD5.ABE57ADFA1FB0AB473F391302B3133D1] - 16/02/2014 - 01:51:49 ---A- - C:\Windows\Prefetch\PROFLWIZ.EXE-74F77E33.pf
    O45 - LFCP:[MD5.B6B0D27D3120F568928816C0412C296E] - 16/02/2014 - 02:01:58 ---A- - C:\Windows\Prefetch\MSTORE.EXE-F16BBCEC.pf
    O45 - LFCP:[MD5.59AF060AE951686BF9A86B8ECFCC96DA] - 16/02/2014 - 11:25:10 ---A- - C:\Windows\Prefetch\ADR.EXE-94AD225A.pf
    O45 - LFCP:[MD5.6F03F1FB53560FCC844C6638142F26A2] - 16/02/2014 - 15:26:20 ---A- - C:\Windows\Prefetch\ICREINSTALL_7Z922.EXE-E32D93BA.pf
    O45 - LFCP:[MD5.7B2ABC058215B0B707446933228A3EEB] - 16/02/2014 - 15:40:55 ---A- - C:\Windows\Prefetch\7Z922.EXE-9A06AAF8.pf
    O45 - LFCP:[MD5.D99D97662C363D6AD8C453F62CEB3375] - 16/02/2014 - 18:02:00 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-53416568.pf
    O45 - LFCP:[MD5.DE33B5ECAD17B5EDCBDC50FAB32C332C] - 16/02/2014 - 18:04:00 ---A- - C:\Windows\Prefetch\SMRTADPTR.EXE-9A49AE8F.pf
    O45 - LFCP:[MD5.42422FD2ADA1AC69FD2D1E1DE2AD9F25] - 16/02/2014 - 19:25:44 ---A- - C:\Windows\Prefetch\OLRSTATECHECK.EXE-89EE9D3C.pf
    O45 - LFCP:[MD5.2D97FAD4D0A361716004A300938483BE] - 16/02/2014 - 19:25:50 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf
    O45 - LFCP:[MD5.73665ACCDE909778E296166DBA0CCBD0] - 16/02/2014 - 19:27:49 ---A- - C:\Windows\Prefetch\MMAMAIN.EXE-09634970.pf
    O45 - LFCP:[MD5.EA3E93222D57123029897EC173269E57] - 16/02/2014 - 19:39:36 ---A- - C:\Windows\Prefetch\RUGBYRAMA (NO).EXE-4F3CF53E.pf
    ~ Prefetcher: 226 Legitimates Filtered in 00mn 02s

    ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
    ~ MWPS: 17 Legitimates Filtered in 00mn 00s

    ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    ---\\ Liste des pilotes du système (SDL) (O58)
    O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
    O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
    O58 - SDL:[MD5.8DECF397B091FF0AF81CC48C601C6B94] - 04/12/2013 - 20:46:36 ---A- . (.Highlightly - Highlightly Driver x64.) -- C:\Windows\System32\Drivers\hlnfd.sys [58256]
    O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
    ~ Drivers: 17 Legitimates Filtered in 00mn 03s

    ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\First Run [0]
    O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_element.js.content [2385]
    O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_languages.json.content [2033]
    O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar DNS data\data [89]
    O61 - LFC: 13/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\HOSTS.txt [118694] =>.Nicolas Coolman
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\GROUP_ICON\1000 [146]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\1.ico [1662]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\10.ico [1150]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\2.ico [766]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\3.ico [318]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\4.ico [3774]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\5.ico [2238]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\6.ico [1406]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\7 [47646]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\8.ico [9662]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\9.ico [4286]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\VERSION\1 [848]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1001 [3226]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1002 [3183]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1003 [3175]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1004 [3179]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1005 [3193]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1006 [3199]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1007 [3174]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1008 [3199]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1009 [3191]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1010 [3188]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1011 [3230]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1012 [3233]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1021 [2944]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1022 [2938]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1023 [2956]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1024 [2943]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1025 [2943]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1026 [2916]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1027 [2930]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1028 [2926]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1029 [2941]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1030 [2934]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1031 [2945]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1032 [2911]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1033\MANIFEST\1 [1100]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Links\SkyDrive.lnk [651]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Google\Local Search History\google%2Eweb.w [0]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Forms\RefEdit.exd [15428]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Modèles\Normal.dot [30720]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk [0]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Épreuve\PERSO.DIC [5]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1.html [29030]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReports.css [1938]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReportsLoc.css [4571]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8.html [27446]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReports.css [1938]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReportsLoc.css [4571]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Bluetooth\Share\Bluetooth_Default.vcf [50]
    O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [272730]
    O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
    O61 - LFC: 16/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Local State [59844]
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC [148512]
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc [197688]
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\Log.txt [99139] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\TestsZHPDiag.txt [2820] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPDiag.txt [33599] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R1].txt [625] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R2].txt [826] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R3].txt [907] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\7z922.exe [1138397]
    O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup (1).exe [786304]
    O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup.exe [786304]
    O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\adwcleaner.exe [1166132]
    O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\powarc61.exe [2137581]
    ~ 93 Fichiers temporaires (Temporary files)
    ~ Files: 1288 Legitimates Filtered in 00mn 17s

    ---\\ Liste des outils de désinfection (LATC) (O63)
    O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    ---\\ Associations Shell Spawning (O67)
    O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    ---\\ Menu de démarrage Internet (SMI) (O68)
    O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    ~ Keys: Scanned in 00mn 00s

    ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
    O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
    O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
    ~ Keys: Scanned in 00mn 00s

    ---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 - FAEL: "{C1B64D8E-BB88-4BE3-B26D-54F3AA606E7E}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    O87 - FAEL: "{A59E292A-3546-4D84-AD99-44E0B9E485D5}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    ~ Firewall: 242 Legitimates Filtered in 00mn 00s

    ---\\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\Windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore
    ~ Update Products: 102 Legitimates Filtered in 00mn 00s

    ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS - | Demand 12/03/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    SS - | Auto 13/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    SS - | Demand 13/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    SS - | Demand 13/02/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    SS - | Demand 10/12/2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    SS - | Demand 20/06/2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

    SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    SR - | Auto 26/02/2013 241152 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
    SR - | Auto 13/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    SR - | Auto 01/11/2013 1706744 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
    SR - | Demand 01/11/2013 145656 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
    SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
    SR - | Demand 19/08/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    SR - | Auto 24/09/2012 31040 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
    SR - | Auto 08/10/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    SR - | Auto 10/04/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    SR - | Auto 10/12/2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    SR - | Auto 14/01/2013 131032 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    SR - | Auto 14/01/2013 165336 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    SR - | Auto 14/01/2013 279000 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    SR - | Auto 20/02/2013 239176 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    SR - | Auto 14/01/2013 366040 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
    SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

    ~ Services: Scanned in 00mn 08s

    ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Cyrille at 16/02/2014 19:54:48
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog
    Run by Cyrille at 16/02/2014 19:54:50

    ********* Dump file Name *********
    C:\PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    ---\\ Scan Additionnel (O88)
    Database Version : 13031 - (14/02/2014)
    Clés trouvées (Keys found) : 9
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 3
    Fichiers trouvés (Files found) : 5

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt] =>PUP.Bizzybolt^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
    [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
    [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_78 =>PUA.FSTfr9^
    C:\Program Files (x86)\SupTab =>PUP.SupTab^
    C:\ProgramData\WPM =>PUP.WpManager^
    C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^
    [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
    [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
    [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
    C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
    C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
    ~ Additionnel Scan: 255989 Items scanned in 00mn 11s

    ---\\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
    ~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
    ~ http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser =>Hijacker.Browsers
    ~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9
    ~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
    ~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
    ~ http://nicolascoolman.webs.com/apps/blog/show/38533684-pup-bizzybolt =>PUP.Bizzybolt
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
    ~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
    ~ http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
    ~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
    ~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
    ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
    ~ MSI: 14 link(s) detected in 00mn 11s

    ~ 2707 Legitimates filtered by white list
    End of the scan (600 lines in 02mn 23s)(0)
    0
  7. ASBH95 Messages postés 63 Statut Membre
     
    ~ Rapport de ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
    ~ Lancé par Cyrille (16/02/2014 19:52:38)
    ~ Adresse du Site Web https://nicolascoolman.webs.com/
    ~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    ---\\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16798
    GCIE: Google Chrome v32.0.1700.107 (Defaut)

    ---\\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 8, 64-bit (Build 9200)
    Windows Server License Manager Script : OK
    ~ ion : Windows(R) Operating System, OEM_DM channel
    Windows ID Activation : OK
    ~ Windows Partial Key : HFPMG
    Windows License : OK
    ~ Windows Remaining Initializations Number : 998
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    ---\\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2013
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W8

    ---\\ Logiciels d'optimisation du système

    ---\\ Logiciels de partage PeerToPeer

    ---\\ Surveillance de Logiciels

    ---\\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 8084 MB (77% free)
    System Restore: Activé (Enable)
    System drive C: has 844 GB (93%) free of 906 GB

    ---\\ Mode de connexion au système
    ~ Computer Name: MAISON
    ~ User Name: Cyrille
    ~ All Users Names: Cyrille, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    ---\\ Variables d'environnement
    ~ System Unit : C:\
    ~ %AppZHP% : C:\Users\Cyrille\AppData\Roaming\ZHP\
    ~ %AppData% : C:\Users\Cyrille\AppData\Roaming\
    ~ %Desktop% : C:\Users\Cyrille\Desktop\
    ~ %Favorites% : C:\Users\Cyrille\Favorites\
    ~ %LocalAppData% : C:\Users\Cyrille\AppData\Local\
    ~ %StartMenu% : C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\
    ~ %Windir% : C:\Windows\
    ~ %System% : C:\Windows\System32\

    ---\\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 844 Go of 906 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 24 Go)
    E: CD-ROM drive (Not Inserted)

    ---\\ Etat du Centre de Sécurité Windows
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    ---\\ Recherche particulière de fichiers génériques
    [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
    [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
    [MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/02/2014 - 10:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
    [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/06/2013 - 04:23:30.) -- C:\Windows\System32\Winlogon.exe [517120]
    [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
    [MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
    [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
    [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
    [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
    [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
    [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/06/2013 - 04:07:49.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
    [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
    [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
    [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.20/06/2013 - 04:40:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
    [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
    [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/06/2013 - 04:43:45.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
    [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
    [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
    [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
    [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
    [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
    ~ Generic Processes: Scanned in 00mn 00s

    ---\\ Etat des fichiers cachés (Caché/Total)
    ~ Mes Favoris (My Favorites) : 1/8
    ~ Mes Documents (My Documents) : 1/188
    ~ Mon Bureau (My Desktop) : 1/7
    ~ Menu demarrer (Programs) : 1/22
    ~ Hidden Files: Scanned in 00mn 00s

    ---\\ Processus lancés
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3024]
    [MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.2284]
    [MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.2884]
    [MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3268]
    [MD5.6E0A993681A809FB61B2BF0D1959AAA4] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416] [PID.4976]
    [MD5.D213F06AE294341F3503FD74E22E7DDA] - (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136] [PID.4324]
    [MD5.E2043ABD9E13E1B7BF74B1D05E15AA47] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.4764]
    [MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.4556]
    [MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.492]
    [MD5.21CBCE4FC4B7916E7755710883C36AE1] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832] [PID.4204]
    [MD5.528F404CB22A7EA85795E2315BE4F482] - (.Pas de propriétaire - Rugbyrama (NO).) -- C:\Program Files\WindowsApps\25979Thitony.RugbyramaNO_1.0.0.7_neutral__c1x5g03cap1dy\Rugbyrama (NO).exe [84480] [PID.1800]
    [MD5.5CCF60E8557F42D6494ACE11144E16C3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.5388]
    ~ Processes Running: Scanned in 00mn 00s

    ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Default\Preferences
    G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    ~ Google Browser: 16 Legitimates Filtered in 00mn 01s

    ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
    ~ IE Browser: 18 Legitimates Filtered in 00mn 00s

    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
    F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
    F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    ---\\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 2037

    ---\\ Internet Explorer Toolbars (O3)
    O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
    O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    ---\\ Autres liens utilisateurs (O4)
    O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    O4 - GS\Desktop [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    O4 - GS\Desktop [Public]: HP Games.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
    O4 - GS\Desktop [Public]: HP Quick Start.lnk . (.Hewlett-Packard - HP Quick Start.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
    O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
    O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    O4 - GS\QuickLaunch [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    O4 - GS\QuickLaunch [Cyrille]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
    O4 - GS\QuickLaunch [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
    O4 - GS\TaskBar [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    O4 - GS\TaskBar [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.google.com/?gws_rd=ssl =>Hijacker.Browsers
    O4 - GS\Program [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
    O4 - GS\Desktop [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
    ~ Global Startup: 51 Legitimates Filtered in 00mn 00s

    ---\\ Applications lancées au démarrage du sytème (O4)
    O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office XP component.) -- C:\Program Files (x86)\Microsoft Office\Office10\OSA.exe =>.Microsoft Corporation
    O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
    O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
    O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
    O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
    O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
    O4 - HKLM\..\Wow6432Node\Run: [fst_fr_78] Clé orpheline =>PUA.FSTfr9
    O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    O4 - HKLM\..\Wow6432Node\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (.not file.) =>PUP.BrowserSafeguard
    O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
    O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
    O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
    ~ IE Extra Buttons: Scanned in 00mn 00s

    ---\\ Modification Domaine/Adresses DNS (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS1\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS1\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
    ~ Domain: Scanned in 00mn 00s

    ---\\ Protocole additionnel (O18)
    O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
    O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    ---\\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [{725D67D8-CCFA-4DB9-86C9-DEB07C659333}] (...) -- C:\Program Files (x86)\Desk 365\eUninstall.exe (.not file.) [0] =>Hijacker.22Find
    [MD5.00000000000000000000000000000000] [APT] [{EDBF8529-BDB9-4C04-A4B1-96048C7B9374}] (...) -- C:\Program Files (x86)\click-n-mark-5\Uninstall.exe (.not file.) [0]
    ~ Scheduled Task: 24 Legitimates Filtered in 00mn 07s

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: Bizzybolt - (.Bizzybolt.) [HKLM][64Bits] -- Bizzybolt =>PUP.Bizzybolt
    O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore
    O42 - Logiciel: BringStar - (.BringStar.) [HKLM][64Bits] -- BringStar
    O42 - Logiciel: OEM Application Profile - (.Nom de votre société.) [HKLM][64Bits] -- {C89A97B6-F991-EBB5-77B7-927BCF420EBE}
    O42 - Logiciel: PMU Poker - (.PMU.) [HKLM][64Bits] -- PMUPoker
    ~ Logic: 45 Legitimates Filtered in 00mn 00s

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\PMU]
    [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
    [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
    [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
    ~ Key Software: 257 Legitimates Filtered in 00mn 00s

    ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 - CFD: 16/02/2014 - 00:27:54 - [0] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
    O43 - CFD: 13/02/2014 - 19:03:40 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
    O43 - CFD: 16/02/2014 - 00:49:24 - [0,003] ----D C:\Users\Cyrille\AppData\Roaming\PMU
    O43 - CFD: 08/02/2014 - 18:43:48 - [0] ----D C:\Users\Cyrille\AppData\Roaming\wam
    O43 - CFD: 08/02/2014 - 18:43:49 - [0,628] ----D C:\Users\Cyrille\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
    O43 - CFD: 08/02/2014 - 18:50:11 - [0,002] ----D C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop
    ~ Program Folder: 127 Legitimates Filtered in 00mn 28s

    ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 - LFC:[MD5.17DC3AD4488BD77E7DB50E5BB23D8CD4] - 08/02/2014 - 18:31:05 ---A- . (...) -- C:\Windows\System32\RaCoInst.log [2662]
    O44 - LFC:[MD5.A828B9E8BBD15782F87F870ADC3B36C5] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\DPINST.LOG [13678]
    O44 - LFC:[MD5.E7BB47C90A87171B229275636599A404] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\Synaptics.log [1332]
    O44 - LFC:[MD5.0C81219B850B76C608F845EE8DF8F8E4] - 10/02/2014 - 22:48:55 ---A- . (...) -- C:\Windows\System32\Drivers\rtkhdaud.dat [8]
    O44 - LFC:[MD5.EF16C439EF0FEF1580C12A3C105C8E54] - 10/02/2014 - 22:49:15 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [445929]
    O44 - LFC:[MD5.4B916278E1487A5CD5F8F9A521980026] - 12/02/2014 - 00:29:51 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385614]
    O44 - LFC:[MD5.F548B91C5BEE2FB054D4EFF2E48308F6] - 12/02/2014 - 20:17:44 ---A- . (...) -- C:\Windows\IE10_main.log [1998]
    O44 - LFC:[MD5.E50972DF270BE239ABE99A6FEC24EB88] - 15/02/2014 - 12:13:45 ---A- . (...) -- C:\Windows\win.ini [188]
    O44 - LFC:[MD5.B06A2FFC4503DFF01BAD161F37FFE0F9] - 15/02/2014 - 12:13:53 ---A- . (...) -- C:\Windows\ODBC.INI [382]
    O44 - LFC:[MD5.59BC44F885368AF507A359C4054289A9] - 15/02/2014 - 21:00:06 ---A- . (...) -- C:\Windows\DtcInstall.log [5499]
    O44 - LFC:[MD5.97E1CD22CCEAA8F8EEDD93B277E11C34] - 15/02/2014 - 21:00:09 ---A- . (...) -- C:\Windows\iis.log [12507]
    O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:13 ---A- . (...) -- C:\Windows\diagerr.xml [22863]
    O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:15 ---A- . (...) -- C:\Windows\diagwrn.xml [22863]
    O44 - LFC:[MD5.704E305631A922F923C6261AC535DF9B] - 15/02/2014 - 22:02:27 ---A- . (...) -- C:\Windows\comsetup.log [6574]
    O44 - LFC:[MD5.87E5AAE1AA9431EF1DDEDC46D2145BDB] - 15/02/2014 - 23:23:14 ---A- . (...) -- C:\Windows\0 [32]
    ~ Files: 288 Legitimates Filtered in 00mn 08s

    ---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 - LFCP:[MD5.39EE9CFE54A00BA7D511ABE8C6C55DE8] - 09/02/2014 - 16:12:07 ---A- - C:\Windows\Prefetch\GROOVESTREAM.EXE-9A5570A8.pf
    O45 - LFCP:[MD5.D7880E4305A30BC0CBDDD8C853503A7A] - 09/02/2014 - 17:12:06 ---A- - C:\Windows\Prefetch\HPNETWORKCHECK.EXE-1B1BFCC5.pf
    O45 - LFCP:[MD5.D3D2A93AC881E46C01AD2CEBCAC55F29] - 10/02/2014 - 19:07:49 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-ACD94D17.pf =>Adware.Lollipop
    O45 - LFCP:[MD5.29B6EB28C0CC0A2898583299012520FF] - 10/02/2014 - 19:39:38 ---A- - C:\Windows\Prefetch\MOUNTVOL.EXE-84487FEE.pf
    O45 - LFCP:[MD5.4640A51D59ED7401C4043CB261312EF8] - 11/02/2014 - 23:52:54 ---A- - C:\Windows\Prefetch\WLRMDR.EXE-8CD26CA2.pf
    O45 - LFCP:[MD5.80AB3E312122B7045F93AF3AB72F62F9] - 12/02/2014 - 13:26:09 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-F9CF7E6E.pf
    O45 - LFCP:[MD5.05456697E1E97978F4F1371E8714D0F7] - 12/02/2014 - 13:49:11 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
    O45 - LFCP:[MD5.43CB099DE9ECC8B739669C8784DC3B65] - 12/02/2014 - 20:17:44 ---A- - C:\Windows\Prefetch\INTERNET-EXPLORER-10_INTERNET-4D180290.pf
    O45 - LFCP:[MD5.ADB994BAEBB196F333D08FAAF0CAD741] - 13/02/2014 - 18:41:11 ---A- - C:\Windows\Prefetch\SETUP (1).EXE-0EB61499.pf
    O45 - LFCP:[MD5.7DD855852DA8FD7114899580FD79F342] - 13/02/2014 - 18:44:50 ---A- - C:\Windows\Prefetch\ENHANCETRONICSETUP_20131220.E-6DE78913.pf
    O45 - LFCP:[MD5.EF40C6C8CD52C893C478C41F78EB0986] - 13/02/2014 - 19:43:56 ---A- - C:\Windows\Prefetch\INSTUP.EXE-A4CED936.pf
    O45 - LFCP:[MD5.21F0E975D50C66F244EB85440C975BE7] - 15/02/2014 - 11:34:49 ---A- - C:\Windows\Prefetch\UPFST_FR_78.EXE-8E04742E.pf =>PUA.FSTfr9
    O45 - LFCP:[MD5.62D28861F01AF256E14AED0C562BA3E8] - 15/02/2014 - 11:41:56 ---A- - C:\Windows\Prefetch\PREDM.TMP-8C2D42D4.pf
    O45 - LFCP:[MD5.DAC12829421BE2858F4B056FF010AD43] - 15/02/2014 - 13:00:30 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-CEA0AABB.pf
    O45 - LFCP:[MD5.F5002AFF71679992FBC1956F7F511039] - 15/02/2014 - 13:00:42 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-55154128.pf
    O45 - LFCP:[MD5.AA9176ACB9EA8A2F21546D9B26B7C4B3] - 15/02/2014 - 14:03:47 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-31CA2EBF.pf
    O45 - LFCP:[MD5.4F37154B9BA7F04B3F4AB2C0557DDDA8] - 15/02/2014 - 14:17:49 ---A- - C:\Windows\Prefetch\dynreservedpri.db
    O45 - LFCP:[MD5.526614A1EF1197DAF75045A214D1448A] - 15/02/2014 - 14:41:24 ---A- - C:\Windows\Prefetch\SP60497.EXE-B10C74AB.pf
    O45 - LFCP:[MD5.06A7D803EF48B87C37414FAC0DE7F336] - 15/02/2014 - 14:44:32 ---A- - C:\Windows\Prefetch\WINDOWS8-UPGRADEASSISTANT.EXE-1610A0E4.pf
    O45 - LFCP:[MD5.3732F9416D508F82519158752A76320C] - 15/02/2014 - 14:44:36 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-3BD0A795.pf
    O45 - LFCP:[MD5.EE4BC758D18977641F68058BEAF330DD] - 15/02/2014 - 14:51:23 ---A- - C:\Windows\Prefetch\SP61291 (2).EXE-584218AF.pf
    O45 - LFCP:[MD5.E3BEDB11F83E8DAD36CFAF1C06236962] - 15/02/2014 - 15:07:02 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-022A1004.pf
    O45 - LFCP:[MD5.98D8AAA5672DE2D242430889F03F135A] - 15/02/2014 - 15:13:10 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT (1).E-AFC38493.pf
    O45 - LFCP:[MD5.5A322FD59A45DD83CDCCCECE453F5756] - 15/02/2014 - 15:13:15 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-C61D8530.pf
    O45 - LFCP:[MD5.B6D04697D2428555B92BACB6CA19F671] - 15/02/2014 - 15:13:46 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-423C1BD1.pf
    O45 - LFCP:[MD5.ADDC59F5F6A22464ED0AD43795F500B7] - 15/02/2014 - 15:13:49 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-2D064BE2.pf
    O45 - LFCP:[MD5.70F3002EA4CF6FB7C0D872A06F043135] - 15/02/2014 - 15:19:19 ---A- - C:\Windows\Prefetch\UNINSTALL.BROWSERSAFEGUARD.EX-2C228AF7.pf =>PUP.BrowserSafeguard
    O45 - LFCP:[MD5.CC8CC2D845588D1ED3D1DBA65B3668EA] - 15/02/2014 - 23:52:40 ---A- - C:\Windows\Prefetch\WINAMAX POKER.EXE-C751BD0F.pf
    O45 - LFCP:[MD5.3953641177439C25DED0D9DE4DB0B0DD] - 16/02/2014 - 00:48:46 ---A- - C:\Windows\Prefetch\SETF530.TMP-F86418B4.pf
    O45 - LFCP:[MD5.F1889784179C4B29057D7E30CFEB2EAA] - 16/02/2014 - 00:48:56 ---A- - C:\Windows\Prefetch\SMARTINSTALLER.EXE-E3FA3FF7.pf
    O45 - LFCP:[MD5.C9EE4AF51EE127B4A4458813A9D68C90] - 16/02/2014 - 01:34:52 ---A- - C:\Windows\Prefetch\PMU.EXE-2FA80D2C.pf
    O45 - LFCP:[MD5.ABE57ADFA1FB0AB473F391302B3133D1] - 16/02/2014 - 01:51:49 ---A- - C:\Windows\Prefetch\PROFLWIZ.EXE-74F77E33.pf
    O45 - LFCP:[MD5.B6B0D27D3120F568928816C0412C296E] - 16/02/2014 - 02:01:58 ---A- - C:\Windows\Prefetch\MSTORE.EXE-F16BBCEC.pf
    O45 - LFCP:[MD5.59AF060AE951686BF9A86B8ECFCC96DA] - 16/02/2014 - 11:25:10 ---A- - C:\Windows\Prefetch\ADR.EXE-94AD225A.pf
    O45 - LFCP:[MD5.6F03F1FB53560FCC844C6638142F26A2] - 16/02/2014 - 15:26:20 ---A- - C:\Windows\Prefetch\ICREINSTALL_7Z922.EXE-E32D93BA.pf
    O45 - LFCP:[MD5.7B2ABC058215B0B707446933228A3EEB] - 16/02/2014 - 15:40:55 ---A- - C:\Windows\Prefetch\7Z922.EXE-9A06AAF8.pf
    O45 - LFCP:[MD5.D99D97662C363D6AD8C453F62CEB3375] - 16/02/2014 - 18:02:00 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-53416568.pf
    O45 - LFCP:[MD5.DE33B5ECAD17B5EDCBDC50FAB32C332C] - 16/02/2014 - 18:04:00 ---A- - C:\Windows\Prefetch\SMRTADPTR.EXE-9A49AE8F.pf
    O45 - LFCP:[MD5.42422FD2ADA1AC69FD2D1E1DE2AD9F25] - 16/02/2014 - 19:25:44 ---A- - C:\Windows\Prefetch\OLRSTATECHECK.EXE-89EE9D3C.pf
    O45 - LFCP:[MD5.2D97FAD4D0A361716004A300938483BE] - 16/02/2014 - 19:25:50 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf
    O45 - LFCP:[MD5.73665ACCDE909778E296166DBA0CCBD0] - 16/02/2014 - 19:27:49 ---A- - C:\Windows\Prefetch\MMAMAIN.EXE-09634970.pf
    O45 - LFCP:[MD5.EA3E93222D57123029897EC173269E57] - 16/02/2014 - 19:39:36 ---A- - C:\Windows\Prefetch\RUGBYRAMA (NO).EXE-4F3CF53E.pf
    ~ Prefetcher: 226 Legitimates Filtered in 00mn 02s

    ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
    ~ MWPS: 17 Legitimates Filtered in 00mn 00s

    ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    ---\\ Liste des pilotes du système (SDL) (O58)
    O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
    O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
    O58 - SDL:[MD5.8DECF397B091FF0AF81CC48C601C6B94] - 04/12/2013 - 20:46:36 ---A- . (.Highlightly - Highlightly Driver x64.) -- C:\Windows\System32\Drivers\hlnfd.sys [58256]
    O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
    ~ Drivers: 17 Legitimates Filtered in 00mn 03s

    ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\First Run [0]
    O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_element.js.content [2385]
    O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_languages.json.content [2033]
    O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar DNS data\data [89]
    O61 - LFC: 13/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\HOSTS.txt [118694] =>.Nicolas Coolman
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\GROUP_ICON\1000 [146]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\1.ico [1662]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\10.ico [1150]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\2.ico [766]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\3.ico [318]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\4.ico [3774]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\5.ico [2238]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\6.ico [1406]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\7 [47646]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\8.ico [9662]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\9.ico [4286]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\VERSION\1 [848]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1001 [3226]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1002 [3183]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1003 [3175]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1004 [3179]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1005 [3193]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1006 [3199]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1007 [3174]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1008 [3199]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1009 [3191]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1010 [3188]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1011 [3230]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1012 [3233]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1021 [2944]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1022 [2938]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1023 [2956]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1024 [2943]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1025 [2943]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1026 [2916]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1027 [2930]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1028 [2926]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1029 [2941]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1030 [2934]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1031 [2945]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1032 [2911]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1033\MANIFEST\1 [1100]
    O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Links\SkyDrive.lnk [651]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Google\Local Search History\google%2Eweb.w [0]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Forms\RefEdit.exd [15428]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Modèles\Normal.dot [30720]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk [0]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Épreuve\PERSO.DIC [5]
    O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1.html [29030]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReports.css [1938]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReportsLoc.css [4571]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8.html [27446]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReports.css [1938]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReportsLoc.css [4571]
    O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Bluetooth\Share\Bluetooth_Default.vcf [50]
    O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [272730]
    O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
    O61 - LFC: 16/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Local State [59844]
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC [148512]
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc [197688]
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\Log.txt [99139] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\TestsZHPDiag.txt [2820] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPDiag.txt [33599] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R1].txt [625] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R2].txt [826] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R3].txt [907] =>.Nicolas Coolman
    O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\7z922.exe [1138397]
    O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup (1).exe [786304]
    O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup.exe [786304]
    O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\adwcleaner.exe [1166132]
    O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\powarc61.exe [2137581]
    ~ 93 Fichiers temporaires (Temporary files)
    ~ Files: 1288 Legitimates Filtered in 00mn 17s

    ---\\ Liste des outils de désinfection (LATC) (O63)
    O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    ---\\ Associations Shell Spawning (O67)
    O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    ---\\ Menu de démarrage Internet (SMI) (O68)
    O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    ~ Keys: Scanned in 00mn 00s

    ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
    O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
    O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
    ~ Keys: Scanned in 00mn 00s

    ---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 - FAEL: "{C1B64D8E-BB88-4BE3-B26D-54F3AA606E7E}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    O87 - FAEL: "{A59E292A-3546-4D84-AD99-44E0B9E485D5}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    ~ Firewall: 242 Legitimates Filtered in 00mn 00s

    ---\\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\Windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore
    ~ Update Products: 102 Legitimates Filtered in 00mn 00s

    ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS - | Demand 12/03/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    SS - | Auto 13/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    SS - | Demand 13/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    SS - | Demand 13/02/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    SS - | Demand 10/12/2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    SS - | Demand 20/06/2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

    SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    SR - | Auto 26/02/2013 241152 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
    SR - | Auto 13/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    SR - | Auto 01/11/2013 1706744 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
    SR - | Demand 01/11/2013 145656 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
    SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
    SR - | Demand 19/08/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    SR - | Auto 24/09/2012 31040 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
    SR - | Auto 08/10/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    SR - | Auto 10/04/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    SR - | Auto 10/12/2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    SR - | Auto 14/01/2013 131032 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    SR - | Auto 14/01/2013 165336 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    SR - | Auto 14/01/2013 279000 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    SR - | Auto 20/02/2013 239176 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    SR - | Auto 14/01/2013 366040 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
    SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

    ~ Services: Scanned in 00mn 08s

    ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Cyrille at 16/02/2014 19:54:48
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog
    Run by Cyrille at 16/02/2014 19:54:50

    ********* Dump file Name *********
    C:\PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    ---\\ Scan Additionnel (O88)
    Database Version : 13031 - (14/02/2014)
    Clés trouvées (Keys found) : 9
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 3
    Fichiers trouvés (Files found) : 5

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt] =>PUP.Bizzybolt^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
    [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
    [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_78 =>PUA.FSTfr9^
    C:\Program Files (x86)\SupTab =>PUP.SupTab^
    C:\ProgramData\WPM =>PUP.WpManager^
    C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^
    [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
    [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
    [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
    C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
    C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
    ~ Additionnel Scan: 255989 Items scanned in 00mn 11s

    ---\\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
    ~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
    ~ http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser =>Hijacker.Browsers
    ~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9
    ~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
    ~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
    ~ http://nicolascoolman.webs.com/apps/blog/show/38533684-pup-bizzybolt =>PUP.Bizzybolt
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
    ~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
    ~ http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
    ~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
    ~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
    ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
    ~ MSI: 14 link(s) detected in 00mn 11s

    ~ 2707 Legitimates filtered by white list
    End of the scan (600 lines in 02mn 23s)(0)
    0
  8. ArnaudLy6 Messages postés 4695 Statut Membre 189
     
    Voici les étapes à suivre :

    - Vide complètement ta corbeille
    - En suite lance cette fois-ci ZhpFix (clique droit et "Exécuter en tant qu'Administrateur"
    - Clique sur "Importer'
    - Et colle ça :

    Script ZHPFix
    R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
    R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
    O4 - GS\QuickLaunch [Cyrille]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
    O4 - GS\TaskBar [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.google.com/?gws_rd=ssl =>Hijacker.Browsers
    O4 - GS\Program [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
    O4 - HKLM\..\Wow6432Node\Run: [fst_fr_78] Clé orpheline =>PUA.FSTfr9
    O4 - HKLM\..\Wow6432Node\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (.not file.) =>PUP.BrowserSafeguard
    [MD5.00000000000000000000000000000000] [APT] [{725D67D8-CCFA-4DB9-86C9-DEB07C659333}] (...) -- C:\Program Files (x86)\Desk 365\eUninstall.exe (.not file.) [0] =>Hijacker.22Find
    O42 - Logiciel: Bizzybolt - (.Bizzybolt.) [HKLM][64Bits] -- Bizzybolt =>PUP.Bizzybolt
    O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore
    [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
    [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
    [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
    O43 - CFD: 16/02/2014 - 00:27:54 - [0] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
    O43 - CFD: 13/02/2014 - 19:03:40 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
    O43 - CFD: 08/02/2014 - 18:50:11 - [0,002] ----D C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop
    O45 - LFCP:[MD5.D3D2A93AC881E46C01AD2CEBCAC55F29] - 10/02/2014 - 19:07:49 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-ACD94D17.pf =>Adware.Lollipop
    O45 - LFCP:[MD5.21F0E975D50C66F244EB85440C975BE7] - 15/02/2014 - 11:34:49 ---A- - C:\Windows\Prefetch\UPFST_FR_78.EXE-8E04742E.pf =>PUA.FSTfr9
    O45 - LFCP:[MD5.70F3002EA4CF6FB7C0D872A06F043135] - 15/02/2014 - 15:19:19 ---A- - C:\Windows\Prefetch\UNINSTALL.BROWSERSAFEGUARD.EX-2C228AF7.pf =>PUP.BrowserSafeguard
    O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\Windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt] =>PUP.Bizzybolt^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
    [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
    [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_78 =>PUA.FSTfr9^
    C:\Program Files (x86)\SupTab =>PUP.SupTab^
    C:\ProgramData\WPM =>PUP.WpManager^
    C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^
    [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
    [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
    [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
    C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
    C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
    EmptyTemp
    SysRestore


    - Clique sur Go en bas à gauche
    - Confirme le nettoyage
    - Et accepte le "vidage de corbeille"
    - Colle le rapport de nettoyage obtenu

    ATTENTION : ce script ne doit pas être utilisé par un autre ordinateur
    0
  9. ASBH95 Messages postés 63 Statut Membre
     
    voici le nouveau rapport

    Rapport de ZHPFix 2014.2.12.2 par Nicolas Coolman, Update du 12/02/2014
    Fichier d'export Registre :
    Run by Cyrille at 16/02/2014 22:16:40
    High Elevated Privileges : OK
    Windows 8 Home Premium Edition, 64-bit (Build 9200)

    Corbeille vidée (00mn 30s)

    ========== Logiciels ==========
    SUPPRIMÉ: Boxore Client

    ========== Clés du Registre ==========
    SUPPRIMÉ: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}]
    SUPPRIMÉ: HKLM\Software\Wow6432Node\Wpm
    SUPPRIMÉ: HKLM\Software\Wow6432Node\supTab
    SUPPRIMÉ: HKLM\Software\Wow6432Node\supWPM
    SUPPRIMÉ: [HKLM\Software\Classes\Installer\Products\\8DFFC309FB5815A4A8D6B4BBAC43A6E6]
    SUPPRIMÉ: [HKLM\Software\Classes\Installer\Features\8DFFC309FB5815A4A8D6B4BBAC43A6E6]
    SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt
    SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160
    SUPPRIMÉ:* HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}
    SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C
    SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584
    SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA
    SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC

    ========== Valeurs du Registre ==========
    SUPPRIMÉ RunValue: fst_fr_78
    SUPPRIMÉ RunValue: BrowserSafeguard

    ========== Eléments de donnée du Registre ==========
    SUPPRIMÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
    SUPPRIMÉ: R1 Search Page =

    ========== Dossiers ==========
    SUPPRIMÉ: C:\Program Files (x86)\SupTab
    SUPPRIMÉ: C:\ProgramData\WPM
    SUPPRIMÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
    SUPPRIMÉS Temporaires Windows (83)

    ========== Fichiers ==========
    SUPPRIMÉ: c:\users\cyrille\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://www.awesomehp.com)
    CRÉÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    SUPPRIMÉ: c:\users\cyrille\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk (http://www.google.com)
    CRÉÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    SUPPRIMÉ: c:\users\cyrille\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://www.awesomehp.com)
    CRÉÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    SUPPRIMÉ: c:\windows\prefetch\lollipop.exe-acd94d17.pf
    SUPPRIMÉ: c:\windows\prefetch\upfst_fr_78.exe-8e04742e.pf
    SUPPRIMÉ: c:\windows\prefetch\uninstall.browsersafeguard.ex-2c228af7.pf
    SUPPRIMÉ: C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log
    SUPPRIMÉ: C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log
    SUPPRIMÉS Temporaires Windows (520) (259 097 997 octets)

    ========== Tache planifiée ==========
    SUPPRIMÉ: {725D67D8-CCFA-4DB9-86C9-DEB07C659333}

    ========== Restauration Système ==========
    Point de restauration du système créé avec succès

    ========== Récapitulatif ==========
    13 : Clés du Registre
    2 : Valeurs du Registre
    2 : Eléments de donnée du Registre
    4 : Dossiers
    12 : Fichiers
    1 : Logiciels
    1 : Tache planifiée
    1 : Restauration Système

    End of clean in 33mn 21s

    ========== Chemin de fichier rapport ==========
    C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/02/2014 13:24:36 [625]
    C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R2].txt - 16/02/2014 13:25:09 [826]
    C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R3].txt - 16/02/2014 13:25:24 [907]
    C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R4].txt - 16/02/2014 22:17:11 [4037]
    0
    1. ArnaudLy6 Messages postés 4695 Statut Membre 189
       
      Comment va ton pc ?
      0
  10. ASBH95 Messages postés 63 Statut Membre
     
    très bien, je ne te remercierai jamais assez, tu m' as rendu un très grand service.
    0
    1. ArnaudLy6 Messages postés 4695 Statut Membre 189
       
      Je t'en prie !
      Je te propose de finaliser le nettoyage demain avec la supression des logiciels utilisés ;)
      0
  11. ASBH95 Messages postés 63 Statut Membre
     
    ok et bonne soirée à toi
    0
    1. ArnaudLy6 Messages postés 4695 Statut Membre 189
       
      Merci, bonne soirée à toi aussi ;)
      0