Search conduit

De rien. :)

merci jag !!

je rajoute que je suis à la Réunion , donc 3heure de plus qu'en France !
donc a minuit chez vous il est 3h00 du matin chez moi !

Bonjour buckhulk

Merci pour m'avoir répondu je l'apprécie beaucoup. Vu qu'on a un méchant décalage horaire je vas publié mes résultats ici comme tu me le demande. Merci beaucoup et je te donne 100% pour ton beau travaille que tu fais . :D Alors, je m'en vais les mettre ici et ca sera à toi de me dire si tout est beau.

Oui Buckhulk heureusement j'en ai un et ca fait très longtemps que je suis avec vous autres et je suis toujours très satisfaite . C'est pour ça que je reste avec vous .. Merci

VOici le rapport de ZHPDIAG ~ Rapport de ZHPDiag v2014.2.17.15 - Nicolas Coolman (2014-02-17)
~ Lancé par Nicole (2014-02-22 20:28:38)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 27.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Basic, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : CH4CG
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Internet Security v12.1.353

---\\ Logiciels d'optimisation du système
CCleaner v2.33 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3030 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 167 GB (71%) free of 233 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-NICOLE
~ User Name: Nicole
~ All Users Names: Nicole, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Nicole\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Nicole\AppData\Roaming\
~ %Desktop% : C:\Users\Nicole\Contacts\Desktop\
~ %Favorites% : C:\Users\Nicole\Favorites\
~ %LocalAppData% : C:\Users\Nicole\AppData\Local\
~ %StartMenu% : C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 167 Go of 233 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.2009-04-11 - 01:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2008-01-19 - 02:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.679EAED8E703235BA81AA2E58F4E2D16] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2014-02-05 - 03:50:39.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2009-04-11 - 01:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-04-21 - 08:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-04-11 - 01:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2008-01-19 - 00:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2009-04-10 - 23:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2011-04-14 - 09:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2009-04-10 - 23:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.2008-01-19 - 00:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.2008-01-19 - 00:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-29 - 08:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.2009-04-10 - 23:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-03-03 - 14:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.2006-11-02 - 03:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2008-01-19 - 00:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2006-11-02 - 04:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.2009-04-10 - 23:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.2009-04-10 - 23:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2012-08-21 - 06:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 2/12
~ Mon Bureau (My Desktop) : 1/1525
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2216]
[MD5.AB6588D52CEB11410DAE9D497FD7D4AE] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [268312] [PID.1648]
[MD5.52A489AA08C0DD918A4923FDF96005CF] - (.Alcatel-Lucent - mcci+McciTrayApp.) -- C:\Program Files\BellCanada\McciTrayApp.exe [1565696] [PID.1300]
[MD5.12A6C0B31587A579D67FDA710EAA05A3] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128560] [PID.4004]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2764]
[MD5.AD2321023D940C7A90405EC7BBD2497C] - (.McAfee, Inc. - McAfee.) -- C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [257864] [PID.3892]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4648]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.2452]
[MD5.0642800E69522E29B93EF4C6BE00D13E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe [1863560] [PID.2428]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8338432] [PID.4608]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1120]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1252]
[MD5.C98ACDE22458C8F46FD0503CB9E2D01F] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe [223112] [PID.644]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1980]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.468]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.596]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2000]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2060]
[MD5.02999F3116F6D1699784A73384C94D00] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880] [PID.2072]
[MD5.F8B823414A22DBF3BEC10DCAA5F93CD8] - (.Alcatel-Lucent - mcci+McciCMService.) -- C:\Program Files\Common Files\Motive\McciCMService.exe [319488] [PID.2088]
[MD5.D7174549A3B550501C96B49DDF9EDF88] - (.McAfee, Inc. - McAfee Process Validation Service.) -- C:\Windows\system32\mfevtps.exe [172416] [PID.2112]
[MD5.25E40292DD289F644660F440F38239BE] - (.RealNetworks, Inc. - Online Games Manager.) -- C:\Program Files\Online Games Manager\ogmservice.exe [559552] [PID.2132]
[MD5.AB2B1DE1C8F31EFCE2384B14B3DC4260] - (.Sonic Solutions - RoxSniffer9 Module.) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744] [PID.2236]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2696]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.2704]
[MD5.2B29FD3AF7B4FEB272CD1F6EEC8FE4BA] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [4915040] [PID.2740]
[MD5.F83F25652D6B91F15630541429A216B4] - (.McAfee, Inc. - McAfee On-Access Scanner service.) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [638976] [PID.2932]
[MD5.9721E7EDB7F47CD9F8D02C9369052630] - (.McAfee, Inc. - McAfee Core Firewall Service.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [169320] [PID.3004]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.3112]
[MD5.C966B6448B935E7E025E00561BC47743] - (.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728] [PID.3156]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3564]
[MD5.EBCDE8B48FADC6479D96A56D0A432160] - (.Sonic Solutions - RoxMediaDB9 Module.) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640] [PID.3856]
[MD5.BA0057269377E102240E479CDAA357C8] - (.McAfee, Inc. - McAfee Access Protection.) -- C:\Program Files\McAfee\MSC\McAPexe.exe [140456] [PID.3612]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\0cgyecu7.default-1376967733277\prefs.js
P2 - FPN: [HKLM] [@ei.MyScrapNook_12.com/Plugin] - (.My Scrap Nook - My Scrap Nook Installer Plugin Stub for 32-bit Windows.) -- C:\Program Files\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl.dll
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (...) -- C:\Users\Nicole\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (.not file.)
~ Firefox Browser: 31 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 04s
~ Nombre de lignes (Lines number): 15322



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{9CD2401A-3A23-4D04-876E-8712D1709053} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{09A07B02-F491-4B6B-BFC9-684A624F4F3B} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{3BBD3C14-4C16-4989-8366-95BC9179779D} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Nicole]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Nicole]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Nicole]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Nicole]: Lecteur Drag-to-Disc (D).lnk . (...) -- D:\
O4 - GS\SendTo [Nicole]: Web_Publishing_Wizard.lnk . (.Microsoft Corporation - Web Publishing Wizard executable.) -- C:\Program Files\Web Publish\WPWIZ.exe
~ Global Startup: 45 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Nicole]: PricePeepUpdater.lnk . (...) -- C:\Program Files\PricePeep\PricePeepUpdater.exe (.not file.) =>Adware.PricePeep
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] . (.Alcatel-Lucent - mcci+McciTrayApp.) -- C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [PDVDDXSrv] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [APISupport] C:\Users\Nicole\AppData\Local\Conduit\APISupport\APISupport.dll (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-1493856394-2238221601-1284351832-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1493856394-2238221601-1284351832-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1493856394-2238221601-1284351832-1000\..\Run: [APISupport] C:\Users\Nicole\AppData\Local\Conduit\APISupport\APISupport.dll (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} ((no name)) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpDomain = gateway.2wire.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpDomain = gateway.2wire.net
O17 - HKLM\System\CS3\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpDomain = gateway.2wire.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Dock Login Service (DockLoginService) . (...) - C:\Program Files\Dell\DellDock\DockLogin.exe (.not file.)
O23 - Service: TeamViewer 9 (TeamViewer9) . (.TeamViewer GmbH - TeamViewer 9.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
~ Services: 20 Legitimates Filtered in 00mn 17s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Nicole\Downloads\Nouveau dossier\299456_131055643661341_1001752128_n.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Nicole\Downloads\Nouveau dossier\299456_131055643661341_1001752128_n.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\At1.job [414]
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\Users\Nicole\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Hijacker.DSite
[MD5.00000000000000000000000000000000] [APT] [IHUninstallTrackingTASK] (...) -- C:\Users\Nicole\AppData\Local\Temp\IHUFA83.tmp.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1241CA0D-B1FE-4F98-A35F-9F398E05D083}] (...) -- D:\AutoRun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{12A05279-336B-4E22-9B74-365585F31B38}] (...) -- C:\Users\Nicole\Desktop\RACCOURCI\wmp11-windowsxp-x86-FR-FR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{301CA1BA-5A88-4848-BC80-F507DE75CE5E}] (...) -- C:\Users\Nicole\Downloads\wmp11-windowsxp-x86-FR-FR (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3B423339-85EA-4338-A6A1-9573D9547C7F}] (...) -- C:\Users\Nicole\Pictures\CHATSCHATONS\wmp11-windowsxp-x86-FR-FR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4271ED5C-2249-487B-8435-8F71AE250B77}] (...) -- C:\Users\Nicole\Desktop\RACCOURCI\Snow_for_Windows\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{449EA2DD-0A6B-4787-8002-D99A01591694}] (...) -- C:\Users\Nicole\Downloads\wmp11-windowsxp-x86-FR-FR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{61BB12C8-2223-4ECE-A61A-63ECA2C48378}] (...) -- D:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6D6BDEF1-E2A4-4F07-B866-46440EADA062}] (...) -- C:\Users\Nicole\Desktop\wmp11.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7F0048A4-1166-4B6E-BF71-FBFBC26472AB}] (...) -- C:\Users\Nicole\Pictures\wmp11-windowsxp-x86-FR-FR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B5DE82AB-B31E-41D8-8290-72422AC2AC7D}] (...) -- c:\Users\Nicole\Downloads\wmp11-windowsxp-x86-FR-FR(2).exe (.not file.) [0]
~ Scheduled Task: 27 Legitimates Filtered in 00mn 04s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Web Publishing Wizard 1.52 - {44BBA851-CC51-11CF-AAFA-00AA00B6015C} . (...) -- C:\Windows\INF\wpie4x86.inf
~ Active Setup: 14 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Bell Internet Check-up - (...) [HKLM] -- BellCanada
~ Logic: 19 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Blingee]
[HKCU\Software\IncrediMail]
[HKCU\Software\LFG]
[HKCU\Software\Mixi.DJ]
[HKCU\Software\Rick Jansen]
[HKCU\Software\Roar]
[HKLM\Software\Game_Master_2.1]
[HKLM\Software\IncrediMail]
[HKLM\Software\MyFunCardsbarEI]
[HKLM\Software\MyScrapNook_12EI]
[HKLM\Software\VBMZ] =>PUP.Duuqu
~ Key Software: 276 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2013-01-09 - 20:45:52 - [9,484] ----D C:\Program Files\BellCanada
O43 - CFD: 2010-06-24 - 17:04:30 - [0,067] ----D C:\Program Files\iWonEI
O43 - CFD: 2011-01-30 - 15:04:44 - [0] ----D C:\Program Files\MyFunCardsbarEI
O43 - CFD: 2013-08-14 - 21:49:52 - [0,789] ----D C:\Program Files\MyScrapNook_12EI
O43 - CFD: 2012-11-22 - 12:58:08 - [0,641] ----D C:\Program Files\Snow for Windows
O43 - CFD: 2010-08-02 - 18:58:32 - [0] ----D C:\Program Files\The_Lynx_Internet_Radio_Network
O43 - CFD: 2013-09-17 - 13:13:30 - [0,004] ----D C:\ProgramData\1E2AA
O43 - CFD: 2013-09-04 - 22:30:40 - [0,004] ----D C:\ProgramData\2811B
O43 - CFD: 2013-09-22 - 22:22:47 - [0,004] ----D C:\ProgramData\2FCB
O43 - CFD: 2011-05-03 - 22:42:24 - [0] ----D C:\ProgramData\IM
O43 - CFD: 2011-05-03 - 22:41:25 - [0,009] ----D C:\ProgramData\IncrediMail
O43 - CFD: 2010-07-22 - 23:11:54 - [0] ----D C:\ProgramData\iWin Games =>Adware.FunWebProducts)
O43 - CFD: 2013-09-14 - 23:40:45 - [0] ----D C:\Users\Nicole\AppData\Roaming\Scale
O43 - CFD: 2013-01-10 - 14:58:18 - [0] ----D C:\Users\Nicole\AppData\Roaming\WindowsMediaPlayerPackages
O43 - CFD: 2010-09-27 - 17:59:45 - [0] ----D C:\Users\Nicole\AppData\Local\BingoCabin
O43 - CFD: 2010-10-02 - 15:28:59 - [0] ----D C:\Users\Nicole\AppData\Local\BingoCafe
O43 - CFD: 2010-08-09 - 13:09:08 - [0] ----D C:\Users\Nicole\AppData\Local\ICS
O43 - CFD: 2011-05-03 - 22:59:12 - [13,025] ----D C:\Users\Nicole\AppData\Local\IM
~ Program Folder: 228 Legitimates Filtered in 00mn 15s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.14D9A057A082E00116A7A4415051D07C] - 2014-02-17 - 14:14:32 ---A- . (...) -- C:\Windows\System32\WFP.TMF [218228]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2014-02-18 - 14:11:35 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2014-02-18 - 14:11:35 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.262968A51DFC3128EF075C1E8C779E68] - 2014-02-21 - 16:04:02 ---A- . (...) -- C:\Windows\wmsetup.log [3556]
~ Files: 52 Legitimates Filtered in 00mn 18s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro35.sys . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro35.sys
~ CSB: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Broadcom Wireless Manager UI [Key] . (...) -- C:\Windows\system32\WLTRAY.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\WeatherEye [Key] . (...) -- C:\Users\Nicole\AppData\Local\MétéoMédia\MétéoÉclair\WeatherEye.exe (.not file.)
~ SMSR Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F8A6018193BE629B8EA4C5D7B2452B70] - 2004-09-16 - 12:26:40 ---A- . (...) -- C:\Windows\System32\Drivers\ADFUUD.SYS [12634]
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 2006-11-02 - 04:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.2306232284AB686AAAA9E82B3A668677] - 2011-07-30 - 12:04:01 ---A- . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro35.sys [21064]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 2006-11-02 - 04:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.A091EB0E9FFA4397948BB7FBA6386BC9] - 2008-11-12 - 08:58:00 ---A- . (.ITE Tech. Inc. - ITE Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\itecir.sys [54784]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 2006-11-02 - 04:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.DF672613FBBCD58C38BB0BC2694BCFB0] - 2009-06-25 - 15:58:10 ---A- . (.REDC - RICOH SD/MMC Driver.) -- C:\Windows\System32\Drivers\rimmptsk.sys [48128]
O58 - SDL:[MD5.9BFB54D3559F2FF7301271D29D383564] - 2009-06-25 - 15:10:48 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimsptsk.sys [44544]
O58 - SDL:[MD5.DCB87DA83CC1010CBC9FC4DC9E395BBC] - 2009-06-25 - 15:25:58 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\System32\Drivers\rixdptsk.sys [38400]
O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 2006-11-02 - 04:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 2006-11-02 - 04:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 2006-11-02 - 04:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.4B8A9C16B6D9258ED99C512AECB8C555] - 2010-04-19 - 19:47:42 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41984]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2006-11-02 - 02:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2006-11-02 - 02:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2006-11-02 - 02:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2006-11-02 - 02:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2006-11-02 - 02:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2006-11-02 - 02:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2006-11-02 - 02:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2006-11-02 - 02:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2006-11-02 - 02:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2006-11-02 - 02:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2006-11-02 - 02:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2006-11-02 - 02:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2006-11-02 - 02:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2006-11-02 - 02:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2006-11-02 - 02:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 20 Legitimates Filtered in 00mn 42s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{F686CB09-F018-4A1B-840F-092D841F235C}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{D9B69D00-D45C-4E12-8555-717631092672}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{01F9CDB7-9E79-43F6-90FF-CC6A0D9AF991}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Nicole\Downloads\SweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{E9AC26AA-A9B2-4A63-B31C-67438EB3ED85}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Nicole\Downloads\SweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{C77B6B7A-2364-4373-B8B0-DB672CB6768E}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Nicole\Downloads\SweetImSetup(2).exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{583687A7-3C18-4076-A754-7B7CEB52FF84}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Nicole\Downloads\SweetImSetup(2).exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{47CE9BB4-EC52-4FEE-AA3E-86A64D3D1A71}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Nicole\Desktop\SweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{E8B4AFB1-9DB5-47AA-9DDA-1B48377198FC}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Nicole\Desktop\SweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{9603FAA9-A282-4B51-9C8D-231ACC778065}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Windows Searchqu Toolbar\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{B72ACAF4-9358-4DAB-8601-C8243F2ED3C3}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Windows Searchqu Toolbar\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{D1AFE0F3-31C7-4CB6-BEC2-906A6677C1D6}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (.not file.)
O87 - FAEL: "{70201A5A-E641-4F3C-AE61-1E44EDE646BC}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (.not file.)
O87 - FAEL: "{E64E1FBA-D13C-4AB9-BB53-A17FEA572621}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{16D17350-1D49-4AF9-8243-F1682237257F}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{0CE7F4B3-9122-4EF6-93CB-FF3E265D603D}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{C9E15A53-EE75-471C-B1B7-24E0BCD5C7F0}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{7FA0C2DB-918F-44E6-A96B-1BBAF58756EA}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{1DFB4D79-3E23-4459-B620-386AF428A098}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{CD298BCA-B104-43DD-ACF2-2E28D5CD25F9}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{00E1537B-501D-4180-B7C0-3047A7FF180B}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{BA4562E4-989B-4DAE-8051-F7F20045026C}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{11A900EC-7A15-414D-8DAA-6A589D10BC4F}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Nicole\AppData\Local\Temp\is1275519350\solutoinstaller.exe (.not file.)
O87 - FAEL: "{A268F7D6-B3B0-4070-9F3A-EDAC7145BF1C}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Nicole\AppData\Local\Temp\is1275519350\solutoinstaller.exe (.not file.)
O87 - FAEL: "{9289031B-787F-4CE8-A27C-B1B99CE3A360}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Soluto\SolutoRemoteDirect.exe (.not file.)
O87 - FAEL: "{3F478724-F3C2-4433-A536-64CBE67DC54E}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Soluto\Soluto.exe (.not file.)
O87 - FAEL: "{154F559D-6C00-48DA-A4B9-6D79745531AA}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Soluto\SolutoCleanup.exe (.not file.)
O87 - FAEL: "{3E5D2741-8E14-4230-B5C7-F8CE62941F39}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Soluto\SolutoConsole.exe (.not file.)
O87 - FAEL: "{789C2BDC-40F0-4B15-982F-885EF1DA84C0}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Soluto\SolutoUpdateService.exe (.not file.)
O87 - FAEL: "{EA7771FD-41AE-4744-863E-F6A608486615}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Soluto\SolutoService.exe (.not file.)
O87 - FAEL: "{6D977C35-4365-43C4-A328-B7C68E4B553F}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Music Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{427FE1DB-F771-42FF-9F4B-17D582289E7F}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Music Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{6EBD2B80-82BC-4391-841D-014EADCFE5CC}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "{D9C98C44-874E-4E74-AFBC-501E4270D611}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "{337BDF58-3063-42F0-8480-75A89708F1A2}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
~ Firewall: 213 Legitimates Filtered in 00mn 01s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BDD893121F47C98332846CC0F44F5E94] [WIS][2011-04-28] (.Bell - C++ Runtime.) -- C:\Windows\Installer\19c213.msi [497664]
[MD5.90D50E1D68A3BA4D0D550BC4BDCBAF18] [WIS][2010-04-16] (.Broadcom Corporation - Blank Project Template.) -- C:\Windows\Installer\6a2e7.msi [919040]
[MD5.DE7BF038AA1FE62BF3181991C961C126] [WIS][2012-10-18] (.Bell - C++ Runtime.) -- C:\Windows\Installer\b928d.msi [498176]
~ WIS: 73 Legitimates Filtered in 00mn 02s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2014-02-20 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 1658-07-10 0 | (DockLoginService) . (...) - C:\Program Files\Dell\DellDock\DockLogin.exe
SS - | Demand 2010-04-16 16680 | (GoToAssist) . (.Citrix Online, a division of Citrix Systems.) - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
SS - | Auto 2013-04-17 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-04-17 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-04-17 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 2005-04-04 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 2013-08-23 287752 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Demand 2014-02-17 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 2006-09-14 73728 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

SR - | Auto 2013-12-21 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2013-03-05 184728 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-04-04 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 2013-04-04 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 2014-01-22 104880 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
SR - | Auto 2010-01-27 319488 | (McciCMService) . (.Alcatel-Lucent.) - C:\Program Files\Common Files\Motive\McciCMService.exe
SR - | Auto 2013-03-05 184728 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-03-05 184728 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-03-05 184728 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-03-05 184728 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-02-28 638976 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 2013-04-03 169320 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 2013-04-03 172416 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 2013-03-05 184728 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-08-08 559552 | (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files\Online Games Manager\ogmservice.exe
SR - | Demand 2006-11-05 880640 | (RoxMediaDB9) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SR - | Auto 2006-11-05 159744 | (RoxWatch9) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
SR - | Auto 2014-02-17 4915040 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 2008-01-19 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 2008-01-19 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (2014-02-17)
Clés trouvées (Keys found) : 12
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 50

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8D7BCC95-4B3A-4597-B533-7B32EBE22488}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E82CC23E-EEB4-44c5-8170-17CA5F3E8E77}] =>Toolbar.Blingee
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED42606D-2283-4285-A46A-B4113C9AE1C6}] =>Toolbar.Blingee
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}] =>Adware.VidSaver
[HKLM\Software\VBMZ] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\iWonEI] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9CD2940B-8A54-4EEF-A553-49CCCF0E3603}] =>Adware.MyWebSearch
[HKCU\Software\Mixi.DJ] =>Toolbar.MixiDJ
[HKLM\Software\iWinArcade] =>Adware.iWinArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\ProgramData\iWin Games =>Adware.FunWebProducts)^
C:\Program Files\iWonEI =>Adware.MyWebSearch
C:\Users\Nicole\AppData\LocalLow\iWonEI =>Adware.MyWebSearch
C:\Users\Nicole\AppData\Local\Temp\mconduitinstaller.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsbB317.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nscE734.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsd3082.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nse7FA2.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nseFC41.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nshA7A1.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsm179C.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsmAF11.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsmB75D.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsmE5D0.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsmEE73.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsn10D5.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nso788F.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsr1C9C.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsr2303.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsr2889.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsx1D05.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsxF5F2.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsz40F.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsz739F.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\nsz98C.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\SPSetup.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\SPStub.exe =>Toolbar.Conduit
C:\Users\Nicole\AppData\Local\Temp\tbVisu.dll =>Toolbar.Conduit
~ Additionnel Scan: 246567 Items scanned in 00mn 36s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/35170315-hijacker-dsite =>Hijacker.DSite
~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/28441146-pup-imesh =>PUP.iMesh
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 11 link(s) detected in 00mn 36s



~ 2615 Legitimates filtered by white list
End of the scan (600 lines in 02mn 51s)(0)

Oui McAfee est loué par ma compagnie de téléphone de BELL CANADA .

alors pour héberger les rapport tu n'as qu'a suivre ce tuto de ccm :

ICI et très bien expliqué

uniquement pour les rapports qui sont long , pour les autres tu peux les mettre directement en faisant de copié/collé (tu sais faire ?) sinon tu peux aussi les héberger !

n'oublie pas que j'ai besoin de au moins 4 rapports !!

tu peux m'écrire sans problème (en mp) , tu habites ou ?

Salut buckhulk :D

T bein gentil :D J'habite au Canada, Québec et ou je vais pour te parler en mp. Merci

Pour le MP Buckhulk c'est ici.

Bonne journée.

merci jag !

Salut buckhulk :D

Bon jeudi à toi et je te fais ça dans la minute qui suit . Merci beaucoup :D


Nicole
Grande fan de CCM 110% ;)

Voilà enfin :D ~ Rapport de ZHPDiag v2014.2.23.20 - Nicolas Coolman (2014-02-23)
~ Lancé par Nicole (2014-02-27 15:32:00)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 27.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Basic, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : CH4CG
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du système
CCleaner v4.10 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3030 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 193 GB (82%) free of 233 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-NICOLE
~ User Name: Nicole
~ All Users Names: Nicole, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Nicole\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Nicole\AppData\Roaming\
~ %Desktop% : C:\Users\Nicole\Contacts\Desktop\
~ %Favorites% : C:\Users\Nicole\Favorites\
~ %LocalAppData% : C:\Users\Nicole\AppData\Local\
~ %StartMenu% : C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 193 Go of 233 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.2009-04-11 - 01:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2008-01-19 - 02:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.679EAED8E703235BA81AA2E58F4E2D16] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2014-02-05 - 03:50:39.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2009-04-11 - 01:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-04-21 - 08:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-04-11 - 01:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2008-01-19 - 00:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2009-04-10 - 23:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2011-04-14 - 09:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2009-04-10 - 23:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.2008-01-19 - 00:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.2008-01-19 - 00:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-29 - 08:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.2009-04-10 - 23:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-03-03 - 14:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.2006-11-02 - 03:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2008-01-19 - 00:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2006-11-02 - 04:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.2009-04-10 - 23:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.2009-04-10 - 23:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2012-08-21 - 06:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 2/13
~ Mon Bureau (My Desktop) : 1/1528
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.52A489AA08C0DD918A4923FDF96005CF] - (.Alcatel-Lucent - mcci+McciTrayApp.) -- C:\Program Files\BellCanada\McciTrayApp.exe [1565696] [PID.248]
[MD5.12A6C0B31587A579D67FDA710EAA05A3] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128560] [PID.1840]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1700]
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.2076]
[MD5.AB6588D52CEB11410DAE9D497FD7D4AE] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [268312] [PID.2516]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2556]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.352]
[MD5.1FDBBD2F2CF2D11E6247734797DEC3C9] - (.Microsoft Corporation - Microsoft Office Client Virtualization Hand.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.exe [3207912] [PID.1892]
[MD5.F2C82BA7E80C6054D5D20F3FBD4CFD34] - (...) -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe [77664] [PID.5584]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.4400]
[MD5.0642800E69522E29B93EF4C6BE00D13E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe [1863560] [PID.5040]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.5972]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5284]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1228]
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376] [PID.1612]
[MD5.C98ACDE22458C8F46FD0503CB9E2D01F] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe [223112] [PID.1388]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.196]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376] [PID.2092]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2176]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2232]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2296]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2444]
[MD5.02999F3116F6D1699784A73384C94D00] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880] [PID.2488]
[MD5.F8B823414A22DBF3BEC10DCAA5F93CD8] - (.Alcatel-Lucent - mcci+McciCMService.) -- C:\Program Files\Common Files\Motive\McciCMService.exe [319488] [PID.2508]
[MD5.25E40292DD289F644660F440F38239BE] - (.RealNetworks, Inc. - Online Games Manager.) -- C:\Program Files\Online Games Manager\ogmservice.exe [559552] [PID.2536]
[MD5.AB2B1DE1C8F31EFCE2384B14B3DC4260] - (.Sonic Solutions - RoxSniffer9 Module.) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744] [PID.2632]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.2824]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.3992]
[MD5.2B29FD3AF7B4FEB272CD1F6EEC8FE4BA] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [4915040] [PID.2124]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2704]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3264]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.1372]
[MD5.EBCDE8B48FADC6479D96A56D0A432160] - (.Sonic Solutions - RoxMediaDB9 Module.) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640] [PID.3072]
~ Processes Running: Scanned in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\0cgyecu7.default-1376967733277\prefs.js
P2 - FPN: [HKLM] [@ei.MyScrapNook_12.com/Plugin] - (.My Scrap Nook - My Scrap Nook Installer Plugin Stub for 32-bit Windows.) -- C:\Program Files\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (...) -- C:\Users\Nicole\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (.not file.)
~ Firefox Browser: 31 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.myheritage.fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 04s
~ Nombre de lignes (Lines number): 15322



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} Clé orpheline
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{9CD2401A-3A23-4D04-876E-8712D1709053} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{09A07B02-F491-4B6B-BFC9-684A624F4F3B} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{3BBD3C14-4C16-4989-8366-95BC9179779D} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Nicole]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Nicole]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Nicole]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Nicole]: Lecteur Drag-to-Disc (D).lnk . (...) -- D:\
O4 - GS\SendTo [Nicole]: Web_Publishing_Wizard.lnk . (.Microsoft Corporation - Web Publishing Wizard executable.) -- C:\Program Files\Web Publish\WPWIZ.exe
~ Global Startup: 45 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] . (.Alcatel-Lucent - mcci+McciTrayApp.) -- C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [PDVDDXSrv] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-1493856394-2238221601-1284351832-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1493856394-2238221601-1284351832-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1493856394-2238221601-1284351832-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} ((no name)) - https://downloads.dell.com/systemprofiler/SysProExe.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpDomain = gateway.2wire.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpDomain = gateway.2wire.net
O17 - HKLM\System\CS3\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{946D786D-5140-4DF3-92F0-2858AA07D349}: DhcpDomain = gateway.2wire.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\At1.job [414]
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\Users\Nicole\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Hijacker.DSite
[MD5.00000000000000000000000000000000] [APT] [IHUninstallTrackingTASK] (...) -- C:\Users\Nicole\AppData\Local\Temp\IHUFA83.tmp.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1241CA0D-B1FE-4F98-A35F-9F398E05D083}] (...) -- D:\AutoRun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{12A05279-336B-4E22-9B74-365585F31B38}] (...) -- C:\Users\Nicole\Desktop\RACCOURCI\wmp11-windowsxp-x86-FR-FR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{301CA1BA-5A88-4848-BC80-F507DE75CE5E}] (...) -- C:\Users\Nicole\Downloads\wmp11-windowsxp-x86-FR-FR (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3B423339-85EA-4338-A6A1-9573D9547C7F}] (...) -- C:\Users\Nicole\Pictures\CHATSCHATONS\wmp11-windowsxp-x86-FR-FR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4271ED5C-2249-487B-8435-8F71AE250B77}] (...) -- C:\Users\Nicole\Desktop\RACCOURCI\Snow_for_Windows\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{449EA2DD-0A6B-4787-8002-D99A01591694}] (...) -- C:\Users\Nicole\Downloads\wmp11-windowsxp-x86-FR-FR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{61BB12C8-2223-4ECE-A61A-63ECA2C48378}] (...) -- D:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6D6BDEF1-E2A4-4F07-B866-46440EADA062}] (...) -- C:\Users\Nicole\Desktop\wmp11.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7F0048A4-1166-4B6E-BF71-FBFBC26472AB}] (...) -- C:\Users\Nicole\Pictures\wmp11-windowsxp-x86-FR-FR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B5DE82AB-B31E-41D8-8290-72422AC2AC7D}] (...) -- c:\Users\Nicole\Downloads\wmp11-windowsxp-x86-FR-FR(2).exe (.not file.) [0]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 04s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Web Publishing Wizard 1.52 - {44BBA851-CC51-11CF-AAFA-00AA00B6015C} . (...) -- C:\Windows\INF\wpie4x86.inf
~ Active Setup: 14 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Bell Internet Check-up - (...) [HKLM] -- BellCanada
~ Logic: 20 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Blingee]
[HKCU\Software\IncrediMail]
[HKCU\Software\LFG]
[HKCU\Software\Mixi.DJ]
[HKCU\Software\Rick Jansen]
[HKCU\Software\Roar]
[HKLM\Software\Game_Master_2.1]
[HKLM\Software\IncrediMail]
[HKLM\Software\MyFunCardsbarEI]
[HKLM\Software\MyScrapNook_12EI]
[HKLM\Software\VBMZ] =>PUP.Duuqu
~ Key Software: 283 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2013-01-09 - 20:45:52 - [9,484] ----D C:\Program Files\BellCanada
O43 - CFD: 2010-06-24 - 17:04:30 - [0,067] ----D C:\Program Files\iWonEI
O43 - CFD: 2011-01-30 - 15:04:44 - [0] ----D C:\Program Files\MyFunCardsbarEI
O43 - CFD: 2013-08-14 - 21:49:52 - [0,789] ----D C:\Program Files\MyScrapNook_12EI
O43 - CFD: 2012-11-22 - 12:58:08 - [0,641] ----D C:\Program Files\Snow for Windows
O43 - CFD: 2010-08-02 - 18:58:32 - [0] ----D C:\Program Files\The_Lynx_Internet_Radio_Network
O43 - CFD: 2013-09-17 - 13:13:30 - [0,004] ----D C:\ProgramData\1E2AA
O43 - CFD: 2013-09-04 - 22:30:40 - [0,004] ----D C:\ProgramData\2811B
O43 - CFD: 2013-09-22 - 22:22:47 - [0,004] ----D C:\ProgramData\2FCB
O43 - CFD: 2011-05-03 - 22:42:24 - [0] ----D C:\ProgramData\IM
O43 - CFD: 2011-05-03 - 22:41:25 - [0,009] ----D C:\ProgramData\IncrediMail
O43 - CFD: 2010-07-22 - 23:11:54 - [0] ----D C:\ProgramData\iWin Games =>Adware.FunWebProducts)
O43 - CFD: 2013-09-14 - 23:40:45 - [0] ----D C:\Users\Nicole\AppData\Roaming\Scale
O43 - CFD: 2013-01-10 - 14:58:18 - [0] ----D C:\Users\Nicole\AppData\Roaming\WindowsMediaPlayerPackages
O43 - CFD: 2010-09-27 - 17:59:45 - [0] ----D C:\Users\Nicole\AppData\Local\BingoCabin
O43 - CFD: 2010-10-02 - 15:28:59 - [0] ----D C:\Users\Nicole\AppData\Local\BingoCafe
O43 - CFD: 2010-08-09 - 13:09:08 - [0] ----D C:\Users\Nicole\AppData\Local\ICS
O43 - CFD: 2011-05-03 - 22:59:12 - [13,025] ----D C:\Users\Nicole\AppData\Local\IM
~ Program Folder: 232 Legitimates Filtered in 00mn 15s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.14D9A057A082E00116A7A4415051D07C] - 2014-02-17 - 14:14:32 ---A- . (...) -- C:\Windows\System32\WFP.TMF [218228]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2014-02-18 - 14:11:35 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2014-02-18 - 14:11:35 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.8B62056DF918E6DD43506E420306BA38] - 2014-02-23 - 20:23:59 ---A- . (...) -- C:\DelFix.txt [2245]
~ Files: 53 Legitimates Filtered in 01mn 19s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro35.sys . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro35.sys
~ CSB: 14 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Broadcom Wireless Manager UI [Key] . (...) -- C:\Windows\system32\WLTRAY.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\WeatherEye [Key] . (...) -- C:\Users\Nicole\AppData\Local\MétéoMédia\MétéoÉclair\WeatherEye.exe (.not file.)
~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F8A6018193BE629B8EA4C5D7B2452B70] - 2004-09-16 - 12:26:40 ---A- . (...) -- C:\Windows\System32\Drivers\ADFUUD.SYS [12634]
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 2006-11-02 - 04:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.2306232284AB686AAAA9E82B3A668677] - 2011-07-30 - 12:04:01 ---A- . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro35.sys [21064]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 2006-11-02 - 04:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.A091EB0E9FFA4397948BB7FBA6386BC9] - 2008-11-12 - 08:58:00 ---A- . (.ITE Tech. Inc. - ITE Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\itecir.sys [54784]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 2006-11-02 - 04:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.DF672613FBBCD58C38BB0BC2694BCFB0] - 2009-06-25 - 15:58:10 ---A- . (.REDC - RICOH SD/MMC Driver.) -- C:\Windows\System32\Drivers\rimmptsk.sys [48128]
O58 - SDL:[MD5.9BFB54D3559F2FF7301271D29D383564] - 2009-06-25 - 15:10:48 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimsptsk.sys [44544]
O58 - SDL:[MD5.DCB87DA83CC1010CBC9FC4DC9E395BBC] - 2009-06-25 - 15:25:58 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\System32\Drivers\rixdptsk.sys [38400]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 2013-12-13 - 15:03:37 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 2006-11-02 - 04:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 2006-11-02 - 04:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 2006-11-02 - 04:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.4B8A9C16B6D9258ED99C512AECB8C555] - 2010-04-19 - 19:47:42 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41984]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2006-11-02 - 02:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2006-11-02 - 02:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2006-11-02 - 02:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2006-11-02 - 02:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2006-11-02 - 02:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2006-11-02 - 02:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2006-11-02 - 02:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2006-11-02 - 02:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2006-11-02 - 02:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2006-11-02 - 02:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2006-11-02 - 02:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2006-11-02 - 02:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2006-11-02 - 02:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2006-11-02 - 02:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2006-11-02 - 02:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 21 Legitimates Filtered in 00mn 38s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BDD893121F47C98332846CC0F44F5E94] [WIS][2011-04-28] (.Bell - C++ Runtime.) -- C:\Windows\Installer\19c213.msi [497664]
[MD5.90D50E1D68A3BA4D0D550BC4BDCBAF18] [WIS][2010-04-16] (.Broadcom Corporation - Blank Project Template.) -- C:\Windows\Installer\6a2e7.msi [919040]
[MD5.DE7BF038AA1FE62BF3181991C961C126] [WIS][2012-10-18] (.Bell - C++ Runtime.) -- C:\Windows\Installer\b928d.msi [498176]
~ WIS: 74 Legitimates Filtered in 00mn 05s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2014-02-20 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 2013-12-13 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Demand 2010-04-16 16680 | (GoToAssist) . (.Citrix Online, a division of Citrix Systems.) - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
SS - | Auto 2013-04-17 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-04-17 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-04-17 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 2005-04-04 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 2014-02-17 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 2006-09-14 73728 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SS - | Auto 2008-01-19 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 2013-12-21 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 2013-12-13 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 2013-12-13 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2013-04-04 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 2013-04-04 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 2014-01-22 104880 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
SR - | Auto 2010-01-27 319488 | (McciCMService) . (.Alcatel-Lucent.) - C:\Program Files\Common Files\Motive\McciCMService.exe
SR - | Auto 2013-08-08 559552 | (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files\Online Games Manager\ogmservice.exe
SR - | Demand 2006-11-05 880640 | (RoxMediaDB9) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SR - | Auto 2006-11-05 159744 | (RoxWatch9) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
SR - | Auto 2014-02-17 4915040 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 2008-01-19 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 07s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (2014-02-23)
Clés trouvées (Keys found) : 12
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8D7BCC95-4B3A-4597-B533-7B32EBE22488}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E82CC23E-EEB4-44c5-8170-17CA5F3E8E77}] =>Toolbar.Blingee
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED42606D-2283-4285-A46A-B4113C9AE1C6}] =>Toolbar.Blingee
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}] =>Adware.VidSaver
[HKLM\Software\VBMZ] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\iWonEI] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9CD2940B-8A54-4EEF-A553-49CCCF0E3603}] =>Adware.MyWebSearch
[HKCU\Software\Mixi.DJ] =>Toolbar.MixiDJ
[HKLM\Software\iWinArcade] =>Adware.iWinArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\ProgramData\iWin Games =>Adware.FunWebProducts)^
C:\Program Files\iWonEI =>Adware.MyWebSearch
C:\Users\Nicole\AppData\LocalLow\iWonEI =>Adware.MyWebSearch
~ Additionnel Scan: 243155 Items scanned in 00mn 25s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/35170315-hijacker-dsite =>Hijacker.DSite
~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 8 link(s) detected in 00mn 25s



~ 2587 Legitimates filtered by white list
End of the scan (509 lines in 03mn 44s)(0)

tu ne l'as encore pas HÉBERGÉ !!!

je te fais quand même un script