Probleme virus diagnostique ZHP
Fermé
marcopantani
Messages postés
5
Date d'inscription
samedi 22 février 2014
Statut
Membre
Dernière intervention
23 février 2014
-
22 févr. 2014 à 19:07
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 23 févr. 2014 à 11:52
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 23 févr. 2014 à 11:52
A voir également:
- Probleme virus diagnostique ZHP
- Zhp cleaner - Télécharger - Informations & Diagnostic
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Diagnostique pc en ligne - Guide
- Faux message virus ordinateur - Accueil - Arnaque
4 réponses
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
22 févr. 2014 à 19:12
22 févr. 2014 à 19:12
Bonsoir,
Est ce que tu peux poster le rapport ZHPDiag?
Est ce que tu peux poster le rapport ZHPDiag?
marcopantani
Messages postés
5
Date d'inscription
samedi 22 février 2014
Statut
Membre
Dernière intervention
23 février 2014
22 févr. 2014 à 19:39
22 févr. 2014 à 19:39
D'accord, mais mon ordinateur ne demarant plus, j'ai monté mon disque dur en externe sur un autre pc, est il possible de lancer un diagnostique sur systeme qui n'est pas actif mais installé sur un disque branché en externe ?
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
22 févr. 2014 à 19:45
22 févr. 2014 à 19:45
Est ce que tu as essayé de le démarrer en mode sans échec ?
marcopantani
Messages postés
5
Date d'inscription
samedi 22 février 2014
Statut
Membre
Dernière intervention
23 février 2014
22 févr. 2014 à 21:24
22 févr. 2014 à 21:24
oui il plante aprés le chargement des drivers de base (aprés classpnp) qui est le dernier a chargé le croi
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
22 févr. 2014 à 21:35
22 févr. 2014 à 21:35
Tu as windows XP ?
As tu les cd d'installation ?
As tu les cd d'installation ?
marcopantani
Messages postés
5
Date d'inscription
samedi 22 février 2014
Statut
Membre
Dernière intervention
23 février 2014
22 févr. 2014 à 22:03
22 févr. 2014 à 22:03
non c'est windows 7, je n'ai pas les cd, windows était installer à l'achat du pc
marcopantani
Messages postés
5
Date d'inscription
samedi 22 février 2014
Statut
Membre
Dernière intervention
23 février 2014
23 févr. 2014 à 01:12
23 févr. 2014 à 01:12
Voila le rapport quand meme, ce qui m'interesse est ce qui est relatif au disque G et D (celui que j'ai monté en externe sur la machine dont le disque systeme est le disque C)
~ Rapport de ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014)
~ Lancé par ON VA TOUT SAUVER (23/02/2014 01:04:15)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 27.0 (Defaut)
GCIE: Google Chrome v33.0.1750.117
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot - Search & Destroy v1.6.2
---\\ Logiciels d'optimisation du système
CCleaner v2.35 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (7%) free of 44 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-PROPRIETA
~ User Name: ON VA TOUT SAUVER
~ All Users Names: ON VA TOUT SAUVER, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\ON VA TOUT SAUVER\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\ON VA TOUT SAUVER\AppData\Roaming\
~ %Desktop% : C:\Users\ON VA TOUT SAUVER\Desktop\
~ %Favorites% : C:\Users\ON VA TOUT SAUVER\Favorites\
~ %LocalAppData% : C:\Users\ON VA TOUT SAUVER\AppData\Local\
~ %StartMenu% : C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 44 Go)
D: Hard drive, Flash drive, Thumb drive (Free 95 Go of 181 Go)
E: Hard drive, Flash drive, Thumb drive (Free 6 Go of 116 Go)
F: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 43 Go of 328 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.C95CAFE9C53423F24085EA2BC6CD3BB5] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.03/02/2014 - 14:19:01.) -- C:\Windows\System32\wininet.dll [834048]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1510
~ Mes musiques (My Musics) : 1/57
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 2/2444
~ Mon Bureau (My Desktop) : 1/492
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lancés
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.3820]
[MD5.BF37DB1F8358D2B1C11CBCCD61516614] - (.MSI - System Control Manager.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe [561152] [PID.3832]
[MD5.22206C8921E91BF457FC70C1531D143D] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [6281760] [PID.3932]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024] [PID.3988]
[MD5.085BE68B52CE5A5FA4621507AD518CF3] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.4044]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.4092]
[MD5.A6455ADF66EE2FDD53B81AAE74F40C4C] - (.Microsoft Corporation - SQL Server Service Manager.) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [74308] [PID.2104]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5512]
[MD5.E287233EF87AA90FC9D4DD31575DF3DF] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.5020]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8338432] [PID.5108]
[MD5.4BDF29F145793074F9E370EFD10D54F4] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.6088]
[MD5.0642800E69522E29B93EF4C6BE00D13E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe [1863560] [PID.3864]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\ON VA TOUT SAUVER\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 8 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Mozilla\Firefox\Profiles\1ibgnqgf.default\prefs.js
M3 - MFPP: Plugins - [ON VA TOUT SAUVER] -- C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Mozilla\Firefox\Profiles\1ibgnqgf.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [ON VA TOUT SAUVER] -- C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Mozilla\Firefox\Profiles\1ibgnqgf.default\searchplugins\conduit-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [ON VA TOUT SAUVER] -- C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Mozilla\Firefox\Profiles\1ibgnqgf.default\searchplugins\googlefr.xml
M0 - MFSP: prefs.js [ON VA TOUT SAUVER - 1ibgnqgf.default] google
P2 - FPN: [HKLM] [@google.com/npPicasa2,version=2.0.0] - (...) -- C:\Program Files\Picasa2\npPicasa2.dll (.not file.)
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.jeux-gratuits.com/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.jeux-gratuits.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msi.com/redirect/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msi.com/redirect/
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Heredis 13.lnk . (.BSD Concept - Heredis.) -- C:\Program Files\BSD Concept\Heredis 13\Heredis13.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Planète Généalogie.lnk . (...) -- C:\Program Files\BSD Concept\Planète Généalogie\PlaneteGenealogie.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [ON VA TOUT SAUVER]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [ON VA TOUT SAUVER]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [ON VA TOUT SAUVER]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [ON VA TOUT SAUVER]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\Program [ON VA TOUT SAUVER]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [ON VA TOUT SAUVER]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [ON VA TOUT SAUVER]: RegCleaner.lnk . (...) -- C:\Program Files\RegCleaner\RegCleanr.exe
O4 - GS\Desktop [ON VA TOUT SAUVER]: Stellar Phoenix Windows Data Recovery - Home.lnk . (.Stellar Information Systems Ltd. - Windows data Recovery.) -- C:\Program Files\Stellar Phoenix Windows Data Recovery\spwdrhfa.exe
O4 - GS\Desktop [ON VA TOUT SAUVER]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\ON VA TOUT SAUVER\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 61 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Service Manager.lnk . (.Microsoft Corporation - SQL Server Service Manager.) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [MGSysCtrl] . (.MSI - System Control Manager.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3936009603-166741076-562102811-1001\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-3936009603-166741076-562102811-1001\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{72F151B8-DAB0-4BBE-9AF1-5FEEB9ABF05F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{72F151B8-DAB0-4BBE-9AF1-5FEEB9ABF05F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{72F151B8-DAB0-4BBE-9AF1-5FEEB9ABF05F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{72F151B8-DAB0-4BBE-9AF1-5FEEB9ABF05F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (...) - C:\Program Files\Avira\AntiVir Desktop\sched.exe (.not file.)
O23 - Service: Avira AntiVir Guard (AntiVirService) . (...) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (.not file.)
O23 - Service: SCM Driver Daemon (NishService) . (...) - C:\Program Files\System Control Manager\edd.exe
~ Services: 6 Legitimates Filtered in 00mn 08s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Java] (...) -- C:\Program Files\Java\jre6\bin\jusched.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{131FDD76-D367-43C1-AAF0-E52E813C0F2A}] (...) -- C:\Users\ON VA TOUT SAUVER\Downloads\vegas70e_fra.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C991E773-425C-44DD-AA6E-41257E334CFA}] (...) -- C:\Users\ON VA TOUT SAUVER\Downloads\totalpack.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CCC3EDF1-2C42-4E22-B338-5E3840CCAA53}] (...) -- C:\Users\ON VA TOUT SAUVER\Downloads\RegCleaner.exe (.not file.) [0]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 03s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\System32\DRIVERS\avipbb.sys
~ Drivers: 96 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\CToolbar]
~ Key Software: 221 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/06/2011 - 15:05:18 - [114,528] ----D C:\Program Files\PoP1-Total Pack
O43 - CFD: 05/04/2012 - 14:10:56 - [0] ----D C:\ProgramData\Ask
O43 - CFD: 25/08/2013 - 21:49:44 - [0,065] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 05/09/2010 - 15:34:46 - [16,521] -SH-D C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
O43 - CFD: 05/07/2012 - 06:55:28 - [0,812] ----D C:\Users\ON VA TOUT SAUVER\AppData\Roaming\hellomoto
~ Program Folder: 169 Legitimates Filtered in 00mn 30s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{41c7bc76-c475-11de-85e7-002421624281}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
O51 - MPSK:{c8dae2b9-5a77-11df-9dae-002421624281}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.ZMBV"="zmbv.dll" . (...) -- C:\Windows\System32\zmbv.dll
~ TDSD: 10 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 09/12/2013 - 19:33:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 29/12/2013 - 17:37:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 10/12/2009 - 18:17:05 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [56816]
O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 30/03/2009 - 09:32:47 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\Windows\System32\Drivers\avipbb.sys [96104]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.113384367C3999E084FE156B18C7625E] - 04/01/2012 - 15:28:36 ---A- . (.Windows (R) Win 7 DDK provider - GridinSoft Trojan Killer Mini-Filter Driver.) -- C:\Windows\System32\Drivers\gtkdrv.sys [16128]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.E5292521916CEA4937FBABCB1532F676] - 22/12/2006 - 14:21:52 ---A- . (.Windows (R) Codename Longhorn DDK provider - MGHwCtrl Driver using WDF.) -- C:\Windows\System32\Drivers\MGHwCtrl.sys [19456]
O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 25/07/2009 - 19:34:19 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 13/12/2012 - 14:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 03/04/1996 - 20:33:26 ---A- . (...) -- C:\Windows\System32\giveio.sys [5248]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 22/12/2006 - C:\Windows\system32\drivers\MGHwCtrl.sys (MGHwCtrl) .(.Windows (R) Codename Longhorn DDK provider - MGHwCtrl Driver using WDF.) - LEGACY_MGHWCTRL
~ Legacy: 80 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Mozilla\Firefox\Profiles\1ibgnqgf.default\searchplugins\askcom.xml
O69 - SBI: SearchScopes [HKCU] {D428E8BF-1C7B-407F-B8AA-9186F1B88D36} - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.ECCA2169880647E0A3E6650A582EDA04] [SPRF][16/09/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{FADE17DD-1237-4647-981B-A42946E2D46D}D:\pro cycling manager - season 2009\pcm.exe" |In - Public - P6 - TRUE | .(...) -- D:\pro cycling manager - season 2009\pcm.exe (.not file.)
O87 - FAEL: "UDP Query User{28A69AB0-DA9E-459C-9DC1-7AAF60AEFE67}D:\pro cycling manager - season 2009\pcm.exe" |In - Public - P17 - TRUE | .(...) -- D:\pro cycling manager - season 2009\pcm.exe (.not file.)
O87 - FAEL: "{4F4B30EB-088D-4147-8090-16583B4774B4}" |In - Private - P6 - FALSE | .(...) -- D:\fm.exe (.not file.)
O87 - FAEL: "{00FE2410-D388-4C60-906B-EDAB83C3E55D}" |In - Private - P17 - FALSE | .(...) -- D:\fm.exe (.not file.)
O87 - FAEL: "{2B3179C0-4536-4731-8B87-D74B010D26DD}" |In - None - P6 - TRUE | .(...) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (.not file.)
O87 - FAEL: "{72065031-1BF3-4F91-B949-0DE7443A32EA}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe (.not file.)
O87 - FAEL: "TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P6 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)
O87 - FAEL: "UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P17 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)
O87 - FAEL: "{204A6AA5-9247-4962-B215-AE31E13E695F}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe (.not file.)
O87 - FAEL: "TCP Query User{6D0D83BF-46DD-4AD9-ADAF-FEFDCBDD8796}C:\program files\hexchat\hexchat.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\hexchat\hexchat.exe (.not file.)
O87 - FAEL: "UDP Query User{35CE3A0D-04E0-4137-BD84-AA59DAD8ACD3}C:\program files\hexchat\hexchat.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\hexchat\hexchat.exe (.not file.)
O87 - FAEL: "{75F7ED18-0511-4362-A6A1-FD4D619DE3ED}" |In - Public - P17 - TRUE | .(...) -- C:\program files\hexchat\hexchat.exe (.not file.)
O87 - FAEL: "{4DA3135C-FE3A-4327-9163-37CEA0209ED3}" |In - Public - P6 - TRUE | .(...) -- C:\program files\hexchat\hexchat.exe (.not file.)
~ Firewall: 266 Legitimates Filtered in 00mn 02s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "E1F3EB3A2742112478538E32B94ED9F9" . (.Ulead Burn.Now 4.5.) -- C:\Windows\Installer\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}\ARPPRODUCTICON.exe
~ Update Products: 58 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 21/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (AntiVirSchedulerService) . (...) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SS - | Auto 10/07/1658 0 | (AntiVirService) . (...) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Auto 29/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 29/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 08/09/2008 704512 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SR - | Auto 29/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 20/01/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 23/08/2007 61440 | (NishService) . (...) - C:\Program Files\System Control Manager\edd.exe
SR - | Demand 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (17/02/2014)
Clés trouvées (Keys found) : 18
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClickpotatoliteSA] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse] =>Adware.QuestBrowse
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA] =>Adware.ClickPotato
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
[HKLM\Software\CToolbar] =>Toolbar.Crawler
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\ON VA TOUT SAUVER\AppData\LocalLow\ShopperReports3 =>Adware.ShopperReports
~ Additionnel Scan: 250076 Items scanned in 00mn 44s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26630192-adware-clicpotato =>Adware.ClickPotato
~ http://nicolascoolman.webs.com/apps/blog/show/27442025-adware-questbrowse =>Adware.QuestBrowse
~ http://nicolascoolman.webs.com/apps/blog/show/29344956-adware-similarsites =>Adware.SimilarSites
~ MSI: 6 link(s) detected in 00mn 44s
~ 1095 Legitimates filtered by white list
End of the scan (479 lines in 02mn 53s)(0)
~ Rapport de ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014)
~ Lancé par ON VA TOUT SAUVER (23/02/2014 01:04:15)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 27.0 (Defaut)
GCIE: Google Chrome v33.0.1750.117
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot - Search & Destroy v1.6.2
---\\ Logiciels d'optimisation du système
CCleaner v2.35 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (7%) free of 44 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-PROPRIETA
~ User Name: ON VA TOUT SAUVER
~ All Users Names: ON VA TOUT SAUVER, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\ON VA TOUT SAUVER\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\ON VA TOUT SAUVER\AppData\Roaming\
~ %Desktop% : C:\Users\ON VA TOUT SAUVER\Desktop\
~ %Favorites% : C:\Users\ON VA TOUT SAUVER\Favorites\
~ %LocalAppData% : C:\Users\ON VA TOUT SAUVER\AppData\Local\
~ %StartMenu% : C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 44 Go)
D: Hard drive, Flash drive, Thumb drive (Free 95 Go of 181 Go)
E: Hard drive, Flash drive, Thumb drive (Free 6 Go of 116 Go)
F: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 43 Go of 328 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.C95CAFE9C53423F24085EA2BC6CD3BB5] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.03/02/2014 - 14:19:01.) -- C:\Windows\System32\wininet.dll [834048]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1510
~ Mes musiques (My Musics) : 1/57
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 2/2444
~ Mon Bureau (My Desktop) : 1/492
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lancés
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.3820]
[MD5.BF37DB1F8358D2B1C11CBCCD61516614] - (.MSI - System Control Manager.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe [561152] [PID.3832]
[MD5.22206C8921E91BF457FC70C1531D143D] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [6281760] [PID.3932]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024] [PID.3988]
[MD5.085BE68B52CE5A5FA4621507AD518CF3] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.4044]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.4092]
[MD5.A6455ADF66EE2FDD53B81AAE74F40C4C] - (.Microsoft Corporation - SQL Server Service Manager.) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [74308] [PID.2104]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5512]
[MD5.E287233EF87AA90FC9D4DD31575DF3DF] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.5020]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8338432] [PID.5108]
[MD5.4BDF29F145793074F9E370EFD10D54F4] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.6088]
[MD5.0642800E69522E29B93EF4C6BE00D13E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe [1863560] [PID.3864]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\ON VA TOUT SAUVER\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 8 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Mozilla\Firefox\Profiles\1ibgnqgf.default\prefs.js
M3 - MFPP: Plugins - [ON VA TOUT SAUVER] -- C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Mozilla\Firefox\Profiles\1ibgnqgf.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [ON VA TOUT SAUVER] -- C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Mozilla\Firefox\Profiles\1ibgnqgf.default\searchplugins\conduit-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [ON VA TOUT SAUVER] -- C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Mozilla\Firefox\Profiles\1ibgnqgf.default\searchplugins\googlefr.xml
M0 - MFSP: prefs.js [ON VA TOUT SAUVER - 1ibgnqgf.default] google
P2 - FPN: [HKLM] [@google.com/npPicasa2,version=2.0.0] - (...) -- C:\Program Files\Picasa2\npPicasa2.dll (.not file.)
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.jeux-gratuits.com/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.jeux-gratuits.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msi.com/redirect/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msi.com/redirect/
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Heredis 13.lnk . (.BSD Concept - Heredis.) -- C:\Program Files\BSD Concept\Heredis 13\Heredis13.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Planète Généalogie.lnk . (...) -- C:\Program Files\BSD Concept\Planète Généalogie\PlaneteGenealogie.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [ON VA TOUT SAUVER]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [ON VA TOUT SAUVER]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [ON VA TOUT SAUVER]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [ON VA TOUT SAUVER]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\Program [ON VA TOUT SAUVER]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [ON VA TOUT SAUVER]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [ON VA TOUT SAUVER]: RegCleaner.lnk . (...) -- C:\Program Files\RegCleaner\RegCleanr.exe
O4 - GS\Desktop [ON VA TOUT SAUVER]: Stellar Phoenix Windows Data Recovery - Home.lnk . (.Stellar Information Systems Ltd. - Windows data Recovery.) -- C:\Program Files\Stellar Phoenix Windows Data Recovery\spwdrhfa.exe
O4 - GS\Desktop [ON VA TOUT SAUVER]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\ON VA TOUT SAUVER\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 61 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Service Manager.lnk . (.Microsoft Corporation - SQL Server Service Manager.) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [MGSysCtrl] . (.MSI - System Control Manager.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3936009603-166741076-562102811-1001\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-3936009603-166741076-562102811-1001\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{72F151B8-DAB0-4BBE-9AF1-5FEEB9ABF05F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{72F151B8-DAB0-4BBE-9AF1-5FEEB9ABF05F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{72F151B8-DAB0-4BBE-9AF1-5FEEB9ABF05F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{72F151B8-DAB0-4BBE-9AF1-5FEEB9ABF05F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (...) - C:\Program Files\Avira\AntiVir Desktop\sched.exe (.not file.)
O23 - Service: Avira AntiVir Guard (AntiVirService) . (...) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (.not file.)
O23 - Service: SCM Driver Daemon (NishService) . (...) - C:\Program Files\System Control Manager\edd.exe
~ Services: 6 Legitimates Filtered in 00mn 08s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Java] (...) -- C:\Program Files\Java\jre6\bin\jusched.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{131FDD76-D367-43C1-AAF0-E52E813C0F2A}] (...) -- C:\Users\ON VA TOUT SAUVER\Downloads\vegas70e_fra.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C991E773-425C-44DD-AA6E-41257E334CFA}] (...) -- C:\Users\ON VA TOUT SAUVER\Downloads\totalpack.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CCC3EDF1-2C42-4E22-B338-5E3840CCAA53}] (...) -- C:\Users\ON VA TOUT SAUVER\Downloads\RegCleaner.exe (.not file.) [0]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 03s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\System32\DRIVERS\avipbb.sys
~ Drivers: 96 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\CToolbar]
~ Key Software: 221 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/06/2011 - 15:05:18 - [114,528] ----D C:\Program Files\PoP1-Total Pack
O43 - CFD: 05/04/2012 - 14:10:56 - [0] ----D C:\ProgramData\Ask
O43 - CFD: 25/08/2013 - 21:49:44 - [0,065] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 05/09/2010 - 15:34:46 - [16,521] -SH-D C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
O43 - CFD: 05/07/2012 - 06:55:28 - [0,812] ----D C:\Users\ON VA TOUT SAUVER\AppData\Roaming\hellomoto
~ Program Folder: 169 Legitimates Filtered in 00mn 30s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{41c7bc76-c475-11de-85e7-002421624281}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
O51 - MPSK:{c8dae2b9-5a77-11df-9dae-002421624281}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.ZMBV"="zmbv.dll" . (...) -- C:\Windows\System32\zmbv.dll
~ TDSD: 10 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 09/12/2013 - 19:33:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 29/12/2013 - 17:37:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 10/12/2009 - 18:17:05 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [56816]
O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 30/03/2009 - 09:32:47 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\Windows\System32\Drivers\avipbb.sys [96104]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.113384367C3999E084FE156B18C7625E] - 04/01/2012 - 15:28:36 ---A- . (.Windows (R) Win 7 DDK provider - GridinSoft Trojan Killer Mini-Filter Driver.) -- C:\Windows\System32\Drivers\gtkdrv.sys [16128]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.E5292521916CEA4937FBABCB1532F676] - 22/12/2006 - 14:21:52 ---A- . (.Windows (R) Codename Longhorn DDK provider - MGHwCtrl Driver using WDF.) -- C:\Windows\System32\Drivers\MGHwCtrl.sys [19456]
O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 25/07/2009 - 19:34:19 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 13/12/2012 - 14:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 03/04/1996 - 20:33:26 ---A- . (...) -- C:\Windows\System32\giveio.sys [5248]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 22/12/2006 - C:\Windows\system32\drivers\MGHwCtrl.sys (MGHwCtrl) .(.Windows (R) Codename Longhorn DDK provider - MGHwCtrl Driver using WDF.) - LEGACY_MGHWCTRL
~ Legacy: 80 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: C:\Users\ON VA TOUT SAUVER\AppData\Roaming\Mozilla\Firefox\Profiles\1ibgnqgf.default\searchplugins\askcom.xml
O69 - SBI: SearchScopes [HKCU] {D428E8BF-1C7B-407F-B8AA-9186F1B88D36} - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.ECCA2169880647E0A3E6650A582EDA04] [SPRF][16/09/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{FADE17DD-1237-4647-981B-A42946E2D46D}D:\pro cycling manager - season 2009\pcm.exe" |In - Public - P6 - TRUE | .(...) -- D:\pro cycling manager - season 2009\pcm.exe (.not file.)
O87 - FAEL: "UDP Query User{28A69AB0-DA9E-459C-9DC1-7AAF60AEFE67}D:\pro cycling manager - season 2009\pcm.exe" |In - Public - P17 - TRUE | .(...) -- D:\pro cycling manager - season 2009\pcm.exe (.not file.)
O87 - FAEL: "{4F4B30EB-088D-4147-8090-16583B4774B4}" |In - Private - P6 - FALSE | .(...) -- D:\fm.exe (.not file.)
O87 - FAEL: "{00FE2410-D388-4C60-906B-EDAB83C3E55D}" |In - Private - P17 - FALSE | .(...) -- D:\fm.exe (.not file.)
O87 - FAEL: "{2B3179C0-4536-4731-8B87-D74B010D26DD}" |In - None - P6 - TRUE | .(...) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (.not file.)
O87 - FAEL: "{72065031-1BF3-4F91-B949-0DE7443A32EA}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe (.not file.)
O87 - FAEL: "TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P6 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)
O87 - FAEL: "UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P17 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)
O87 - FAEL: "{204A6AA5-9247-4962-B215-AE31E13E695F}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe (.not file.)
O87 - FAEL: "TCP Query User{6D0D83BF-46DD-4AD9-ADAF-FEFDCBDD8796}C:\program files\hexchat\hexchat.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\hexchat\hexchat.exe (.not file.)
O87 - FAEL: "UDP Query User{35CE3A0D-04E0-4137-BD84-AA59DAD8ACD3}C:\program files\hexchat\hexchat.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\hexchat\hexchat.exe (.not file.)
O87 - FAEL: "{75F7ED18-0511-4362-A6A1-FD4D619DE3ED}" |In - Public - P17 - TRUE | .(...) -- C:\program files\hexchat\hexchat.exe (.not file.)
O87 - FAEL: "{4DA3135C-FE3A-4327-9163-37CEA0209ED3}" |In - Public - P6 - TRUE | .(...) -- C:\program files\hexchat\hexchat.exe (.not file.)
~ Firewall: 266 Legitimates Filtered in 00mn 02s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "E1F3EB3A2742112478538E32B94ED9F9" . (.Ulead Burn.Now 4.5.) -- C:\Windows\Installer\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}\ARPPRODUCTICON.exe
~ Update Products: 58 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 21/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (AntiVirSchedulerService) . (...) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SS - | Auto 10/07/1658 0 | (AntiVirService) . (...) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Auto 29/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 29/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 08/09/2008 704512 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SR - | Auto 29/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 20/01/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 23/08/2007 61440 | (NishService) . (...) - C:\Program Files\System Control Manager\edd.exe
SR - | Demand 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (17/02/2014)
Clés trouvées (Keys found) : 18
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClickpotatoliteSA] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse] =>Adware.QuestBrowse
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA] =>Adware.ClickPotato
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
[HKLM\Software\CToolbar] =>Toolbar.Crawler
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\ON VA TOUT SAUVER\AppData\LocalLow\ShopperReports3 =>Adware.ShopperReports
~ Additionnel Scan: 250076 Items scanned in 00mn 44s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26630192-adware-clicpotato =>Adware.ClickPotato
~ http://nicolascoolman.webs.com/apps/blog/show/27442025-adware-questbrowse =>Adware.QuestBrowse
~ http://nicolascoolman.webs.com/apps/blog/show/29344956-adware-similarsites =>Adware.SimilarSites
~ MSI: 6 link(s) detected in 00mn 44s
~ 1095 Legitimates filtered by white list
End of the scan (479 lines in 02mn 53s)(0)
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
23 févr. 2014 à 11:52
23 févr. 2014 à 11:52
Bonjour,
----
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 44 Go)
D: Hard drive, Flash drive, Thumb drive (Free 95 Go of 181 Go)
E: Hard drive, Flash drive, Thumb drive (Free 6 Go of 116 Go)
F: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 43 Go of 328 Go)
======================
1/
Commence par désinstaller Spybot, il ne sert à rien!
2/
Télécharge : AdwCleaner (merci à Xplode)
Lance AdwCleaner
Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.
Poste le rapport qui apparait en fin de recherche.
(Le rapport est sauvegardé aussi sous C:\AdwCleaner\AdwCleaner[x].txt)
----------------------------
Pour éviter d'avoir des publicités et des toolbars, tu peux lire <<< ceci >>>
@+
non c'est windows 7, je n'ai pas les cd, windows était installer à l'achat du pcTu as plutôt windows vista n'est ce pas (Windows Vista Home Premium, 32-bit Service Pack 2 )
----
Voila le rapport quand meme, ce qui m'interesse est ce qui est relatif au disque G et DVoilà tous les disques détectés par ZHPDiag:
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 44 Go)
D: Hard drive, Flash drive, Thumb drive (Free 95 Go of 181 Go)
E: Hard drive, Flash drive, Thumb drive (Free 6 Go of 116 Go)
F: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 43 Go of 328 Go)
======================
1/
Commence par désinstaller Spybot, il ne sert à rien!
2/
Télécharge : AdwCleaner (merci à Xplode)
Lance AdwCleaner
Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.
Poste le rapport qui apparait en fin de recherche.
(Le rapport est sauvegardé aussi sous C:\AdwCleaner\AdwCleaner[x].txt)
----------------------------
Pour éviter d'avoir des publicités et des toolbars, tu peux lire <<< ceci >>>
@+
