Infection de PsdCheckER !

# AdwCleaner v3.018 - Rapport créé le 16/02/2014 à 18:34:31
# Mis à jour le 28/01/2014 par Xplode
# Système d'exploitation : Windows 8 (64 bits)
# Nom d'utilisateur : flori_000 - TOSH
# Exécuté depuis : C:\Users\flori_000\Downloads\adwcleaner.exe
# Option : Scanner

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Présent : C:\Users\flori_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Dossier Présent : C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Présente : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v32.0.1700.76

[ Fichier : C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\flori_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Il m'a mis ça comme rapport :
*************************

AdwCleaner[R1].txt - [1518 octets] - [16/02/2014 18:34:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1578 octets] ##########
# AdwCleaner v3.018 - Rapport créé le 16/02/2014 à 18:38:51
# Mis à jour le 28/01/2014 par Xplode
# Système d'exploitation : Windows 8 (64 bits)
# Nom d'utilisateur : flori_000 - TOSH
# Exécuté depuis : C:\Users\flori_000\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Users\flori_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Dossier Supprimé : C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v32.0.1700.76

[ Fichier : C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\flori_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [1666 octets] - [16/02/2014 18:34:31]
AdwCleaner[S1].txt - [1586 octets] - [16/02/2014 18:38:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1646 octets] ##########

Maintenant tu fais la partie zhpdiag, comme proposé à la fin de mon premier post.

Script ZHPFix
~ Rapport de ZHPDiag v2014.4.24.43 - Nicolas Coolman (24/04/2014)
~ Lancé par Florine (26/04/2014 19:33:58)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16863
GCIE: Google Chrome v32.0.1700.76 (Defaut)
OBIE: Wacom WebTabletPlugin for Internet Explorer and Netscape v2.1.0.2

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : RM2MG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware version 2.0.1.1004
Spybot - Search & Destroy v2.1.19
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.10 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Java 7 Update 51

---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3683 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 425 GB (72%) free of 584 GB

---\\ Mode de connexion au système
~ Computer Name: TOSH
~ User Name: Florine
~ All Users Names: HomeGroupUser$, Florine, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Florine\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Florine\AppData\Roaming\
~ %Desktop% : C:\Users\Florine\Desktop\
~ %Favorites% : C:\Users\Florine\Favorites\
~ %LocalAppData% : C:\Users\Florine\AppData\Local\
~ %StartMenu% : C:\Users\Florine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 425 Go of 584 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.07/03/2014 - 01:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1904
~ Mes musiques (My Musics) : 2/1448
~ Mes Videos (My Videos) : 2/261
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/1177
~ Mon Bureau (My Desktop) : 1/11
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 13s



---\\ Processus lancés
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.3000]
[MD5.8FEDBE7A5D3E5F91FD4B96DAFA4DD197] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1199576] [PID.4348]
[MD5.E0923A875F209557BA312912BB3C83D6] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328] [PID.1412]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.2144]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2864]
[MD5.09E9425AD8C61664A37ED84B8B58BDCF] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224] [PID.4288]
[MD5.D3242FF9E28EAFC77EACB2B8956724C3] - (.Adobe Systems Incorporated - Adobe CEP Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240] [PID.4784]
[MD5.F1BA2F00F892B3C029C5B88E0C1C103E] - (.Pas de propriétaire - Core Sync.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [4624240] [PID.2244]
[MD5.A51008DA51494B89E1593076B7AFE7B1] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [395120] [PID.5772]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.4024]
[MD5.0CED501E811F5C4745415FCC000CE043] - (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.1092]
[MD5.3B0BA44D5691E00088B956394FDE64B6] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584] [PID.3888]
[MD5.80372D68706078E41AEC519F4EA48B5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7867904] [PID.5508]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Florine\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bmhegieehkplplchfibgddjnjlanakgo] PsDChecker v.5.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pfglnpdpgmecffbejlfgpnebopinlclj] SiteBlock v.0.2.3 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 06s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = https://search.us.com/ =>PUP.StartSearch
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Manual.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) -- C:\Program Files (x86)\TOSHIBA\Manuals\TREXLauncher.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: Pinnacle VideoSpin.lnk . (.Pinnacle Systems - Pinnacle VideoSpin program file.) -- C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
O4 - GS\Desktop [Public]: RAR File Open Knife - Free Opener.lnk . (...) -- C:\Program Files (x86)\RAR File Open Knife - Free Opener\RARFileOpenKnife.exe
O4 - GS\Desktop [Public]: Recovery Media Creator.lnk . (.Toshiba Information Equipment(Hangzhou)Co., - TOSHIBA Recovery Media Creator Launcher.) -- C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\TRMCLcher.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: PaintTool SAI Ver.1.lnk . (...) -- C:\Users\Florine\Desktop\PaintToolSAI\sai.exe (.not file.)
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [Florine]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Florine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Florine]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Florine]: sai.lnk . (...) -- C:\Users\Florine\Downloads\PaintTool SAI\sai.exe
O4 - GS\Program [Florine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Florine]: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.) =>Crapware.SpyHunter
~ Global Startup: 57 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SRS Premium Sound HD] . (.SRS Labs, Inc. - SRS Control Panel.) -- C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe (.not file.)
O4 - HKLM\..\Run: [TecoResident] . (.TOSHIBA Corporation - Resident module of eco Utility.) -- C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [TODDMain] . (.Pas de propriétaire - TOSHIBA System Settings Service.) -- C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(R) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [TPUReg] . (.Pegatron Corporation - TOSHIBA Password Utility.) -- C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKUS\S-1-5-21-1387591178-3323154573-181881307-1052\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Free YouTube Download [64Bits] - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (...) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\dvdvideosoft.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4856A097-40E4-4713-91A7-D64CEE5618C1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4856A097-40E4-4713-91A7-D64CEE5618C1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 14 Legitimates Filtered in 00mn 42s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Filseclab]
[HKCU\Software\TPUKey]
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Wow6432Node\Filseclab]
[HKLM\Software\Wow6432Node\SWEETIM] =>PUP.SweetIM
~ Key Software: 240 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/04/2014 - 17:48:55 - [] ----D C:\Program Files (x86)\MiniGet
O43 - CFD: 03/02/2014 - 21:00:29 - [] ----D C:\ProgramData\bmhegieehkplplchfibgddjnjlanakgo
O43 - CFD: 13/02/2014 - 21:52:20 - [] ----D C:\ProgramData\CDB
O43 - CFD: 26/04/2014 - 17:26:54 - [] ----D C:\ProgramData\dealsteer
O43 - CFD: 26/04/2014 - 17:26:55 - [] ----D C:\ProgramData\dealstter
O43 - CFD: 13/02/2014 - 21:31:21 - [] ----D C:\ProgramData\f0a12ec7e8e27700
O43 - CFD: 15/04/2014 - 16:48:06 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 27/01/2014 - 20:54:29 - [] ----D C:\ProgramData\jnllnbaabeifgpeeogmobmdhnamophac
O43 - CFD: 26/04/2014 - 17:26:54 - [] ----D C:\ProgramData\PsDChecker
O43 - CFD: 25/04/2014 - 20:05:35 - [] ----D C:\Users\Florine\AppData\Roaming\MiniGet
O43 - CFD: 26/04/2014 - 18:10:59 - [] ----D C:\Users\Florine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 131 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 13/04/2014 - 19:52:28 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/04/2014 - 17:12:55 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 44 Legitimates Filtered in 00mn 14s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:30/03/2014 - 19:11:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:30/03/2014 - 19:11:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:19/10/2012 - 03:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:19/10/2012 - 03:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:03/12/2012 - 16:36:34 ---A- . (.Windows (R) Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [13728]
O58 - SDL:28/10/2013 - 01:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288]
O58 - SDL:28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:17/09/2013 - 21:33:36 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:31/07/2012 - 20:28:54 ---A- . (.Windows (R) Win 7 DDK provider - Toshiba Hotkey Driver.) -- C:\Windows\System32\Drivers\Thotkey.sys [28632]
~ Drivers: 17 Legitimates Filtered in 00mn 10s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files (x86)\google\chrome\application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D53BBD90-F2A4-4546-A252-8FCA5F387151}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Florine\Downloads\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{E9F273BD-5E3B-4357-94B1-45BF45DD82F5}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Florine\Downloads\utorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 05s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crimsolite_RASAPI32 =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crimsolite_RASMANCS =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatecrimsolite_RASAPI32 =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatecrimsolite_RASMANCS =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilcrimsolite_RASAPI32 =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilcrimsolite_RASMANCS =>PUP.CrimSolite
~ BTK: 34 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 17/02/2014 113704 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 07/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/01/2013 116240 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 30/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/10/2011 156672 | (GFNEXSrv) . (...) - C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
SR - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 05/12/2012 201872 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Demand 27/07/2012 53384 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 28/07/2009 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 25/08/2012 291240 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =>.Toshiba Corporation
SR - | Demand 28/07/2012 458152 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 11/12/2012 619904 | (WTabletServiceCon) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
~ Services: Scanned in 00mn 29s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (24/04/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 3

[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\Florine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
[HKLM\Software\Wow6432Node\SWEETIM] =>PUP.SweetIM^
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
C:\Users\Florine\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
~ Additionnel Scan: 202546 Items scanned in 01mn 49s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch =>PUP.StartSearch
http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter
http://nicolascoolman.webs.com/apps/blog/show/26633218-rogue-reimagerepair =>Rogue.ReimageRepair
http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/42060394-pup-crimsolite =>PUP.CrimSolite
~ MSI: 6 link(s) detected in 00mn 00s



~ 621 Legitimates filtered by white list

Voilà qu'est ce que je dois faire maintenant ? :)

tu lances zhpfix,

tu importes ce script:

Script ZHPFix
ShortcutFix
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
G2 - GCE: Preference [User Data\Default] [bmhegieehkplplchfibgddjnjlanakgo] PsDChecker v.5.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pfglnpdpgmecffbejlfgpnebopinlclj] SiteBlock v.0.2.3 (Activé)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = <http://search.us.com> =>PUP.StartSearch
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Desktop [Florine]: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.) =>Crapware.SpyHunter
[HKCU\Software\Filseclab]
[HKCU\Software\TPUKey]
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Wow6432Node\Filseclab]
[HKLM\Software\Wow6432Node\SWEETIM] =>PUP.SweetIM
O43 - CFD: 26/04/2014 - 17:48:55 - [] ----D C:\Program Files (x86)\MiniGet
O43 - CFD: 03/02/2014 - 21:00:29 - [] ----D C:\ProgramData\bmhegieehkplplchfibgddjnjlanakgo
O43 - CFD: 13/02/2014 - 21:52:20 - [] ----D C:\ProgramData\CDB
O43 - CFD: 26/04/2014 - 17:26:54 - [] ----D C:\ProgramData\dealsteer
O43 - CFD: 26/04/2014 - 17:26:55 - [] ----D C:\ProgramData\dealstter
O43 - CFD: 13/02/2014 - 21:31:21 - [] ----D C:\ProgramData\f0a12ec7e8e27700
O43 - CFD: 15/04/2014 - 16:48:06 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 27/01/2014 - 20:54:29 - [] ----D C:\ProgramData\jnllnbaabeifgpeeogmobmdhnamophac
O43 - CFD: 26/04/2014 - 17:26:54 - [] ----D C:\ProgramData\PsDChecker
O43 - CFD: 25/04/2014 - 20:05:35 - [] ----D C:\Users\Florine\AppData\Roaming\MiniGet
O43 - CFD: 26/04/2014 - 18:10:59 - [] ----D C:\Users\Florine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 13/04/2014 - 19:52:28 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/04/2014 - 17:12:55 ---A- . (...) -- C:\autoexec.bat [0]
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crimsolite_RASAPI32 =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crimsolite_RASMANCS =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatecrimsolite_RASAPI32 =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatecrimsolite_RASMANCS =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilcrimsolite_RASAPI32 =>PUP.CrimSolite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilcrimsolite_RASMANCS =>PUP.CrimSolite
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\Florine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
[HKLM\Software\Wow6432Node\SWEETIM] =>PUP.SweetIM^
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
C:\Users\Florine\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
ProxyFix
EmptyPrefetch
EmptyFlash
SysRestore
FirewallRAZ
EmptyTemp


Et tu cliques sur GO pour nettoyer.
un rapport ce créera, tu le postes.

Ensuite tu refais un coup de zhpdiag et tu poste le rapport.

Désinstalle spybot, il ne sert à rien et il ralentit ton poste.

Premier rapport de zhpfix :

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Florine at 26/04/2014 23:26:45
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Corbeille vidée (00mn 03s)
Dossier Prefetcher vidé
Réparation des raccourcis navigateur

========== Clés du Registre ==========
SUPPRIMÉ: HKCU\Software\Filseclab
SUPPRIMÉ: HKCU\Software\TPUKey
SUPPRIMÉ:* HKLM\Software\Reimage
SUPPRIMÉ: HKLM\Software\Wow6432Node\Filseclab
SUPPRIMÉ: HKLM\Software\Wow6432Node\SWEETIM
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crimsolite_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crimsolite_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatecrimsolite_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatecrimsolite_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilcrimsolite_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilcrimsolite_RASMANCS

========== Valeurs du Registre ==========
SUPPRIMÉ MWPS Value: EnableUIADesktopToggle
SUPPRIMÉ MWPS Value: FilterAdministratorToken
SUPPRIMÉ MWPE Value: NoActiveDesktopChanges
ProxyFix : Configuration proxy supprimée avec succès
SUPPRIMÉ ProxyServer Value
SUPPRIMÉ ProxyEnable Value
SUPPRIMÉ EnableHttp1_1 Value
SUPPRIMÉ ProxyHttp1.1 Value
SUPPRIMÉ ProxyOverride Value
Aucune Valeur Domain Profile: FirewallRaz :
SUPPRIMÉ: FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}
SUPPRIMÉ: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}
SUPPRIMÉ: FirewallRaz (None) : {C27433CA-89F9-4DA3-A887-3AB4A21E0549}
SUPPRIMÉ: FirewallRaz (None) : {6A5B4966-30E4-4FA9-8D3E-4A720601E5AC}

========== Eléments de donnée du Registre ==========
REMPLACÉ Value NoActiveDesktopChanges : Good (0) - Bad (1)
SUPPRIMÉ: R1 Search Page =

========== Préférences navigateur ==========
SUPPRIMÉ Folder Chrome: C:\Users\Florine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhegieehkplplchfibgddjnjlanakgo

========== Dossiers ==========
SUPPRIMÉ: C:\Users\Florine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhegieehkplplchfibgddjnjlanakgo
SUPPRIMÉ: C:\Program Files (x86)\MiniGet
SUPPRIMÉ: C:\ProgramData\bmhegieehkplplchfibgddjnjlanakgo
SUPPRIMÉ: C:\ProgramData\CDB
SUPPRIMÉ: C:\ProgramData\dealsteer
SUPPRIMÉ: C:\ProgramData\dealstter
SUPPRIMÉ: C:\ProgramData\f0a12ec7e8e27700
SUPPRIMÉ: C:\ProgramData\InstallMate
SUPPRIMÉ: C:\ProgramData\jnllnbaabeifgpeeogmobmdhnamophac
SUPPRIMÉ: C:\ProgramData\PsDChecker
SUPPRIMÉ: C:\Users\Florine\AppData\Roaming\MiniGet
SUPPRIMÉ: C:\Users\Florine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
SUPPRIMÉS Flash Cookies (0)
SUPPRIMÉS Temporaires Windows (30)

========== Fichiers ==========
SUPPRIMÉ: c:\users\florine\appdata\local\google\chrome\user data\default\preferences
SUPPRIMÉ: c:\users\florine\desktop\spyhunter.lnk
SUPPRIMÉ Redémarrage: c:\windows\system32\apndatabase.xml
SUPPRIMÉ: c:\autoexec.bat
SUPPRIMÉ: C:\Windows\Reimage.ini
SUPPRIMÉS Flash Cookies (0) (0 octets)
SUPPRIMÉS Temporaires Windows (187) (124 416 569 octets)

========== Restauration Système ==========
Point de restauration du système créé avec succès


========== Récapitulatif ==========
11 : Clés du Registre
14 : Valeurs du Registre
2 : Eléments de donnée du Registre
14 : Dossiers
7 : Fichiers
1 : Préférences navigateur
1 : Restauration Système


End of clean in 00mn 25s

========== Chemin de fichier rapport ==========
C:\Users\Florine\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/04/2014 23:26:49 [3583]


Deuxième rapport :

~ Rapport de ZHPDiag v2014.4.24.43 - Nicolas Coolman (24/04/2014)
~ Lancé par Florine (26/04/2014 23:29:40)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16863
GCIE: Google Chrome v32.0.1700.76 (Defaut)
OBIE: Wacom WebTabletPlugin for Internet Explorer and Netscape v2.1.0.2

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : RM2MG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware version 2.0.1.1004
Spybot - Search & Destroy v2.1.19
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.10 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Java 7 Update 51

---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3683 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 429 GB (73%) free of 584 GB

---\\ Mode de connexion au système
~ Computer Name: TOSH
~ User Name: Florine
~ All Users Names: HomeGroupUser$, Florine, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Florine\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Florine\AppData\Roaming\
~ %Desktop% : C:\Users\Florine\Desktop\
~ %Favorites% : C:\Users\Florine\Favorites\
~ %LocalAppData% : C:\Users\Florine\AppData\Local\
~ %StartMenu% : C:\Users\Florine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 429 Go of 584 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.07/03/2014 - 01:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1904
~ Mes musiques (My Musics) : 2/1448
~ Mes Videos (My Videos) : 2/261
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/1177
~ Mon Bureau (My Desktop) : 1/11
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 03s



---\\ Processus lancés
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.3000]
[MD5.8FEDBE7A5D3E5F91FD4B96DAFA4DD197] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1199576] [PID.4348]
[MD5.E0923A875F209557BA312912BB3C83D6] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328] [PID.1412]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.2144]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2864]
[MD5.09E9425AD8C61664A37ED84B8B58BDCF] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224] [PID.4288]
[MD5.D3242FF9E28EAFC77EACB2B8956724C3] - (.Adobe Systems Incorporated - Adobe CEP Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240] [PID.4784]
[MD5.F1BA2F00F892B3C029C5B88E0C1C103E] - (.Pas de propriétaire - Core Sync.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [4624240] [PID.2244]
[MD5.A51008DA51494B89E1593076B7AFE7B1] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [395120] [PID.5772]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.4024]
[MD5.3B0BA44D5691E00088B956394FDE64B6] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584] [PID.6272]
[MD5.80372D68706078E41AEC519F4EA48B5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7867904] [PID.6872]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Florine\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Manual.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) -- C:\Program Files (x86)\TOSHIBA\Manuals\TREXLauncher.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: Pinnacle VideoSpin.lnk . (.Pinnacle Systems - Pinnacle VideoSpin program file.) -- C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
O4 - GS\Desktop [Public]: RAR File Open Knife - Free Opener.lnk . (...) -- C:\Program Files (x86)\RAR File Open Knife - Free Opener\RARFileOpenKnife.exe
O4 - GS\Desktop [Public]: Recovery Media Creator.lnk . (.Toshiba Information Equipment(Hangzhou)Co., - TOSHIBA Recovery Media Creator Launcher.) -- C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\TRMCLcher.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: PaintTool SAI Ver.1.lnk . (...) -- C:\Users\Florine\Desktop\PaintToolSAI\sai.exe (.not file.)
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [Florine]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Florine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Florine]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Florine]: sai.lnk . (...) -- C:\Users\Florine\Downloads\PaintTool SAI\sai.exe
O4 - GS\Program [Florine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 56 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SRS Premium Sound HD] . (.SRS Labs, Inc. - SRS Control Panel.) -- C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe (.not file.)
O4 - HKLM\..\Run: [TecoResident] . (.TOSHIBA Corporation - Resident module of eco Utility.) -- C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [TODDMain] . (.Pas de propriétaire - TOSHIBA System Settings Service.) -- C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(R) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [TPUReg] . (.Pegatron Corporation - TOSHIBA Password Utility.) -- C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKUS\S-1-5-21-1387591178-3323154573-181881307-1052\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Free YouTube Download [64Bits] - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (...) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\dvdvideosoft.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4856A097-40E4-4713-91A7-D64CEE5618C1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4856A097-40E4-4713-91A7-D64CEE5618C1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 14 Legitimates Filtered in 02mn 07s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 13/04/2014 - 19:52:28 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
~ Files: 43 Legitimates Filtered in 00mn 32s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:30/03/2014 - 19:11:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:30/03/2014 - 19:11:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:19/10/2012 - 03:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:19/10/2012 - 03:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:03/12/2012 - 16:36:34 ---A- . (.Windows (R) Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [13728]
O58 - SDL:28/10/2013 - 01:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288]
O58 - SDL:28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:17/09/2013 - 21:33:36 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:31/07/2012 - 20:28:54 ---A- . (.Windows (R) Win 7 DDK provider - Toshiba Hotkey Driver.) -- C:\Windows\System32\Drivers\Thotkey.sys [28632]
~ Drivers: 15 Legitimates Filtered in 00mn 20s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files (x86)\google\chrome\application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D53BBD90-F2A4-4546-A252-8FCA5F387151}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Florine\Downloads\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{E9F273BD-5E3B-4357-94B1-45BF45DD82F5}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Florine\Downloads\utorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 18s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 17/02/2014 113704 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 07/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/01/2013 116240 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 30/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/10/2011 156672 | (GFNEXSrv) . (...) - C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
SR - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 05/12/2012 201872 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Demand 27/07/2012 53384 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 28/07/2009 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 25/08/2012 291240 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =>.Toshiba Corporation
SR - | Demand 28/07/2012 458152 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 11/12/2012 619904 | (WTabletServiceCon) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
~ Services: Scanned in 01mn 26s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (24/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 199852 Items scanned in 05mn 12s



---\\ Récapitulatif des détections trouvées sur votre station
~ MSI: 0 link(s) detected in 00mn 00s



~ 601 Legitimates filtered by white list
End of the scan (328 lines in 12mn 13s)(0)

Merci pour ton aide :)