~ Rapport de ZHPDiag v2014.2.6.4 - Nicolas Coolman (06/02/2014) ~ Lancé par Jean Claude (08/02/2014 15:49:51) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.16476 (Defaut) MFIE: Mozilla Firefox 26.0 GCIE: Google Chrome v32.0.1700.107 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8.1, 64-bit (Build 9600) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : F6V36 Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Kaspersky Anti-Virus v14.0.0.4651 Windows Defender W8 ---\\ Logiciels d'optimisation du système CCleaner v4.10 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer eMule ---\\ Surveillance de Logiciels Adobe Flash Player 12 Plugin Adobe Reader XI Java 7 Update 51 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3981 MB (62% free) System Restore: Activé (Enable) System drive C: has 161 GB (84%) free of 191 GB ---\\ Mode de connexion au système ~ Computer Name: JEANCLAUDE ~ User Name: Jean Claude ~ All Users Names: Jean Claude, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Utilisateur\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Utilisateur\AppData\Roaming\ ~ %Desktop% : C:\Users\Utilisateur\Desktop\ ~ %Favorites% : D:\Favorites\ ~ %LocalAppData% : C:\Users\Utilisateur\AppData\Local\ ~ %StartMenu% : C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 161 Go of 191 Go) D: Hard drive, Flash drive, Thumb drive (Free 53 Go of 90 Go) F: CD-ROM drive (Not Inserted) Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 46 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.02/12/2013 - 21:02:32.) -- C:\Windows\Explorer.exe [2328872] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208] [MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736] [MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656] [MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848] [MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/11/2013 - 08:08:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 04:59:53.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/1185 ~ Mes musiques (My Musics) : 1/1626 ~ Mes Videos (My Videos) : 2/41 ~ Mes Favoris (My Favorites) : 1/136 ~ Mes Documents (My Documents) : 2/522 ~ Mon Bureau (My Desktop) : 1/8 ~ Menu demarrer (Programs) : 1/27 ~ Hidden Files: Scanned in 00mn 02s ---\\ Processus lancés [MD5.CB60C7455AC362CAA58458A613908B7F] - (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe [476056] [PID.1624] [MD5.4CCF76ED78F461670FA2854F8E97820E] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [992960] [PID.2536] [MD5.553E4F70B5CAA6A6F910E5AF8186132C] - (.Pas de propriétaire - Orange Wifi Application.) -- C:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\OrangeWifi.exe [1947000] [PID.4240] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4276] [MD5.63E9C23A386FFFA84B5E03BFF9B628F0] - (.Brother Industries, Ltd. - Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096] [PID.4348] [MD5.8DFFBFDDD42E6F864616784C5B9411BB] - (.Brother Industries, Ltd. - ControlCenter Main Process.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe [393216] [PID.4360] [MD5.10A9F9D0487EA73CA9C641BDB64CDE86] - (.Brother Industries, Ltd. - ControlCenter UX System.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe [1327104] [PID.4504] [MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632] [PID.2776] [MD5.47D7F5E049E3FAA24176FB92859C552B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8333824] [PID.2976] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\fy25jj3b.default\prefs.js M2 - MFEP: prefs.js [Jean Claude - fy25jj3b.default\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com] [] The weDownload Manager v (..) =>PUP.weDownloadManager ~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =>Hijacker.NationZoom ~ IE Browser: 22 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Brother Utilities.lnk . (.Brother Industories, Ltd. - Application Launcher.) -- C:\Program Files (x86)\Brother\BrLauncher\BrLauncher.exe O4 - GS\Desktop [Public]: eMule.lnk . (.http://www.emule-project.net - eMule.) -- C:\Program Files (x86)\eMule\emule.exe O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\Desktop [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\Desktop [Public]: Kaspersky Anti-Virus.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe O4 - GS\Desktop [Public]: MiniTool Partition Wizard Home Edition.lnk . (...) -- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1\loader.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe O4 - GS\Desktop [Public]: wifi d'Orange.lnk . (...) -- C:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\OrangeWifi.exe O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ~ Global Startup: 37 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe O4 - HKCU\..\Run: [Xvid] . (...) -- C:\Program Files (x86)\Xvid\CheckUpdate.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe O4 - HKLM\..\Wow6432Node\Run: [Start_OrangeWifi_{9d78a505-6248-4d1b-81b6-df69655beccf}] . (.Pas de propriétaire - Orange Wifi Application.) -- C:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\OrangeWifi.exe O4 - HKLM\..\Wow6432Node\Run: [Start_Update_{9d78a505-6248-4d1b-81b6-df69655beccf}] . (.Pas de propriétaire - Orange Updater.) -- C:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\UpdteApp.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [ControlCenter4] . (.Brother Industries, Ltd. - ControlCenter Launcher.) -- C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe O4 - HKLM\..\Wow6432Node\Run: [BrStsMon00] . (.Brother Industries, Ltd. - Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe O4 - HKUS\S-1-5-21-3428673392-3501539999-226193709-1001\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe O4 - HKUS\S-1-5-21-3428673392-3501539999-226193709-1001\..\Run: [Xvid] . (...) -- C:\Program Files (x86)\Xvid\CheckUpdate.exe O4 - HKUS\S-1-5-21-3428673392-3501539999-226193709-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Clavier virtuel [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kbrd.ico O9 - Extra button: Analyse des liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{3F214245-3FED-4B16-9BB1-71FB88CAD87F}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{5CB2CCC4-A48C-43F2-88F9-245ABE13878B}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{3F214245-3FED-4B16-9BB1-71FB88CAD87F}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5CB2CCC4-A48C-43F2-88F9-245ABE13878B}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\MOVIES~1\Datamngr\x64\mgrldr.dll (.not file.) =>PUP.Datamngr ~ AppInit DLL: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Deeal_fr 0.2-chromeinstaller.job [1946] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Deeal_fr 0.2-codedownloader.job [1238] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Deeal_fr 0.2-firefoxinstaller.job [1872] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\The weDownload Manager-codedownloader.job [1582] =>PUP.weDownloadManager O39 - APT:Automatic Planified Task - C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job [2576] =>PUP.weDownloadManager [MD5.64A52DA2B81C2E6DD902D4BF10E3DBB1] [APT] [The weDownload Manager-codedownloader] (.weDownload.) -- C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe [553984] =>PUP.weDownloadManager [MD5.C5ACBCA9BCE48F850D37FCFC317734DA] [APT] [The weDownload Manager-firefoxinstaller] (.weDownload.) -- C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe [932352] =>PUP.weDownloadManager ~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s ---\\ Logiciels installés (O42) O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508} O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail O42 - Logiciel: WPM17.8.0.3159 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager ~ Logic: 24 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN DTX] [HKCU\Software\BI] [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\IM] [HKCU\Software\IncrediMail] [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\WeDlMngr] =>PUP.weDownloadManager [HKLM\Software\Wow6432Node\Deeal_fr 0.2] [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\NSCPID] [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager ~ Key Software: 223 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 08/12/2013 - 10:58:40 - [0,788] ----D C:\Program Files (x86)\Deeal_fr 0.2 O43 - CFD: 21/10/2013 - 17:40:41 - [48,475] ----D C:\Program Files (x86)\GUM9727.tmp O43 - CFD: 28/12/2013 - 12:23:13 - [0] ----D C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster O43 - CFD: 25/01/2014 - 14:34:48 - [26,257] ----D C:\Program Files (x86)\IncrediMail O43 - CFD: 28/12/2013 - 12:26:04 - [0,015] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup O43 - CFD: 25/01/2014 - 14:35:23 - [0] ----D C:\ProgramData\IM O43 - CFD: 25/01/2014 - 14:34:48 - [6,735] ----D C:\ProgramData\IncrediMail O43 - CFD: 08/12/2013 - 12:18:57 - [0,478] ----D C:\ProgramData\WPM =>PUP.WpManager O43 - CFD: 28/12/2013 - 12:21:31 - [0,259] ----D C:\Users\Utilisateur\AppData\Roaming\IminentToolbar =>Adware.IMBooster O43 - CFD: 08/12/2013 - 10:18:42 - [0,996] ----D C:\Users\Utilisateur\AppData\Roaming\speedtest4354 O43 - CFD: 25/01/2014 - 14:56:40 - [12,714] ----D C:\Users\Utilisateur\AppData\Local\IM O43 - CFD: 03/12/2013 - 10:10:39 - [9,786] ----D C:\Users\Utilisateur\AppData\Local\SelfExtractible ~ Program Folder: 186 Legitimates Filtered in 00mn 13s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.DD81509C738872296ED72BE3D6813CF9] - 03/02/2014 - 13:13:44 ---A- . (...) -- C:\Windows\BRPARAM.INI [3312] O44 - LFC:[MD5.E3324179E1C49552489D893209914D5B] - 03/02/2014 - 14:53:06 ---A- . (...) -- C:\Windows\brpcfx.ini [137] O44 - LFC:[MD5.A6DFDFA030A333290B7DE724331568C6] - 03/02/2014 - 14:53:32 ---A- . (...) -- C:\Windows\Brpfx04a.ini [412] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 03/02/2014 - 14:53:32 ---A- . (...) -- C:\Windows\brdfxspd.dat [0] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/02/2014 - 13:08:37 ---A- . (...) -- C:\Recovery.txt [0] O44 - LFC:[MD5.C32ECB99AD25E9A04F01C8665DF29EF8] - 08/02/2014 - 14:44:09 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [19152] O44 - LFC:[MD5.D619356B955EEFA642F5FF72755E8B3C] - 08/02/2014 - 14:44:09 ----- . (...) -- C:\Windows\System32\pwdspio.sys [12504] O44 - LFC:[MD5.5DA51182B40354CBC078D29C51B45778] - 08/02/2014 - 14:44:09 ---A- . (...) -- C:\Windows\System32\pwNative.exe [3050808] O44 - LFC:[MD5.4B916278E1487A5CD5F8F9A521980026] - 28/01/2014 - 17:17:11 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385614] O44 - LFC:[MD5.CFFE34336E3B96B3FDAFFDF85D2FE43B] - 29/01/2014 - 23:02:22 ---A- . (...) -- C:\Windows\System32\igdde64.dll [98304] O44 - LFC:[MD5.A5C186443C30B8959C168084DD39B78F] - 29/01/2014 - 23:02:38 ---A- . (...) -- C:\Windows\System32\IGFXDEVLib.dll [9728] O44 - LFC:[MD5.CD4CBE75B78622921E62C0AD2E9A377F] - 29/01/2014 - 23:02:42 ---A- . (...) -- C:\Windows\System32\iglhxs64.vp [17058] ~ Files: 140 Legitimates Filtered in 00mn 28s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:[MD5.82A641767F440C3DBBEEB8BA30A346DA] - 23/07/2012 - 16:35:44 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [295760] O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] O58 - SDL:[MD5.C32ECB99AD25E9A04F01C8665DF29EF8] - 30/09/2013 - 16:26:50 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [19152] O58 - SDL:[MD5.D619356B955EEFA642F5FF72755E8B3C] - 30/09/2013 - 16:26:48 ----- . (...) -- C:\Windows\System32\pwdspio.sys [12504] ~ Drivers: 17 Legitimates Filtered in 00mn 03s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.3C18AC10F475769531213AE8AD0B38AB] [SPRF][11/12/2013] (...) -- C:\ProgramData\ntuser.dat [262144] ~ Files: 1 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{EC99A826-234F-4D06-BBD9-74F35EFA331F}F:\install\setup.exe" |In - Private - P6 - TRUE | .(...) -- F:\install\setup.exe (.not file.) O87 - FAEL: "UDP Query User{10803573-EA90-4F51-B409-863AFB7A3E9E}F:\install\setup.exe" |In - Private - P17 - TRUE | .(...) -- F:\install\setup.exe (.not file.) O87 - FAEL: "{800B3AA1-0CF1-41E1-94BD-01AB9B1AA2E9}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{5AF8A807-7410-481E-A58C-3DCF1EC54099}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{E8E7B094-78A9-4D29-80EF-FABF31B68E9B}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{D35C9CDC-954D-40ED-9270-B2009CE50FB9}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{B0689297-8897-4948-8CCC-B3A78A6BADC2}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{EEE26358-97EF-49E5-B2C2-67E423516AF0}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{705A80E6-1888-43B3-B347-9141531D2EDD}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{74DB4EFD-D673-43FD-A419-64F8CA1D6A4A}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{3DFA17AC-F489-42FE-A14B-3A7E2871809E}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{57541F30-D190-4DFD-ADFD-7754823AE05C}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe ~ Firewall: 251 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- C:\WINDOWS\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe ~ Update Products: 25 Legitimates Filtered in 00mn 00s ---\\ Enumère les données de la clé NameSpace (MNS) (O92) O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE} O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B} O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA} O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C} O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0} O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} ~ MNS: 6 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.C84C35B3ED26F11A04F50874B40AA5E8] [WIS][25/01/2014] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\1de5a0ed.msi [2687488] ~ WIS: 27 Legitimates Filtered in 00mn 04s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 05/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 29/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Auto 04/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 04/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 04/12/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 26/12/2013 119920 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe SS - | Disabled 08/12/2013 499856 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 12/10/2013 214512 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe SR - | Auto 20/07/2012 1091520 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe SR - | Auto 20/07/2012 1107904 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe SR - | Demand 05/06/2012 266240 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe SR - | Auto 31/08/2012 201360 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation ~ Services: Scanned in 00mn 06s ---\\ Scan Additionnel (O88) Database Version : 13030 - (06/02/2014) Clés trouvées (Keys found) : 34 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 8 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^ [HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip [HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip [HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip [HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange [HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\SearchBar.Client] =>Toolbar.Agent [HKCU\Software\APN DTX] =>Toolbar.Ask [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster [HKCU\Software\BI] =>Adware.MegaSearch [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^ [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\fy25jj3b.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com =>PUP.weDownloadManager^ C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster^ C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^ C:\ProgramData\WPM =>PUP.WpManager^ C:\Users\Utilisateur\AppData\Roaming\IminentToolbar =>Adware.IMBooster^ C:\Windows\Tasks\The weDownload Manager-codedownloader.job =>PUP.weDownloadManager^ C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job =>PUP.weDownloadManager^ C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe =>PUP.weDownloadManager^ C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe =>PUP.weDownloadManager^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\Smartbar] =>Hijacker.SmartBar^ [HKCU\Software\WeDlMngr] =>PUP.weDownloadManager^ [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^ ~ Additionnel Scan: 204167 Items scanned in 00mn 16s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/32930303-pup-wedownloadmanager =>PUP.weDownloadManager ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar ~ http://nicolascoolman.webs.com/apps/blog/show/38126906-hijacker-nationzoom =>Hijacker.NationZoom ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup ~ http://nicolascoolman.webs.com/apps/blog/show/27350807-adware-recordnrip =>Adware.RecordNRip ~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch ~ MSI: 16 link(s) detected in 00mn 16s ~ 1064 Legitimates filtered by white list End of the scan (544 lines in 01mn 39s)(0)