~ Rapport de ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/03/2014) ~ Lancé par nathalie (13/03/2014 18:41:07) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.16518 MFIE: Mozilla Firefox 27.0.1 (Defaut) GCIE: Google Chrome v33.0.1750.146 OBIE: Safari v5.34.57.2 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8.1, 64-bit (Build 9600) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : B7RD6 Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système AVG 2014 v14.0.4336 Kaspersky PURE 2.0 v12.0.2.733 McAfee Security Scan Plus v3.8.141.11 Windows Defender W8 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 12 Plugin Adobe Reader XI Java 7 Update 17 Java 7 Update 51 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3979 MB (38% free) System Restore: Activé (Enable) System drive C: has 83 GB (44%) free of 186 GB ---\\ Mode de connexion au système ~ Computer Name: PC-THALIE ~ User Name: nathalie ~ All Users Names: nathalie, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\nathalie\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\nathalie\AppData\Roaming\ ~ %Desktop% : C:\Users\nathalie\Desktop\ ~ %Favorites% : C:\Users\nathalie\Favorites\ ~ %LocalAppData% : C:\Users\nathalie\AppData\Local\ ~ %StartMenu% : C:\Users\nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 83 Go of 186 Go) D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/02/2014 - 10:24:52.) -- C:\Windows\System32\wininet.dll [2334208] [MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736] [MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656] [MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.14/11/2013 - 08:31:09.) -- C:\Windows\system32\Drivers\IpNat.sys [141824] [MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.14/11/2013 - 08:31:06.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/10939 ~ Mes Videos (My Videos) : 1/4 ~ Mes Favoris (My Favorites) : 1/8 ~ Mes Documents (My Documents) : 1/3109 ~ Mon Bureau (My Desktop) : 2/3818 ~ Menu demarrer (Programs) : 1/27 ~ Hidden Files: Scanned in 00mn 18s ---\\ Processus lancés [MD5.7C58A2513C3DA421A461D75C66C56D21] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1123536] [PID.896] [MD5.77B61BA0EB74B23E21D24BC8F226439F] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352] [PID.5912] [MD5.F920FBB43C1CDB905044C91B9A3FD516] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560] [PID.508] [MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432] [PID.944] [MD5.AA04FCF6505766E177354E4E4CF5CFE1] - (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files (x86)\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe [278528] [PID.1660] [MD5.58FC1B36032F03342E4C02813F80DAC1] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\nathalie\AppData\Roaming\Dropbox\bin\Dropbox.exe [30714328] [PID.5688] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2548] [MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.3232] [MD5.16EE5FC85A65296FFFC4BA8BDDDD0933] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320] [PID.2728] [MD5.849D66021A0EF43A20137BA9D85ECADF] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.3076] [MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3068] [MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.760] [MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe [1863560] [PID.4604] [MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.4296] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\nathalie\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default][HomePage] http://www.v9.com G2 - GCE: Preference [User Data\Default] [anakpfpojdnocblgejmienjaaggfgbdj] Meteo en France v.3.1 (Activé) G2 - GCE: Preference [User Data\Default] [bopakagnckmlgajfccecajhnimjiiedh] McAfee Security Scan+ v.3.8.141.12 (Désactivé) G2 - GCE: Preference [User Data\Default] [dcpfhaghaadpjpgocojgnlhjcieeooel] Re-markit v.1.157.0.0 (Activé) =>PUP.ReMarkIt G2 - GCE: Preference [User Data\Default] [imbjbmkgfiblfickjihmmbliggillaie] Waves 2nd Edition v.1 (Activé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [ngaeinfoeljecnggcbonnohnjpepenmb] SavingsBull v.5.0, (Activé) =>PUP.SavingsBull G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [oampnkjpomgmmphfoedhihefpbjhjamo] Phase lunaire actuelle et infos v.1.10.0.0 (Activé) G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.1.3, (Activé) ~ Google Browser: 27 Legitimates Filtered in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\qaajlq2b.default\prefs.js C:\Users\nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\qaajlq2b.default\user.js M3 - MFPP: Plugins - [nathalie] -- C:\Users\nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\qaajlq2b.default\searchplugins\askcom.xml M3 - MFPP: Plugins - [nathalie] -- C:\Users\nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\qaajlq2b.default\searchplugins\iminent.xml =>Adware.IMBooster M3 - MFPP: Plugins - [nathalie] -- C:\Users\nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\qaajlq2b.default\searchplugins\softonic.xml =>Toolbar.Conduit M2 - MFEP: prefs.js [nathalie - qaajlq2b.default\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com] [] MediaPlayerEnhance v (..) =>PUP.MediaPlayerEnhance M2 - MFEP: prefs.js [nathalie - qaajlq2b.default\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com] [] video-high v (..) =>PUP.CrossRider M2 - MFEP: prefs.js [nathalie - qaajlq2b.default\ffxtlbr@iminent.com] [] Iminent Toolbar v1.6.0 (..) =>Adware.IMBooster M2 - MFEP: prefs.js [nathalie - qaajlq2b.default\ffxtlbra@softonic.com] [] softonic.com v1.6.0 (..) =>Toolbar.Conduit M2 - MFEP: prefs.js [nathalie - qaajlq2b.default\quick_start@gmail.com] [] Quick Start v1.6.0 (..) M2 - MFEP: prefs.js [nathalie - qaajlq2b.default\SavingsBull@jetpack] [] SavingsBull v5.0 (..) =>PUP.SavingsBull ~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com ~ IE Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{4F524A2D-5637-006A-76A7-7A786E7484D7} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: ASUS Install.lnk . (.ASUSTek Computer INC. - AsInsWiz.) -- C:\eSupport\eDriver\AsInsWiz.exe O4 - GS\Desktop [Public]: ASUS Instant Connect Installer.lnk . (...) -- C:\Windows\Installer\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}\_77CD0D17CE4BC69D3FCD39.exe O4 - GS\Desktop [Public]: ASUS InstantOn.lnk . (...) -- C:\Windows\Installer\{749F674B-2674-47E8-879C-5626A06B2A91}\_5071C9DBC1BB2B48AAB6B3.exe O4 - GS\Desktop [Public]: ASUS Tutor.lnk . (...) -- C:\windows\Installer\{58172D66-2F69-4215-9AEC-ED8196023736}\_ECAE39551DF09CB0079E46.exe O4 - GS\Desktop [Public]: eManual.Lnk . (.ASUSTek Computer Inc. - EManual Application.) -- C:\eSupport\Manual\eManual.exe O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe O4 - GS\Desktop [Public]: WebStorage Sync Agent.lnk . (.ASUS Cloud Corporation - ASUS WebStorage Panel.) -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline O4 - GS\Program [Public]: HD VDeck.lnk . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe O4 - GS\QuickLaunch [nathalie]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe O4 - GS\QuickLaunch [nathalie]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [nathalie]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [nathalie]: ASUS InstantOn.lnk . (...) -- C:\Windows\Installer\{749F674B-2674-47E8-879C-5626A06B2A91}\_8E4577A33BBD37BAD50032.exe O4 - GS\TaskBar [nathalie]: ASUSDVD.lnk . (.CyberLink Corp. - ASUSDVD.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe O4 - GS\TaskBar [nathalie]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [nathalie]: Lanceur d'applications Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [nathalie]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar [nathalie]: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe O4 - GS\Program [nathalie]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Global Startup: 66 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. - AsusVibe Application.) -- C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe O4 - GS\Startup [Public]: e-Carte Bleue Banque Populaire.lnk . (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files (x86)\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe O4 - GS\Startup [nathalie]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\nathalie\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox O4 - GS\Startup [nathalie]: Envoyer à OneNote.lnk . (...) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.exe (.not file.) O4 - HKLM\..\Run: [ASUSQuickGesture(x86)] . (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe O4 - HKLM\..\Run: [ASUSTPLoader(x64)] . (.AsusTek - ASUS Smart Gesture Loader.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe O4 - HKLM\..\Run: [ASUSQuickGesture(x64)] . (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe O4 - HKLM\..\Run: [ACMON] . (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTE.exe =>.Epson Seiko Corporation O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\nathalie\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe O4 - HKLM\..\Wow6432Node\Run: [ASUSWebStorage] . (.ASUS Cloud Corporation - ASUS WebStorage Panel.) -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe O4 - HKUS\S-1-5-21-3083540073-2572008181-1471925643-1001\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTE.exe =>.Epson Seiko Corporation O4 - HKUS\S-1-5-21-3083540073-2572008181-1471925643-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-3083540073-2572008181-1471925643-1001\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\nathalie\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe (.not file.) ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Clavier &virtuel [64Bits] - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\kbrd.ico O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: Analyse des &liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{537CA4DB-E27E-4946-A38C-679559FB4F3C}: DhcpNameServer = 40.54.1.201 40.54.1.203 O17 - HKLM\System\CCS\Services\Tcpip\..\{75401E20-BD3D-4F96-98EA-813BBF361A45}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{537CA4DB-E27E-4946-A38C-679559FB4F3C}: DhcpNameServer = 40.54.1.201 40.54.1.203 O17 - HKLM\System\CS1\Services\Tcpip\..\{75401E20-BD3D-4F96-98EA-813BBF361A45}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\System32\klogon.dll ~ Winlogon: Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\softonicToolbar] =>Toolbar.Conduit ~ Key Software: 210 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 08/03/2014 - 13:59:53 - [0,389] ----D C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector O43 - CFD: 10/03/2014 - 19:58:54 - [0] ----D C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect O43 - CFD: 08/03/2014 - 13:59:51 - [0,027] ----D C:\Program Files (x86)\fst_fr_121 =>PUA.FSTfr9 O43 - CFD: 08/03/2014 - 13:59:50 - [0,067] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster O43 - CFD: 10/03/2014 - 21:19:00 - [0,805] ----D C:\Program Files (x86)\media enhance O43 - CFD: 08/03/2014 - 14:02:03 - [0,497] ----D C:\Program Files (x86)\melondrea =>PUP.Melondrea O43 - CFD: 10/03/2014 - 21:19:00 - [0,287] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup O43 - CFD: 10/03/2014 - 21:18:58 - [0,052] ----D C:\Program Files (x86)\Re-markit-soft =>PUP.ReMarkIt O43 - CFD: 08/03/2014 - 13:59:50 - [1,816] ----D C:\Program Files (x86)\SavingsBull =>PUP.SavingsBull O43 - CFD: 10/03/2014 - 21:18:58 - [0,690] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab O43 - CFD: 08/03/2014 - 13:59:50 - [0,231] ----D C:\Program Files (x86)\System Speedup =>PUP.SystemSpeedup O43 - CFD: 10/03/2014 - 21:18:56 - [0,837] ----D C:\Program Files (x86)\video-high =>PUP.CrossRider O43 - CFD: 01/11/2013 - 10:00:48 - [0] ----D C:\ProgramData\APN O43 - CFD: 08/05/2013 - 17:31:18 - [0] ----D C:\ProgramData\Ask O43 - CFD: 10/03/2014 - 21:22:41 - [0] ----D C:\ProgramData\IePluginService =>Trojan.Trojan.SProtector O43 - CFD: 10/03/2014 - 21:22:41 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager O43 - CFD: 08/03/2014 - 13:59:29 - [0,236] ----D C:\Users\nathalie\AppData\Roaming\System Speedup =>PUP.SystemSpeedup O43 - CFD: 10/03/2014 - 21:17:44 - [0,017] ----D C:\Users\nathalie\AppData\Roaming\v9 O43 - CFD: 08/03/2014 - 13:59:48 - [0,003] ----D C:\Users\nathalie\AppData\Local\fst_fr_121 =>PUA.FSTfr9 O43 - CFD: 10/03/2014 - 19:58:48 - [0] ----D C:\Users\nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup =>PUP.AnyProtect O43 - CFD: 10/03/2014 - 21:17:50 - [0] ----D C:\Users\nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware ~ Program Folder: 173 Legitimates Filtered in 00mn 47s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/03/2014 - 09:06:38 ---A- . (...) -- C:\Windows\System32\Service.log [0] O44 - LFC:[MD5.F75F67A395D1FA153D3CA3CF0D8785FD] - 08/03/2014 - 13:43:31 ---A- . (...) -- C:\Windows\System32\SavingsBullFilterService.log [2887366] =>PUP.SavingsBull ~ Files: 6 Legitimates Filtered in 00mn 10s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:[MD5.AB1201F8DE199E764DA9A32ABF71049C] - 14/12/2009 - 11:44:24 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [85048] O58 - SDL:[MD5.A6EED705BB510FA6B0F9F097165A3395] - 14/12/2009 - 11:44:24 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66104] O58 - SDL:[MD5.A8080BEBCDB7A16495CE1205921DCAC5] - 02/08/2012 - 04:22:48 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992] O58 - SDL:[MD5.955FFE2B1D74A9E0E3E0E558E6A17F3B] - 28/10/2013 - 01:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288] O58 - SDL:[MD5.BB94A5E2CEE5FD83BA5A72A37AECADDF] - 28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568] O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] ~ Drivers: 17 Legitimates Filtered in 00mn 06s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: C:\Users\nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\qaajlq2b.default\searchplugins\askcom.xml O69 - SBI: prefs.js [nathalie - qaajlq2b.default] user_pref("extensions.crossrider.bic", "144b132cb7c0b4131cc165be01d438b7"); =>PUP.CrossRider O69 - SBI: SearchScopes [HKCU] {199E2824-1AB7-4BD6-95D8-AD1DBA13F9B2} - (Ask Search) - http://www.search.ask.com O69 - SBI: SearchScopes [HKCU] {95BDB134-4BD3-4296-9427-9E38FE441D76} [DefaultScope] - (Search the web (Softonic)) - http://search.softonic.com =>Adware.IMBooster ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576] [MD5.EB871C9510FA49D7C801BBAF6CD2F57D] [SPRF][08/05/2013] (...) -- C:\Users\nathalie\AppData\Roaming\sp_data.sys [401] ~ Files: 2 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{A4527111-03BD-4232-B6F0-D7AE631B70C9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (.not file.) ~ Firewall: 259 Legitimates Filtered in 00mn 01s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 11/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 29/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Auto 02/04/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 02/04/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 26/11/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 16/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe SS - | Demand 16/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe SR - | Auto 22/01/2014 3788816 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe SR - | Auto 24/09/2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 21/12/2009 743992 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe SR - | Auto 25/04/2011 136576 | (EPSON_PM_RPCV4_05) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.exe SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 14/08/2012 27792 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation ~ Services: Scanned in 00mn 10s ---\\ Scan Additionnel (O88) Database Version : 13031 - (12/03/2014) Clés trouvées (Keys found) : 7 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 29 Fichiers trouvés (Files found) : 1 [HKLM\Software\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel] =>PUP.ReMarkIt^ [HKLM\Software\Google\Chrome\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb] =>PUP.SavingsBull^ [HKLM\Software\Classes\S] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}] =>PUP.Funmoods [HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector [HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira C:\Users\nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel =>PUP.ReMarkIt^ C:\Users\nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb =>PUP.SavingsBull^ C:\Users\nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\qaajlq2b.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com =>PUP.MediaPlayerEnhance^ C:\Users\nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\qaajlq2b.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com =>PUP.CrossRider^ C:\Users\nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\qaajlq2b.default\extensions\ffxtlbr@iminent.com =>Adware.IMBooster^ C:\Users\nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\qaajlq2b.default\extensions\ffxtlbra@softonic.com =>Toolbar.Conduit^ C:\Users\nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\qaajlq2b.default\extensions\SavingsBull@jetpack =>PUP.SavingsBull^ C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector^ C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect^ C:\Program Files (x86)\fst_fr_121 =>PUA.FSTfr9^ C:\Program Files (x86)\Iminent =>Adware.IMBooster^ C:\Program Files (x86)\melondrea =>PUP.Melondrea^ C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^ C:\Program Files (x86)\Re-markit-soft =>PUP.ReMarkIt^ C:\Program Files (x86)\SavingsBull =>PUP.SavingsBull^ C:\Program Files (x86)\SupTab =>PUP.SupTab^ C:\Program Files (x86)\System Speedup =>PUP.SystemSpeedup^ C:\Program Files (x86)\video-high =>PUP.CrossRider^ C:\ProgramData\IePluginService =>Trojan.Trojan.SProtector^ C:\ProgramData\WPM =>PUP.WpManager^ C:\Users\nathalie\AppData\Roaming\System Speedup =>PUP.SystemSpeedup^ C:\Users\nathalie\AppData\Local\fst_fr_121 =>PUA.FSTfr9^ C:\Users\nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup =>PUP.AnyProtect^ C:\Users\nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware^ C:\Program Files (x86)\Software =>Adware.Boxore C:\Program Files (x86)\Optimizer Pro =>PUP.OptimizerPro C:\Users\nathalie\AppData\Roaming\Optimizer Pro =>PUP.OptimizerPro C:\Users\nathalie\AppData\Local\Software =>Adware.Boxore C:\Users\nathalie\AppData\Local\Temp\Iminent =>Adware.IMBooster [HKCU\Software\softonicToolbar] =>Toolbar.Conduit^ ~ Additionnel Scan: 250623 Items scanned in 00mn 19s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/36657231-pup-remarki =>PUP.ReMarkIt ~ http://nicolascoolman.webs.com/apps/blog/show/41823682-pup-savingsbull =>PUP.SavingsBull ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector ~ http://nicolascoolman.webs.com/apps/blog/show/41695065-pup-anyprotect =>PUP.AnyProtect ~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9 ~ http://nicolascoolman.webs.com/apps/blog/show/41783674-pup-melondrea =>PUP.Melondrea ~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup ~ http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab ~ http://nicolascoolman.webs.com/apps/blog/show/41499656-pup-systemspeedup =>PUP.SystemSpeedup ~ http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector ~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager ~ http://nicolascoolman.webs.com/apps/blog/show/26690384-adware-downware =>Adware.Downware ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods ~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro ~ MSI: 19 link(s) detected in 00mn 20s ~ 954 Legitimates filtered by white list End of the scan (512 lines in 02mn 23s)(0)