~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014) ~ Lancé par natou (03/02/2014 21:44:32) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.16428 MFIE: Mozilla Firefox 26.0 (Defaut) GCIE: Google Chrome v32.0.1700.102 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : HYRR2 Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avira Free Antivirus v13.0.0.4042 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.4.0304.0 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.10 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer µTorrent v3.2.0 =>P2P.µTorrent ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 51 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4087 MB (56% free) System Restore: Activé (Enable) System drive C: has 182 GB (60%) free of 298 GB ---\\ Mode de connexion au système ~ Computer Name: NATOU-PC ~ User Name: natou ~ All Users Names: natou, HomeGroupUser$, Guest, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\natou\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\natou\AppData\Roaming\ ~ %Desktop% : C:\Users\natou\Desktop\ ~ %Favorites% : C:\Users\natou\Favorites\ ~ %LocalAppData% : C:\Users\natou\AppData\Local\ ~ %StartMenu% : C:\Users\natou\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 182 Go of 298 Go) D: Hard drive, Flash drive, Thumb drive (Free 1726 Go of 1863 Go) E: CD-ROM drive (Not Inserted) F: CD-ROM drive (Not Inserted) G: CD-ROM drive (Not Inserted) H: CD-ROM drive (Not Inserted) I: Hard drive, Flash drive, Thumb drive (Free 518 Go of 932 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 46 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.E6CB36B85BE59095337427E853A5B65A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.03/02/2014 - 03:21:26.) -- C:\Windows\System32\wininet.dll [2332160] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.15/01/2011 - 16:54:14.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.15/01/2011 - 16:54:06.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.15/01/2011 - 16:53:24.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2011 - 16:54:19.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/01/2011 - 16:53:24.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.15/01/2011 - 16:53:29.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.15/01/2011 - 16:54:19.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.15/01/2011 - 16:54:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.15/01/2011 - 16:54:18.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.15/01/2011 - 16:53:24.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes musiques (My Musics) : 1/93 ~ Mes Favoris (My Favorites) : 1/20 ~ Mes Documents (My Documents) : 2/355 ~ Mon Bureau (My Desktop) : 1/1107 ~ Menu demarrer (Programs) : 1/25 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.1E74C3EF30DB23A730751E0068E76ED4] - (.Winstep Software Technologies - NeXuS.) -- C:\Program Files (x86)\Winstep\Nexus.exe [16957056] [PID.2796] [MD5.EAA3CBFD5E8B7EB3349B36EE5610052E] - (.Pas de propriétaire - Wireless net configuration UI.) -- C:\Program Files (x86)\Tenda\W322P\UI.exe [2281472] [PID.2828] [MD5.A07E8935CC8DCE6DB787DC99129CA17C] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408] [PID.464] [MD5.DA271F2BE920B2F5FC8EAF86EBA07C07] - (.Pas de propriétaire - Netgear.) -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe [4562944] [PID.2608] [MD5.AA16204FD1F75637E8EAEB593A8FA597] - (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [180224] [PID.3196] [MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.3224] [MD5.CE42DFE915F78246364D464902E47360] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.3244] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3252] [MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.440] [MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3800] [MD5.8769E2D1072B62AB071F166F03B3E3DC] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024] [PID.1800] [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1956] [MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1984] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2004] [MD5.19E83B09AB8EE1D837665DA941E2AC44] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [66872] [PID.1392] [MD5.87F79BBE778B586F0FE74C8216E40502] - (.Winstep Software Technologies - Winstep Xtreme Helper Service.) -- C:\Program Files (x86)\Winstep\WsxService.exe [377344] [PID.1368] [MD5.3E366F57CBB540C965BAB1F2BE6D7998] - (.Pas de propriétaire - Wifi Service.) -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [278528] [PID.2028] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\natou\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [jmdfkjlljlcnpieheebgemppmahlebgn] TW-DB.info Quick Import Button v.1.2.3 (Désactivé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [pfokggpnenjibdcfibokbhkbcheeloff] The West - tw-db.info Cloth Calc [eng] v.1.0 (Désactivé) ~ Google Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\natou\AppData\Roaming\Mozilla\Firefox\Profiles\dltyhoh6.default\prefs.js C:\Users\natou\AppData\Roaming\Mozilla\Firefox\Profiles\gq83s5rl.Mozilla_Firefox_3.0\prefs.js C:\Users\natou\AppData\Roaming\Mozilla\Firefox\Profiles\qkmk5rxg.Mozilla_Firefox_3.6\prefs.js C:\Users\natou\AppData\Roaming\Mozilla\Firefox\Profiles\r2yk6h25.default\prefs.js C:\Users\natou\AppData\Roaming\Mozilla\Firefox\Profiles\x5oa6i22.Mozilla_Firefox_3.5\prefs.js C:\Users\natou\AppData\Roaming\Mozilla\Firefox\Profiles\xsie5w90.Mozilla_Firefox_2.0\prefs.js M0 - MFSP: prefs.js [natou - gq83s5rl.Mozilla_Firefox_3.0] http://utilu.com M0 - MFSP: prefs.js [natou - qkmk5rxg.Mozilla_Firefox_3.6] http://utilu.com M0 - MFSP: prefs.js [natou - x5oa6i22.Mozilla_Firefox_3.5] http://utilu.com M0 - MFSP: prefs.js [natou - xsie5w90.Mozilla_Firefox_2.0] http://utilu.com M2 - MFEP: prefs.js [natou - r2yk6h25.default\ctrl-tab@design-noir.de] [ctrlTab] Ctrl-Tab v0.21.1 (..) M2 - MFEP: prefs.js [natou - r2yk6h25.default\en-US@dictionaries.addons.mozilla.org] [] United States English Spellchecker v7.0.1 (..) M2 - MFEP: prefs.js [natou - r2yk6h25.default\https-everywhere@eff.org] [] HTTPS-Everywhere v3.0.2 (..) M2 - MFEP: prefs.js [natou - r2yk6h25.default\iTunesFox@sjcmankimo.tw] [] iTunesFox v0.3.2 (..) M2 - MFEP: prefs.js [natou - r2yk6h25.default\mupdf@ccxvii.net] [] MuPDF v2008.09.02 (..) M2 - MFEP: prefs.js [natou - r2yk6h25.default\{0545b830-f0aa-4d7e-8820-50a4629a56fe}] [] ColorfulTabs v2.0.20 (..) M2 - MFEP: prefs.js [natou - r2yk6h25.default\{0B6B0D55-DFAC-4006-AEE6-25667F55A2A8}] [] Make Link v11.03 (..) M2 - MFEP: prefs.js [natou - r2yk6h25.default\{35106bca-6c78-48c7-ac28-56df30b51d2a}] [] Linkification v1.3.8 (..) M2 - MFEP: prefs.js [natou - r2yk6h25.default\{3d7eb24f-2740-49df-8937-200b1cc08f8a}] [] Flashblock v1.5.17 (..) M2 - MFEP: prefs.js [natou - r2yk6h25.default\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}] [] MR Tech Toolkit v6.0.4 (..) M2 - MFEP: prefs.js [natou - r2yk6h25.default\{9fb8c270-7124-11dd-ad8b-0800200c9a66}] [] Download status v1.7.3 (..) M2 - MFEP: prefs.js [natou - r2yk6h25.default\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}] [] Download Statusbar v0.9.8 (..) ~ Firefox Browser: 49 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [natou]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [natou]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [natou]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [natou]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [natou]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [natou]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [natou]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [natou]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [natou]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [natou]: Panneau de configuration - Raccourci.lnk - Clé orpheline ~ Global Startup: 51 Legitimates Filtered in 00mn 05s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: Assistant de configuration NETGEAR WNA1100.lnk . (...) -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe O4 - HKCU\..\Run: [Nexus] . (.Winstep Software Technologies - NeXuS.) -- C:\Program Files (x86)\Winstep\Nexus.exe O4 - HKCU\..\Run: [Tenda_UI] . (.Pas de propriétaire - Wireless net configuration UI.) -- C:\Program Files (x86)\Tenda\W322P\UI.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2212807343-2738911772-2121891939-1000\..\Run: [Nexus] . (.Winstep Software Technologies - NeXuS.) -- C:\Program Files (x86)\Winstep\Nexus.exe O4 - HKUS\S-1-5-21-2212807343-2738911772-2121891939-1000\..\Run: [Tenda_UI] . (.Pas de propriétaire - Wireless net configuration UI.) -- C:\Program Files (x86)\Tenda\W322P\UI.exe O4 - HKUS\S-1-5-21-2212807343-2738911772-2121891939-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{1B91B247-B86F-44FC-A838-E5FFF64C328B}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{A7AB13D3-42E4-4D5E-A225-CD78ACA615EE}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{A9172C37-D9DC-470D-B02C-0204CE661F02}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{1B91B247-B86F-44FC-A838-E5FFF64C328B}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{A7AB13D3-42E4-4D5E-A225-CD78ACA615EE}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{A9172C37-D9DC-470D-B02C-0204CE661F02}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{1B91B247-B86F-44FC-A838-E5FFF64C328B}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{A7AB13D3-42E4-4D5E-A225-CD78ACA615EE}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{A9172C37-D9DC-470D-B02C-0204CE661F02}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\SysWOW64\PnkBstrA.exe O23 - Service: WSWNA1100 (WSWNA1100) . (.Pas de propriétaire - Wifi Service.) - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ~ Services: 9 Legitimates Filtered in 00mn 03s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl] (...) -- C:\Users\natou\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\MinibarChrome.exe (.not file.) [0] =>PUP.Minibar ~ Scheduled Task: 10 Legitimates Filtered in 00mn 08s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (cumuncqs) . (. - .) - C:\Windows\system32\drivers\cumuncqs.sys (.not file.) O41 - Driver: (kckkvebv) . (. - .) - C:\Windows\system32\drivers\kckkvebv.sys (.not file.) ~ Drivers: 90 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {DD7575CC-5005-4B22-8E72-0637F6C01C58} =>Adware.IMBooster ~ Logic: 20 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKLM\Software\Wow6432Node\DLC] ~ Key Software: 258 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 30/10/2011 - 18:31:48 - [0,001] ----D C:\Users\natou\AppData\Local\201280 ~ Program Folder: 150 Legitimates Filtered in 00mn 24s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 03/02/2014 - 03:21:25 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284] ~ Files: 152 Legitimates Filtered in 01mn 06s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.BC8A93D76353C5FC095864A4CA463B7E] - 03/02/2014 - 09:34:16 ---A- - C:\Windows\Prefetch\WNA1100.EXE-B2BD103B.pf O45 - LFCP:[MD5.02B00E2595DE17133BF25226F9640057] - 03/02/2014 - 09:34:17 ---A- - C:\Windows\Prefetch\PWRISOVM.EXE-F5736F5C.pf O45 - LFCP:[MD5.B25B52CF86BDBFCCD3568A882FBCC94D] - 03/02/2014 - 09:34:17 ---A- - C:\Windows\Prefetch\UI.EXE-187A91CD.pf O45 - LFCP:[MD5.C8A5D2E396C32B39372CA267BB7619C3] - 03/02/2014 - 09:37:16 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-127CA909.pf O45 - LFCP:[MD5.0A59B9B18B7804314F05140D4A5266C3] - 03/02/2014 - 09:40:59 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-40C7F43B.pf O45 - LFCP:[MD5.4EAAF6EB8D25A863365BEAF3EA47838A] - 03/02/2014 - 09:41:34 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-3E64E5E4.pf O45 - LFCP:[MD5.2788D67CF43F7A0D4FC6620B40281639] - 03/02/2014 - 09:43:33 ---A- - C:\Windows\Prefetch\MOZILLA-FIREFOX_26_FR_11003.E-ED89B8D5.pf O45 - LFCP:[MD5.20D10A15438714E6F38AF3B55702418B] - 03/02/2014 - 09:46:06 ---A- - C:\Windows\Prefetch\MOZILLA-FIREFOX_26_FR_11003.E-C1D10F21.pf O45 - LFCP:[MD5.598FD50C078F1B03D054E4C88C59B505] - 03/02/2014 - 10:30:34 ---A- - C:\Windows\Prefetch\CLEANUP.EXE-83448020.pf O45 - LFCP:[MD5.66F0C6FA7742D8A201DFFBD82D1E6603] - 03/02/2014 - 21:00:51 ---A- - C:\Windows\Prefetch\WINSTEPXTREME.EXE-C6AEE6BE.pf ~ Prefetcher: 106 Legitimates Filtered in 00mn 01s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{ef271117-a977-11e0-9993-e0cb4e0e93f9}\AutoRun\command. (...) -- I:\WD SmartWare.exe (.not file.) O51 - MPSK:{ef27112f-a977-11e0-9993-e0cb4e0e93f9}\AutoRun\command. (...) -- H:\Autorun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "HideSCAHealth"=1 ~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.4CCF421E6C4B2A4CBCE000715911F7CC] - 06/03/2009 - 17:10:10 ---A- . (.Pas de propriétaire - NDIS 6.0 Filter Driver.) -- C:\Windows\System32\Drivers\anodlwfx.sys [15872] O58 - SDL:[MD5.03B7145C889603537E9FFEABB1AD1089] - 29/03/2005 - 00:30:38 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192] O58 - SDL:[MD5.FB9BEF3401EE5ECC2603311B9C64F44A] - 08/07/2011 - 17:30:30 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [254528] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.6CE6F98EA3D07A9C2CE3CD0A5A86352D] - 12/04/2010 - 09:55:00 ---A- . (.PowerISO Computing, Inc. - PowerISO Virtual Drive.) -- C:\Windows\System32\Drivers\scdemu.sys [91568] O58 - SDL:[MD5.6011CDF54BB6F4C69F38FACCDAD73D7E] - 19/01/2007 - 17:24:24 ---A- . (.Windows (R) Codename Longhorn DDK provider - NDIS User mode I/O Driver.) -- C:\Windows\System32\Drivers\SCMNdisP.sys [25312] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] ~ Drivers: 17 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 02/02/2014 - 21:46:52 ---A- . (...) -- C:\Users\natou\AppData\Local\avgchrome\avgp [99151] O61 - LFC: 03/02/2014 - 21:47:00 ---A- . (...) -- C:\Users\natou\AppData\Local\GDIPFONTCACHEV1.DAT [57320] O61 - LFC: 03/02/2014 - 21:47:00 ---A- . (...) -- C:\Users\natou\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [273221] O61 - LFC: 03/02/2014 - 21:47:00 ---A- . (...) -- C:\Users\natou\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] O61 - LFC: 03/02/2014 - 21:47:06 ---A- . (...) -- C:\Users\natou\AppData\Local\Google\Chrome\User Data\Local State [67992] O61 - LFC: 03/02/2014 - 21:47:08 ---A- . (...) -- C:\Users\natou\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\manifest.fingerprint [66] O61 - LFC: 03/02/2014 - 21:47:08 ---A- . (...) -- C:\Users\natou\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\manifest.json [845] O61 - LFC: 03/02/2014 - 21:47:09 ---A- . (...) -- C:\Users\natou\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdm.dll [6940304] O61 - LFC: 03/02/2014 - 21:47:10 ---A- . (...) -- C:\Users\natou\AppData\Local\resmon.resmoncfg [17] O61 - LFC: 03/02/2014 - 21:49:49 ---A- . (...) -- C:\Users\natou\AppData\Roaming\ZHP\Log.txt [15474] =>.Nicolas Coolman O61 - LFC: 03/02/2014 - 21:49:49 ---A- . (...) -- C:\Users\natou\AppData\Roaming\ZHP\TestsZHPDiag.txt [2848] =>.Nicolas Coolman O61 - LFC: 03/02/2014 - 21:49:52 ---A- . (...) -- C:\Users\natou\Downloads\adwcleaner.exe [1166132] O61 - LFC: 03/02/2014 - 21:50:00 ---A- . (...) -- C:\Users\natou\Downloads\vlc-2.1.2-win32.exe [24097311] ~ 20 Fichiers temporaires (Temporary files) ~ Files: 296 Legitimates Filtered in 03mn 12s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {758B870D-DF78-4A6A-9955-DEDDCACF94DC} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {758B870D-DF78-4A6A-9955-DEDDCACF94DC} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {758B870D-DF78-4A6A-9955-DEDDCACF94DC} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.E9A950A18C5C891E9A0EE401B62B7705] [SPRF][03/02/2013] (...) -- C:\ProgramData\slpcsrj.bat [79] [MD5.FFD0AD91EF089DF0147CDF75721500DF] [SPRF][03/02/2013] (...) -- C:\ProgramData\slpcsrj.reg [153] [MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][23/10/2013] (...) -- C:\Users\natou\AppData\Local\Temp\Quarantine.exe [344355] ~ Files: 3 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "54A306F2659DB694185B057D28249467" . (.SweetPacks Toolbar for Internet Explorer 4.4.) -- C:\Windows\Installer\{2F603A45-D956-496B-81B5-50D782424976}\ARPPRODUCTICON.exe =>PUP.SweetIM O90 - PUC: "CC5757DD500522B4E82760736F0CC185" . (.Iminent.) -- C:\Windows\Installer\{DD7575CC-5005-4B22-8E72-0637F6C01C58}\imbooster.ico =>Adware.IMBooster ~ Update Products: 50 Legitimates Filtered in 00mn 00s ---\\ Enumère les données de la clé NameSpace (MNS) (O92) O92 - MNS: Mobility Center Control Panel - {5ea4f148-308c-46d7-98a9-49041b1dd468} ~ MNS: 28 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 02/02/2014 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 15/05/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 15/05/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 05/11/2009 954368 | (jswpsapi) . (.Atheros Communications, Inc..) - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe SS - | Demand 01/05/2011 420864 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe SS - | Demand 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 10/08/2009 93848 | (SandraAgentSrv) . (.SiSoftware.) - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 12/10/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 18/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 18/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Demand 16/08/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 23/10/2013 23808 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 27/11/2009 278528 | (WSWNA1100) . (...) - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 12s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by natou at 03/02/2014 21:51:48 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by natou at 03/02/2014 21:51:51 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13030 - (25/01/2014) Clés trouvées (Keys found) : 77 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DD7575CC-5005-4B22-8E72-0637F6C01C58}] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Features\2BC4C58B253B8DB418C8CB3E35951970] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\2BC4C58B253B8DB418C8CB3E35951970] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Features\2BC4C58B253B8DB418C8CB3E35951970] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Products\2BC4C58B253B8DB418C8CB3E35951970] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Features\54A306F2659DB694185B057D28249467] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\54A306F2659DB694185B057D28249467] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Features\54A306F2659DB694185B057D28249467] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Products\54A306F2659DB694185B057D28249467] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^ ~ Additionnel Scan: 266486 Items scanned in 00mn 16s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/34407192-pup-minibar =>PUP.Minibar ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma ~ MSI: 4 link(s) detected in 00mn 16s ~ 1591 Legitimates filtered by white list End of the scan (578 lines in 07mn 35s)(0)