~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014) ~ Lancé par Françoise (02/01/2014 17:44:28) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.16476 MFIE: Mozilla Firefox 26.0 (Defaut) GCIE: Google Chrome v31.0.1650.63 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8.1, 64-bit (Build 9600) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : YDTBG Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système avast! Free Antivirus v9.0.2011 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W8 ---\\ Logiciels d'optimisation du système CCleaner v4.09 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3994 MB (44% free) System Restore: Activé (Enable) System drive C: has 850 GB (93%) free of 912 GB ---\\ Mode de connexion au système ~ Computer Name: COISE ~ User Name: Françoise ~ All Users Names: UpdatusUser, HomeGroupUser$, Françoise, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Françoise\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Françoise\AppData\Roaming\ ~ %Desktop% : C:\Users\Françoise\Desktop\ ~ %Favorites% : C:\Users\Françoise\Favorites\ ~ %LocalAppData% : C:\Users\Françoise\AppData\Local\ ~ %StartMenu% : C:\Users\Françoise\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 850 Go of 912 Go) D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 17 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.27/12/2013 - 15:37:12.) -- C:\Windows\System32\wininet.dll [2334208] [MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736] [MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656] [MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.14/11/2013 - 08:31:09.) -- C:\Windows\system32\Drivers\IpNat.sys [141824] [MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.14/11/2013 - 08:31:06.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/25407 ~ Mes musiques (My Musics) : 1/3658 ~ Mes Videos (My Videos) : 1/21 ~ Mes Favoris (My Favorites) : 1/7 ~ Mes Documents (My Documents) : 1/246 ~ Mon Bureau (My Desktop) : 2/21 ~ Menu demarrer (Programs) : 1/36 ~ Hidden Files: Scanned in 00mn 14s ---\\ Processus lancés [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1920] [MD5.BC90F2034566DDE57216EF9AFFD12D72] - (.XTRALOG - Agenda de bureau.) -- C:\Program Files (x86)\Calendrier\Cld2000.exe [3030528] [PID.4168] [MD5.1B7406B1EEF9924D589A7007C3733877] - (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496] [PID.4484] [MD5.F5D595BBAC654CD391E824043F7FEDFB] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144] [PID.2756] [MD5.BE1DAE43DFBCA94FB6B4157C1B16923E] - (...) -- ysWOW64\RunDll32.exe [0] [PID.4144] [MD5.1BF9D6476061B31CD7FC2BF848529A56] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368] [PID.3912] [MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5196] [MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.5568] [MD5.1D87BA213DB7AA939A5A78C726589911] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe [1862536] [PID.4756] [MD5.40D284168E70423B8FBE16C36D5B9B13] - (.Renier Crause - PopTray E-Mail Notifier.) -- C:\Program Files (x86)\PopTray\PopTray.exe [1666048] [PID.6548] [MD5.D5CDEA452982FC61E21EE978AAB134DD] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [367016] [PID.7860] [MD5.312707A513F86ED20642F43F8EF4DD14] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [264616] [PID.7528] [MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8321024] [PID.4228] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Françoise\AppData\Roaming\Mozilla\Firefox\Profiles\5hfloq81.default\prefs.js M2 - MFEP: prefs.js [Françoise - 5hfloq81.default\support@websteroidsapp.com] [] Websteroids v2.6.53 (..) =>PUP.TubeDimmer M2 - MFEP: prefs.js [Françoise - 5hfloq81.default\{0545b830-f0aa-4d7e-8820-50a4629a56fe}] [] ColorfulTabs v2.6.53 (..) M2 - MFEP: prefs.js [Françoise - 5hfloq81.default\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}] [] Personas Rotator v8.0 (..) M2 - MFEP: prefs.js [Françoise - 5hfloq81.default\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}] [] Value Apps v1.3.0.2 (..) =>Toolbar.Conduit ~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch ~ IE Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: 123 Free Solitaire.lnk . (...) -- C:\Program Files (x86)\123 Free Solitaire\123FreeSolitaire.exe O4 - GS\Desktop [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\Desktop [Public]: ZUMA.lnk . (.PopCap Games, Inc. - Zuma.) -- C:\Program Files (x86)\GameHouse\Zuma\Zuma.exe =>Adware.PopCap O4 - GS\Program [Public]: 123 Free Solitaire.lnk . (...) -- C:\Program Files (x86)\123 Free Solitaire\123FreeSolitaire.exe O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\Program [Public]: Intel(R) WiDi.lnk . (...) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe (.not file.) O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [Public]: PowerpointImageExtractor V1.2b.lnk . (.--- - Pas de description.) -- C:\Program Files (x86)\PowerpointImageExtractor_V1_2\PowerpointImageExtractor.exe O4 - GS\Desktop [UpdatusUser]: EVEREST Home Edition.lnk . (...) -- C:\Program Files (x86)\Lavalys\EVEREST Home Edition\everest.exe O4 - GS\Desktop [UpdatusUser]: PopTray.lnk . (.Renier Crause - PopTray E-Mail Notifier.) -- C:\Program Files (x86)\PopTray\PopTray.exe O4 - GS\QuickLaunch [Françoise]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [Françoise]: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\QuickLaunch [Françoise]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Françoise]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [Françoise]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [Françoise]: shanghai_dynasty.lnk . (...) -- C:\Program Files (x86)\shanghai_dynasty.exe O4 - GS\Program [Françoise]: spider.lnk . (.Microsoft Corporation - Spider.) -- C:\Program Files (x86)\spider.exe O4 - GS\Desktop [Françoise]: BEL ATOUT.lnk . (...) -- C:\Program Files (x86)\Bel Atout\belatout.exe O4 - GS\Desktop [Françoise]: CARNET ADRESSES 2 - Raccourci.lnk . (...) -- C:\Users\Françoise\Documents\CARNET ADRESSES 2.WAB O4 - GS\Desktop [Françoise]: FLIPPER.lnk . (.Cinematronics - 3D Pinball.) -- C:\Program Files (x86)\Pinball\pinball.exe O4 - GS\Desktop [Françoise]: La Crapette.lnk . (...) -- C:\Program Files (x86)\Crapette Jardin Trains 32\CRAPETTE.exe O4 - GS\Desktop [Françoise]: PopTray.lnk . (.Renier Crause - PopTray E-Mail Notifier.) -- C:\Program Files (x86)\PopTray\PopTray.exe O4 - GS\Desktop [Françoise]: Shanghai Dynasty.lnk . (...) -- C:\Users\Françoise\AppData\Local\FunnyGames\shanghai_dynasty\shanghai_dynasty.exe O4 - GS\Desktop [Françoise]: SPIDER.lnk . (.Microsoft Corporation - Spider.) -- C:\Program Files (x86)\spider.exe ~ Global Startup: 66 Legitimates Filtered in 00mn 02s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: Bluetooth.lnk . (...) -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (.not file.) O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office XP component.) -- C:\Program Files (x86)\Microsoft Office\Office10\OSA.exe =>.Microsoft Corporation O4 - GS\Startup [Françoise]: PopTray.lnk . (.Renier Crause - PopTray E-Mail Notifier.) -- C:\Program Files (x86)\PopTray\PopTray.exe O4 - GS\Startup [Françoise]: Sidebar578.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe O4 - HKCU\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O4 - HKCU\..\Run: [Cld2000.exe] . (.XTRALOG - Agenda de bureau.) -- C:\Program Files (x86)\Calendrier\Cld2000.exe O4 - HKCU\..\Run: [Rainlendar2] . (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe O4 - HKUS\S-1-5-21-4083668652-626954320-2184320003-1001\..\RunOnce: [WAB Migrate] . (.Microsoft Corporation - Windows Contacts.) -- C:\Program Files (x86)\Windows Mail\wab.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{C9424190-BB9B-4B3B-8A2A-6201714301EB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{C9424190-BB9B-4B3B-8A2A-6201714301EB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 326.) - C:\windows\system32\nvinitx.dll ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Monitor Virutal Wlan Secvice (MS_Virtual_Monitor) . (...) - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\CppWindowsService.exe O23 - Service: Service Software Update (Software_update) (Software_update) . (.The Software Group - Software Update.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore ~ Services: 22 Legitimates Filtered in 00mn 05s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\MySearchDial.job [318] =>Adware.MyWebSearch O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [932] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [936] [MD5.C34968C46A99BBD6248D30F9F1B778C2] [APT] [BoxSoftwareUpdate] (...) -- C:\ProgramData\BoxUpdChk\updchk.exe [177152] =>Adware.Boxore [MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\Françoise\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch [MD5.95E0514907B680814073BB945DDB800B] [APT] [SoftwareUpdateTaskMachineCore] (.The Software Group.) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408] =>Adware.Boxore [MD5.95E0514907B680814073BB945DDB800B] [APT] [SoftwareUpdateTaskMachineUA] (.The Software Group.) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408] =>Adware.Boxore ~ Scheduled Task: 33 Legitimates Filtered in 00mn 03s ---\\ Logiciels installés (O42) O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =>Adware.Boxore O42 - Logiciel: FileParade Bundle - (.FileParade Bundle.) [HKLM][64Bits] -- FileParade Bundle O42 - Logiciel: IncrediBackup - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediBackup O42 - Logiciel: IncrediBackup - (.Nom de votre société.) [HKLM][64Bits] -- {D44222FB-31A2-4D2B-B222-D0C5599F28D0} O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508} O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail ~ Logic: 44 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Boxore] =>Adware.Boxore [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\IM] [HKCU\Software\IncrediMail] [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore [HKLM\Software\Wow6432Node\mamverifier] ~ Key Software: 294 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 02/01/2014 - 17:17:43 - [0] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore O43 - CFD: 02/01/2014 - 17:17:51 - [0] ----D C:\Program Files (x86)\Conduit O43 - CFD: 26/12/2013 - 17:55:43 - [3,634] ----D C:\Program Files (x86)\IncrediBackup O43 - CFD: 23/12/2013 - 21:03:46 - [26,257] ----D C:\Program Files (x86)\IncrediMail O43 - CFD: 02/01/2014 - 17:17:50 - [0] ----D C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch O43 - CFD: 01/01/2014 - 16:01:07 - [2,450] ----D C:\Program Files (x86)\Pinball O43 - CFD: 28/12/2013 - 20:32:24 - [0,367] ----D C:\Program Files (x86)\sweetpacks bundle uninstaller =>PUP.SweetIM O43 - CFD: 02/01/2014 - 17:19:56 - [0] ----D C:\Program Files (x86)\Common Files\Umbrella O43 - CFD: 24/12/2013 - 17:39:01 - [0,169] ----D C:\ProgramData\BoxUpdChk =>Adware.Boxore O43 - CFD: 23/12/2013 - 21:04:14 - [0] ----D C:\ProgramData\IM O43 - CFD: 23/12/2013 - 21:03:46 - [6,556] ----D C:\ProgramData\IncrediMail O43 - CFD: 02/01/2014 - 17:19:57 - [0] ----D C:\ProgramData\RHelpers =>PUP.SearchDonkey O43 - CFD: 02/01/2014 - 17:19:57 - [1,225] ----D C:\ProgramData\Updater =>PUP.CrossRider O43 - CFD: 29/11/2013 - 08:53:30 - [41,208] ----D C:\ProgramData\{4A268D42-77A5-4E91-AE73-470ED3BD9CA8} O43 - CFD: 02/01/2014 - 17:17:51 - [0] ----D C:\Users\Françoise\AppData\Local\Conduit O43 - CFD: 26/12/2013 - 18:09:45 - [1326,578] ----D C:\Users\Françoise\AppData\Local\IM ~ Program Folder: 164 Legitimates Filtered in 00mn 37s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.2DEB7523251D3AB953E45F1F0E45FF17] - 01/01/2014 - 16:22:55 ---A- . (...) -- C:\Windows\win.ini [237] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/12/2013 - 17:15:16 RSHA- . (...) -- C:\Windows\System32\Drivers\103C_HP_cPC_23-b340ef_Y53316J_0U_QCZC3483JXT_E13WE2AR8607_4A_I2AF9_SHP_V1.02_B80.08_T131016_W8101-0_L40C_M3995_J1000_7Intel_86A9_93.40_#131129_N14E44359;10EC8168_Z_G10DE1140;80860152_Ohp DVD-RAM UJ8E1_DHWP4221.MRK [0] O44 - LFC:[MD5.8F11DEBBADDC7BE1B8818622A31A0E61] - 23/12/2013 - 17:39:32 ---A- . (.Systweak Inc., (www.systweak.com) - Regclean Pro.) -- C:\Windows\System32\roboot64.exe [20312] =>Rogue.RegistryPowerCleaner O44 - LFC:[MD5.04583E2BAAB18EE73C85F417AD7D8CA7] - 26/12/2013 - 14:26:22 ---A- . (...) -- C:\Windows\vbaddin.ini [13] O44 - LFC:[MD5.6057D62591F58710F554F322CBFD6DC3] - 26/12/2013 - 14:35:06 ---A- . (...) -- C:\Windows\ODBC.INI [493] O44 - LFC:[MD5.01BE6F92A37A64E60356780BEA1E85DC] - 27/12/2013 - 15:54:57 ---A- . (...) -- C:\Windows\System32\emptyregdb.dat [23108] O44 - LFC:[MD5.2FA1C0E3C228B79D3E461952802CFA5F] - 27/12/2013 - 15:55:11 ---A- . (...) -- C:\Windows\diagerr.xml [32388] O44 - LFC:[MD5.2FA1C0E3C228B79D3E461952802CFA5F] - 27/12/2013 - 15:55:11 ---A- . (...) -- C:\Windows\diagwrn.xml [32388] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 28/12/2013 - 20:33:41 ---A- . (...) -- C:\END [0] ~ Files: 88 Legitimates Filtered in 00mn 03s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.3653906F5401E263FE73659F2F62A436] - 01/01/2014 - 14:07:28 ---A- - C:\Windows\Prefetch\FILEMANAGER.EXE-D7E24B17.pf O45 - LFCP:[MD5.B2782E6AE524276FB4999AD89F677874] - 01/01/2014 - 14:15:23 ---A- - C:\Windows\Prefetch\IS-RP85B.TMP-23F0C8FC.pf O45 - LFCP:[MD5.141EAC49E8CDF9AD3F9DE5859FC6E386] - 01/01/2014 - 14:24:12 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-4111419A.pf O45 - LFCP:[MD5.E2577A5745C457B41883CB83D47A2785] - 01/01/2014 - 14:27:09 ---A- - C:\Windows\Prefetch\IS-A88RH.TMP-A46F3FA8.pf O45 - LFCP:[MD5.521A4B588B5E57D058674C1E6EEABC6E] - 01/01/2014 - 14:38:07 ---A- - C:\Windows\Prefetch\IS-7JOV9.TMP-53E5F87C.pf O45 - LFCP:[MD5.DD437651B3D192B691A22279B470D859] - 01/01/2014 - 15:55:14 ---A- - C:\Windows\Prefetch\SHANGHAI_DYNASTY.EXE-C64E91EC.pf O45 - LFCP:[MD5.AEAC20307528018F66804AE95E54168F] - 01/01/2014 - 16:13:39 ---A- - C:\Windows\Prefetch\FREE-MAHJONG-GAME-IN-POCULIS--7F3E61C9.pf O45 - LFCP:[MD5.80E48A83E20AF44F17940263B4E3F7CE] - 01/01/2014 - 16:21:41 ---A- - C:\Windows\Prefetch\GLB62BA.TMP-F6A47064.pf O45 - LFCP:[MD5.EE485A1C6C869B4C9CF898FD9C4F7178] - 01/01/2014 - 16:22:36 ---A- - C:\Windows\Prefetch\GOOGLE~1.EXE-4F162D6D.pf O45 - LFCP:[MD5.2D9F26038D5C0D7AADB9E83EB2255995] - 01/01/2014 - 16:22:38 ---A- - C:\Windows\Prefetch\GLB424C.TMP-E3C40F3E.pf O45 - LFCP:[MD5.CA825BDF4E78AB04769894E0EF75E2F3] - 01/01/2014 - 16:22:58 ---A- - C:\Windows\Prefetch\ZUMA.EXE-CFD688A6.pf O45 - LFCP:[MD5.8A86A1EFEB44EB3136556CE9D18018CD] - 01/01/2014 - 16:23:11 ---A- - C:\Windows\Prefetch\ZUMA DELUXE BY KNETUS.EXE-CD88483C.pf O45 - LFCP:[MD5.2F4CDFC42D57D586E977E3F92CCE8291] - 01/01/2014 - 16:43:17 ---A- - C:\Windows\Prefetch\POWERPOINTIMAGEEXTRACTOR_V1_2-EF62EF32.pf O45 - LFCP:[MD5.4B517127458A137606DBC179B1A9E315] - 01/01/2014 - 16:43:19 ---A- - C:\Windows\Prefetch\POWERPOINTIMAGEEXTRACTOR_V1_2-B99726FB.pf O45 - LFCP:[MD5.DE87AB8E893A0BB36130FA90953C6CD6] - 01/01/2014 - 16:49:17 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-84A02842.pf O45 - LFCP:[MD5.F81353CF35F3741753DFCE18D1646289] - 01/01/2014 - 16:56:45 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_POWER-3B02F602.pf =>Toolbar.Conduit O45 - LFCP:[MD5.C8CE9B9756FC734158C8EE135149AC56] - 01/01/2014 - 17:00:07 ---A- - C:\Windows\Prefetch\POWERPOINTIMAGEEXTRACTOR_V1_2-E40BD1DD.pf O45 - LFCP:[MD5.5056EC686A6ABFAAAFBDE292AD85EB02] - 01/01/2014 - 17:00:11 ---A- - C:\Windows\Prefetch\POWERPOINTIMAGEEXTRACTOR_V1_2-00C9C15F.pf O45 - LFCP:[MD5.C33EB49A2E91737C86D84E36CC2EC320] - 01/01/2014 - 17:06:48 ---A- - C:\Windows\Prefetch\POWERPOINTIMAGEEXTRACTOR.EXE-CA9CA7EA.pf O45 - LFCP:[MD5.97362027BA9F55F06402D3E0338DFB86] - 01/01/2014 - 17:56:56 ---A- - C:\Windows\Prefetch\ZUMA.EXE-490E688F.pf O45 - LFCP:[MD5.E2CC80484CB35DECEAFF2F775F16B9C6] - 02/01/2014 - 13:13:12 ---A- - C:\Windows\Prefetch\CRAPETTE.EXE-235485A1.pf O45 - LFCP:[MD5.4194F9BF06249362DA95EA0BA14690C2] - 02/01/2014 - 13:56:28 ---A- - C:\Windows\Prefetch\CLMSSERVERPDVD12.EXE-A309F880.pf O45 - LFCP:[MD5.114EB1C529C97169F2D895C294D1FA8F] - 02/01/2014 - 13:57:50 ---A- - C:\Windows\Prefetch\CLD2000.EXE-C3262EE1.pf O45 - LFCP:[MD5.B53F42A4A9C09F275172D4D14C5224DC] - 02/01/2014 - 16:02:00 ---A- - C:\Windows\Prefetch\UPDATE~1.EXE-C1B3E1A5.pf O45 - LFCP:[MD5.72A20470664F42266A6FE757E3D7A44C] - 02/01/2014 - 17:18:58 ---A- - C:\Windows\Prefetch\PfPre_d99c8566.db O45 - LFCP:[MD5.EA124BDE62DD37EA9696E4527D8440AD] - 02/01/2014 - 17:23:29 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf O45 - LFCP:[MD5.B667789C55A5877282B65E2E8B53CDA9] - 02/01/2014 - 17:24:05 ---A- - C:\Windows\Prefetch\DETECT_BEFOREUPGRADINGTOWIN81-9CA3EBAB.pf O45 - LFCP:[MD5.09742F04033D53757BEE0795B06FA642] - 02/01/2014 - 17:24:06 ---A- - C:\Windows\Prefetch\DETECT_LOWDISKSPACE_US.EXE-30DDBB35.pf O45 - LFCP:[MD5.852DCAC09786B242315ED6C09C2CB895] - 02/01/2014 - 17:24:06 ---A- - C:\Windows\Prefetch\DETECT_RECOVERYDISC_US.EXE-5ECC6C4A.pf O45 - LFCP:[MD5.9156C3899C5DA809DEA37663F8063A41] - 02/01/2014 - 17:24:07 ---A- - C:\Windows\Prefetch\DETECT_RECOVERYDISC_NSPOS.EXE-1052A1D9.pf O45 - LFCP:[MD5.281E5FECD1F600CDAE986D9316ED733D] - 02/01/2014 - 17:26:40 ---A- - C:\Windows\Prefetch\POPTRAY.EXE-A92A5F79.pf O45 - LFCP:[MD5.57FCA3EC8DC08267A2F3EAC863CCD3CB] - 02/01/2014 - 17:27:28 ---A- - C:\Windows\Prefetch\IMNOTFY.EXE-8DBD7167.pf O45 - LFCP:[MD5.78E6C717EDCD6446D4313043EB9B41BA] - 02/01/2014 - 17:29:58 ---A- - C:\Windows\Prefetch\INCMAIL.EXE-32F9B55A.pf O45 - LFCP:[MD5.7E0F3F61CAA7772630D785D877670D1F] - 02/01/2014 - 17:29:59 ---A- - C:\Windows\Prefetch\IMBPP.EXE-3C8D9FE9.pf O45 - LFCP:[MD5.4F5ABD8F8D149D0EB1AC93E9720F777B] - 02/01/2014 - 17:31:26 ---A- - C:\Windows\Prefetch\IMLPP.EXE-468937FB.pf O45 - LFCP:[MD5.98BF9F5F33D04A365F1F710C1219ABAA] - 02/01/2014 - 17:31:35 ---A- - C:\Windows\Prefetch\IMAPP.EXE-BB8E10B4.pf O45 - LFCP:[MD5.4EDF72749FB3149B8DF2820C009DB9C7] - 28/12/2013 - 14:33:35 ---A- - C:\Windows\Prefetch\DW.EXE-18279820.pf O45 - LFCP:[MD5.19777398E82C01D5901FA67299FBD0F3] - 28/12/2013 - 14:34:08 ---A- - C:\Windows\Prefetch\CDCREATOR.EXE-D7C5837D.pf O45 - LFCP:[MD5.AB52BF22C526DBE8B3276312485B7541] - 28/12/2013 - 20:32:28 ---A- - C:\Windows\Prefetch\123_FREE_SOLITAIRE_TSV4MV39.E-D29DCD81.pf O45 - LFCP:[MD5.EC90D526B5E174C47536C22A01C63ECB] - 28/12/2013 - 20:33:22 ---A- - C:\Windows\Prefetch\NSMA9B9.EXE-AAE27900.pf O45 - LFCP:[MD5.07745393303D941C28C54F14FEA933ED] - 28/12/2013 - 20:33:23 ---A- - C:\Windows\Prefetch\MMAMSTUB.EXE-9FF48DEE.pf O45 - LFCP:[MD5.FB3FBDA966AA7A40F767A52216771258] - 28/12/2013 - 20:33:31 ---A- - C:\Windows\Prefetch\MAMSTUB.EXE-3C093F09.pf O45 - LFCP:[MD5.1FF879D19243E4D0EAFA1D74920E0DE0] - 28/12/2013 - 20:33:32 ---A- - C:\Windows\Prefetch\DLLOGIC.EXE-C75148B7.pf O45 - LFCP:[MD5.F9F495AA91482BCC301A17CC38E56F7D] - 28/12/2013 - 20:33:34 ---A- - C:\Windows\Prefetch\MAM_FF.EXE-E2A4035A.pf O45 - LFCP:[MD5.930EB0D619D3710E341F19A03B941F9B] - 28/12/2013 - 20:33:39 ---A- - C:\Windows\Prefetch\MAM_IE.EXE-FFA59C8C.pf O45 - LFCP:[MD5.D60DCC85A09FCCA156B7D5055D9D8D1A] - 28/12/2013 - 20:33:41 ---A- - C:\Windows\Prefetch\CTBE.EXE-F5623592.pf O45 - LFCP:[MD5.03C3C408153D2A2E7ADDB88C967F41E6] - 30/12/2013 - 11:36:01 ---A- - C:\Windows\Prefetch\HELPANDTIPS.EXE-3A2C6915.pf O45 - LFCP:[MD5.44CE61C975E67260CB3B982F8F33E7C8] - 30/12/2013 - 13:17:12 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-D2D9F9B9.pf =>PUP.MyPCBackup O45 - LFCP:[MD5.8BFF2BECA0B4A6016AF9B3468E9218B7] - 30/12/2013 - 13:43:52 ---A- - C:\Windows\Prefetch\123_FREE_SOLITAIRE_TSV4R63F.E-DF3E7BC3.pf O45 - LFCP:[MD5.624F9397760F1F665D7E9C77810481D5] - 30/12/2013 - 13:44:24 ---A- - C:\Windows\Prefetch\NSF69A4.EXE-C7CD5A38.pf O45 - LFCP:[MD5.136A2C6B9952AC73E669486E6D3B53CD] - 30/12/2013 - 13:55:02 ---A- - C:\Windows\Prefetch\123FREESOLITAIRE-V90-SETUP.TM-7E355E37.pf O45 - LFCP:[MD5.D141A85F04E39A012F4BD52748A858C2] - 30/12/2013 - 13:55:05 ---A- - C:\Windows\Prefetch\123FREESOLITAIRE-V90-SETUP.TM-27B3402A.pf O45 - LFCP:[MD5.233497D03436954545CD069B0FEB2C92] - 30/12/2013 - 15:01:41 ---A- - C:\Windows\Prefetch\MAP.EXE-28EF6E6E.pf O45 - LFCP:[MD5.62E6C7F37F04892CAA68CFAD69FC851D] - 30/12/2013 - 16:46:24 ---A- - C:\Windows\Prefetch\INSTUP.EXE-90636ABA.pf O45 - LFCP:[MD5.7AC9C3A64588D46699A7DFA9A252A536] - 30/12/2013 - 16:49:22 ---A- - C:\Windows\Prefetch\PASSWORDDETECTION.EXE-F556DA0F.pf O45 - LFCP:[MD5.B24F59ADA6E91688E033C0986BD3121C] - 30/12/2013 - 17:11:54 ---A- - C:\Windows\Prefetch\dynreservedpri.db O45 - LFCP:[MD5.BD27EB91F58A8DBD4AB324E163874203] - 30/12/2013 - 17:33:14 ---A- - C:\Windows\Prefetch\AUTHHOST.EXE-2D7C3758.pf O45 - LFCP:[MD5.B9BDCA085467B55EF17323471F3CF0F2] - 30/12/2013 - 19:43:00 ---A- - C:\Windows\Prefetch\EASYIMAGEMODIFIER.EXE-216BB52B.pf O45 - LFCP:[MD5.A3588A5D247269B982CDA482A3BFABF7] - 31/12/2013 - 13:21:17 ---A- - C:\Windows\Prefetch\IMPCNT.EXE-67FEADF0.pf O45 - LFCP:[MD5.B55040E2C42B8D699C50C4113490897A] - 31/12/2013 - 13:50:07 ---A- - C:\Windows\Prefetch\PHOTOSAPP.EXE-8FE95EC8.pf O45 - LFCP:[MD5.DEE0E7BD8CB7B9AA5F77ACBC7B2B3937] - 31/12/2013 - 15:22:25 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf ~ Prefetcher: 257 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:[MD5.2285B31039611D509F6120D691CA661F] - 29/05/2012 - 16:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456] O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] O58 - SDL:[MD5.75F8A310533E15D27115CDE2A881126F] - 16/04/2013 - 19:08:50 ---A- . (.Windows (R) Win 7 DDK provider - usb3hub.sys.) -- C:\Windows\System32\Drivers\usb3Hub.sys [207768] ~ Drivers: 17 Legitimates Filtered in 00mn 04s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 01/01/2014 - 17:46:01 ---A- . (...) -- C:\Users\Françoise\AppData\Local\IM\Skin.xml [8442] O61 - LFC: 01/01/2014 - 17:46:14 ---A- . (...) -- C:\Users\Françoise\Downloads\free-mahjong-game-in-poculis-java.exe [53405824] O61 - LFC: 01/01/2014 - 17:46:25 -SHA- . (...) -- C:\Users\Françoise\SkyDrive\MON JARDIN 2006\Thumbs.db [83968] O61 - LFC: 02/01/2014 - 17:45:50 ---A- . (...) -- C:\Users\Françoise\AppData\Local\IM\content.xml [246928] O61 - LFC: 02/01/2014 - 17:46:13 ---A- . (...) -- C:\Users\Françoise\AppData\Local\Sidebar7\Sidebar7Config.txt [361] O61 - LFC: 02/01/2014 - 17:46:14 ---A- . (...) -- C:\Users\Françoise\AppData\Roaming\ZHP\Log.txt [16998] =>.Nicolas Coolman O61 - LFC: 02/01/2014 - 17:46:14 ---A- . (...) -- C:\Users\Françoise\AppData\Roaming\ZHP\TestsZHPDiag.txt [2955] =>.Nicolas Coolman O61 - LFC: 02/01/2014 - 17:46:14 ---A- . (...) -- C:\Users\Françoise\Documents\Calendrier Xtra\Jours.edb [463128] O61 - LFC: 02/01/2014 - 17:46:14 ---A- . (...) -- C:\Users\Françoise\Downloads\adwcleaner.exe [1233962] O61 - LFC: 31/12/2013 - 17:45:51 ----- . (...) -- C:\Users\Françoise\AppData\Local\IM\Ecard\champagne_duo.imf [50086] O61 - LFC: 31/12/2013 - 17:45:52 ----- . (...) -- C:\Users\Françoise\AppData\Local\IM\Letter\champagne_celebration.imf [158556] O61 - LFC: 31/12/2013 - 17:45:52 ----- . (...) -- C:\Users\Françoise\AppData\Local\IM\Letter\fireworks.imf [45139] O61 - LFC: 31/12/2013 - 17:45:52 ----- . (...) -- C:\Users\Françoise\AppData\Local\IM\Letter\new_year_babies.imf [216823] ~ 9 Fichiers temporaires (Temporary files) ~ Files: 1074 Legitimates Filtered in 00mn 35s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch O69 - SBI: SearchScopes [HKCU] {6ABF84BE-BC13-4F3B-8176-633DC8277DCD} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} - (StartWeb) - http://start.iminent.com =>Adware.IMBooster O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.7C452DF005F845D7E83E22D13034F1D2] [SPRF][24/11/2013] (.Kevin Schneider - Easy Image Modifier 4.8.) -- C:\Users\Françoise\Desktop\EasyImageModifier.exe [1237504] [MD5.9D1743FF98C8773EAAA95F982B45DFC4] [SPRF][03/12/2013] (...) -- C:\Program Files (x86)\shanghai_dynasty.exe [217144] ~ Files: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{5C7F7746-EF26-434E-9FFF-9C2103AA66F5}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{9F747306-BE1C-4445-BE14-E05EA0453455}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{59A6476E-792C-40C6-9293-B7D9F5C8AFA7}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{9E124EB2-598C-4EDC-B0C6-ED6A296F1176}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{918E0ABD-2998-441D-ACCE-5B3518301DE2}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{47F7AC0C-44CB-4D72-BDA7-A2CB6213C21D}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{823A612E-091B-4327-B597-1882A2183CEA}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe O87 - FAEL: "{0C50A3A9-5531-4C13-AD76-0EC75205353A}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe ~ Firewall: 262 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- C:\windows\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe O90 - PUC: "BF22244D2A13B2D42B220D5C95F9820D" . (.IncrediBackup.) -- C:\windows\Installer\{D44222FB-31A2-4D2B-B222-D0C5599F28D0}\ARPPRODUCTICON.exe O90 - PUC: "DF42B2AC01EE9B240B94AA0862E8E712" . (.Boxore Client.) -- C:\windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =>Adware.Boxore ~ Update Products: 71 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.70AD02DCBE386D72115E7DEDE36A0452] [WIS][26/12/2013] (.Nom de votre société - IncrediBackup.) -- C:\Windows\Installer\1612cc9.msi [3272192] [MD5.0A23531B05648583E2675134C3F57419] [WIS][23/12/2013] (.The Software Group - Software Update Helper.) -- C:\Windows\Installer\336b1a.msi [45056] =>Adware.Boxore [MD5.C84C35B3ED26F11A04F50874B40AA5E8] [WIS][23/12/2013] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\f19354.msi [2687488] ~ WIS: 70 Legitimates Filtered in 00mn 04s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 23/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 04/09/2013 2252504 | (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe SS - | Demand 15/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SS - | Auto 30/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 30/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe SS - | Demand 10/12/2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe SS - | Demand 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 23/12/2013 119408 | (Software_update) . (.The Software Group.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore SS - | Demand 23/12/2013 119408 | (Software_update_m) . (.The Software Group.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe SR - | Auto 31/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 16/04/2013 101536 | (BrcmSetSecurity) . (.Intel.) - C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe SR - | Auto 22/03/2013 959192 | (btwdins) . (.Broadcom Corporation..) - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe SR - | Auto 10/06/2013 89864 | (CLHNServiceForPowerDVD12) . (.CyberLink Corp..) - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe SR - | Auto 10/06/2013 77576 | (CyberLink PowerDVD 12 Media Server Monitor Service) . (.CyberLink.) - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe SR - | Auto 10/06/2013 294664 | (CyberLink PowerDVD 12 Media Server Service) . (.CyberLink.) - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe SR - | Auto 07/06/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe SR - | Auto 10/12/2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 31/01/2013 129336 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe SR - | Auto 31/01/2013 167736 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 31/01/2013 364856 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 29/11/2013 144384 | (MS_Virtual_Monitor) . (...) - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\CppWindowsService.exe SR - | Auto 21/05/2013 144368 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe SR - | Auto 24/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\windows\system32\nvvsvc.exe SR - | Auto 25/01/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 20/02/2013 239176 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation ~ Services: Scanned in 00mn 06s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Françoise at 02/01/2014 17:47:25 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Françoise at 02/01/2014 17:47:27 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13018 - (02/01/2014) Clés trouvées (Keys found) : 52 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 13 Fichiers trouvés (Files found) : 5 [HKLM\SYSTEM\CurrentControlSet\Services\Software_update) (Software_update] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}] =>Adware.Boxore^ [HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}] =>Adware.PricePeep [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}] =>Adware.PricePeep [HKLM\Software\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}] =>Adware.PricePeep [HKLM\Software\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd [HKCU\Software\Boxore] =>Adware.Boxore [HKLM\Software\Iminent] =>Adware.IMBooster [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore [HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>Toolbar.DeltaSearch [HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Iminent] =>Adware.IMBooster [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\IncrediSpooler.DeltaSync] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\IncrediSpooler.DeltaSync.1] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ C:\Users\Françoise\AppData\Roaming\Mozilla\Firefox\Profiles\5hfloq81.default\extensions\support@websteroidsapp.com =>PUP.TubeDimmer^ C:\Users\Françoise\AppData\Roaming\Mozilla\Firefox\Profiles\5hfloq81.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} =>Toolbar.Conduit^ C:\Program Files (x86)\Boxore =>Adware.Boxore^ C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch^ C:\Program Files (x86)\sweetpacks bundle uninstaller =>PUP.SweetIM^ C:\ProgramData\BoxUpdChk =>Adware.Boxore^ C:\ProgramData\RHelpers =>PUP.SearchDonkey^ C:\ProgramData\Updater =>PUP.CrossRider^ C:\Program Files (x86)\Conduit =>Toolbar.Conduit C:\Program Files (x86)\Software =>Adware.Boxore C:\Program Files (x86)\Common Files\Umbrella =>Adware.IMBooster C:\Users\Françoise\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\Françoise\AppData\Local\Software =>Adware.Boxore C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^ C:\ProgramData\BoxUpdChk\updchk.exe =>Adware.Boxore^ C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ C:\Windows\Installer\336b1a.msi =>Adware.Boxore^ ~ Additionnel Scan: 268483 Items scanned in 00mn 12s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/37242682-pup-tubedimmer =>PUP.TubeDimmer ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26666257-adware-popcap =>Adware.PopCap ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/38839825-pup-searchdonkey =>PUP.SearchDonkey ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/29295819-rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner ~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer ~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods ~ MSI: 17 link(s) detected in 00mn 12s ~ 2399 Legitimates filtered by white list End of the scan (676 lines in 03mn 11s)(0)