Avec la dernière version mise à jour juste avant, quand même ! C'est faire çà !
Rapport de ZHPDiag v2013.7.30.44 par Nicolas Coolman, Update du 30/07/2013
Run by Nathalie at 31/07/2013 01:45:47
WebSite:
http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox v2.0.0.18 (fr)
GCIE: Google Chrome v28.0.1500.72 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : MQ3CQ
Windows License : OK
Windows Automatic Updates : OK
---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0
---\\ System Optimizer
CCleaner v4.01 =Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 133 GB (60%) free of 221 GB
---\\ Logged in mode
~ Computer Name: PC-DE-NATHALIE
~ User Name: Nathalie
~ All Users Names: UpdatusUser, Nathalie, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Nathalie\AppData\Roaming\
~ %Desktop% : C:\Users\Nathalie\Desktop\
~ %Favorites% : C:\Users\Nathalie\Favorites\
~ %LocalAppData% : C:\Users\Nathalie\AppData\Local\
~ %StartMenu% : C:\Users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 133 Go of 221 Go)
D:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center Tools Informations
~ Security Center: 35 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.EA952A5C277CABCBA69EA806146BB984] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.29/05/2013 - 02:41:08.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 7/611
~ Mes musiques (My Musics) : 87/222
~ Mes Videos (My Videos) : 1/16
~ Mes Favoris (My Favorites) : 1/97
~ Mes Documents (My Documents) : 2/15
~ Mon Bureau (My Desktop) : 1/15
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2844]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.3972]
[MD5.A1673BAA5DCA4794DF601072FB2F2ECD] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821472] [PID.3112]
[MD5.99C1D6B7C36C891EC099AA8D120185C4] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4911104] [PID.3348]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3524]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3656]
[MD5.E04127F400D94B7043D2D29187D44EA9] - (.Learnpulse - Screenpresso.) -- C:\Users\Nathalie\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [10226704] [PID.3920]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3924]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.1240]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3440]
[MD5.CB037F03178E31BA2985ADD15879CA56] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [846288] [PID.1324]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.2536]
[MD5.2A1E2C93C28F67E0BC964256DBED1C34] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7554048] [PID.5612]
[MD5.E74F08719D6C92FDA6092D0E36E33CAB] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 314.0.) -- C:\Windows\system32\nvvsvc.exe [634144] [PID.920]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1276]
[MD5.43B514326CCE03A2A6C48FF33ACDF09C] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [866592] [PID.1340]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1708]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2024]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2260]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2600]
[MD5.6E3672209D3EEF85B5FC010A26C11B73] - (.cake bake - Desktop.Updater.) -- C:\Program Files\Web Cake\WDesktop.Updater.exe [51992] [PID.2856] =Adware.WebCake
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default]
http://www1.delta-search.com =Toolbar.DeltaSearch
G0 - GCSP: Preference [User Data\Default][HomePage]
http://www1.delta-search.com =Toolbar.DeltaSearch
G0 - GCSP: Preference [User Data\Default]
http://www1.delta-search.com =Toolbar.DeltaSearch
~ Google Browser: 9 Legitimates Filtered in 00mn 07s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\v3x5hkt4.default\prefs.js
M3 - MFPP: Plugins - [Nathalie] -- C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\v3x5hkt4.default\searchplugins\babylon.xml =Toolbar.Babylon
M3 - MFPP: Plugins - [Nathalie] -- C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\v3x5hkt4.default\searchplugins\durable.xml
M3 - MFPP: Plugins - [Nathalie] -- C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\v3x5hkt4.default\searchplugins\live-search.xml
M3 - MFPP: Plugins - [Nathalie] -- C:\Program Files\Mozilla FireFox\searchplugins\MediaDICO-fr.xml
M0 - MFSP: prefs.js [Nathalie - v3x5hkt4.default] r_pref("browser.startup.homepage", );
M2 - MFEP: prefs.js [Nathalie - v3x5hkt4.default\ChoiceGuard@Microsoft] [] Microsoft Choice Guard v2.0 (..)
M2 - MFEP: prefs.js [Nathalie - v3x5hkt4.default\
toolbar@waltershop.com] [] WalterShop v1.0 (..)
M2 - MFEP: prefs.js [Nathalie - v3x5hkt4.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v1.5.2.20080717 (..) =Toolbar.Yahoo
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN: [HKLM] [@t-immersion.com/DFusionHomeWebPlugIn] - (.Total Immersion - D'Fusion @Home Web Plug-In (3.00.13687.0).) -- C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
~ Firefox Browser: 45 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} . (.Packard Bell - BAE.dll.) -- C:\Program Files\Google\Google_BAE\BAE.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: WalterShop - [HKLM]{9ec204df-0e48-4c32-816e-2e928a4fd9c2} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [Screenpresso] . (.Learnpulse - Screenpresso.) -- C:\Users\Nathalie\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NTRedirect] C:\Users\Nathalie\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (.not file.) =Hijacker.BabSolution
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-315605038-2984086592-3611448761-1000\..\Run: [Screenpresso] . (.Learnpulse - Screenpresso.) -- C:\Users\Nathalie\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
O4 - HKUS\S-1-5-21-315605038-2984086592-3611448761-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-315605038-2984086592-3611448761-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-315605038-2984086592-3611448761-1000\..\Run: [NTRedirect] C:\Users\Nathalie\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (.not file.) =Hijacker.BabSolution
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Qtrax Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) -- C:\Program Files\Microsoft Silverlight\sllauncher.exe
O4 - GS\Programs: Screenpresso.lnk . (.Learnpulse - Screenpresso.) -- C:\Users\Nathalie\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Aller sur MSN.fr.url . (.Microsoft Corporation - Windows Media Player.) -- C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Aller sur MSN.fr.url
O4 - Global Startup: C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Découvrez Hotmail.url . (.Microsoft Corporation - Windows Media Player.) -- C:\Users\Nathalie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Découvrez Hotmail.url
O4 - GS\QuickLaunch: eBay.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
http://go.packardbell.com
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Music.lnk . (...) -- C:\Users\Nathalie\Music
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: adwcleaner - Raccourci.lnk . (...) -- C:\Users\Nathalie\Downloads\adwcleaner.exe
O4 - GS\Desktop: Corbeille - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: CabBuilder (CabBuilder) -
http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} ((no name)) -
http://assets.photobox.com/assets/aurig ... 0909133807
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) -
http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} ((no name)) -
http://www3.snapfish.fr/SnapfishActivia3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ((no name)) -
http://gfx1.hotmail.com/mail/w3/resourc ... dfr-fr.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) -
http://www.starphoto17.fr/biblio/imageU ... oader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) -
http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} ((no name)) -
http://www3.snapfish.fr/SnapfishActivia2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} ((no name)) -
http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) -
http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ((no name)) -
http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} ((no name)) -
http://gfx2.hotmail.com/mail/w4/pr01/ph ... dfr-fr.cab
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} ((no name)) -
http://3d.kiabi.com/kiabi3d/plugin/DFus ... taller.exe
~ Objets ActiveX Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{631DE62C-0FE2-44AC-9B82-E958128C0179}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{631DE62C-0FE2-44AC-9B82-E958128C0179}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{631DE62C-0FE2-44AC-9B82-E958128C0179}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{631DE62C-0FE2-44AC-9B82-E958128C0179}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\browse~1\261339~1.144\{c16c1~1\browse~1.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (WebCakeUpdater) . (.cake bake - Desktop.Updater.) - C:\Program Files\Web Cake\WDesktop.Updater.exe =Adware.WebCake
~ Services: 8 Legitimates Filtered in 00mn 06s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Registry Reviver-Nathalie-Startup.job [384]
[MD5.00000000000000000000000000000000] [APT] [Test TimeTrigger] (...) -- C:\Users\Nathalie\AppData\Local\Temp\Runner.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{93F35E57-04B0-4217-A9DD-CD0533F307AB}] (...) -- D:\install.exe (.not file.) [0]
~ Scheduled Task: 22 Legitimates Filtered in 00mn 03s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Bubble Dock v3.0.502.0.42258 - {9f81ae06-bf80-462a-b349-c19e50524289} . (...) -- C:\Program Files\Nosibay\Bubble Dock\Deploy.exe =Toolbar.BubbleDock
~ Active Setup: 14 Legitimates Filtered in 00mn 00s
---\\ HKCU HKLM Software Keys
[HKCU\Software\AppDataLow\Software\SmartShopper]
[HKCU\Software\AppDataLow\Software\Yahoo] =Toolbar.Yahoo
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[HKCU\Software\Yahoo] =Toolbar.Yahoo
[HKLM\Software\Yahoo] =Toolbar.Yahoo
~ Key Software: 155 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/07/2013 - 22:27:11 - [0,949] ----D C:\Program Files\Web Cake =Adware.WebCake
O43 - CFD: 28/07/2013 - 23:38:00 - [5,434] ----D C:\ProgramData\BrowserDefender =Hijacker.Eazel
O43 - CFD: 20/03/2013 - 23:19:28 - [0] ----D C:\Users\Nathalie\AppData\Roaming\Kyow
O43 - CFD: 19/03/2013 - 12:49:17 - [0] ----D C:\Users\Nathalie\AppData\Roaming\Socu
O43 - CFD: 30/07/2013 - 21:40:52 - [0,345] ----D C:\Users\Nathalie\AppData\Roaming\Web Cake =Adware.WebCake
O43 - CFD: 22/03/2013 - 00:44:13 - [0] ----D C:\Users\Nathalie\AppData\Roaming\Xytuex
O43 - CFD: 03/10/2008 - 12:38:02 - [0] ----D C:\Users\Nathalie\AppData\Roaming\Yahoo! =Toolbar.Yahoo
~ 561 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 811 Legitimates Filtered in 00mn 25s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.239CE9135806DB19E6863CDC721BC684] - 30/07/2013 - 21:58:11 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [144]
~ Files: 19 Legitimates Filtered in 00mn 22s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: [HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: [HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 21 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0998D36B-4F59-49F2-B47D-2D607C276A4B} - (Google) -
http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) -
http://www1.delta-search.com =Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {2BD9AAF2-B180-45E9-B69B-11EF876F5F98} - (Fast Browser Search) -
http://www.fastbrowsersearch.com =PUP.FbSearch
O69 - SBI: SearchScopes [HKCU] {41427F18-E891-4297-BD8C-4BB0E8EAF99F} - (Hotbar Search) -
http://resultsmaster.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6D564E6C-29B5-45DE-9881-BF9DE541E894} - (WiseConvert 1.5 Customized Web Search) -
http://search.conduit.com =Toolbar.Conduit
O69 - SBI: SearchScopes [HKCU] {9B6103C1-F818-48a8-9683-314055BE6075} - (MyStart Rechercher) -
http://mystart.hiyo.com =Spyware.VMNToolbar
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! Search) -
http://fr.search.yahoo.com =Toolbar.Yahoo
O69 - SBI: SearchScopes [HKCU] {E474FAC1-2A7A-4D44-96FF-B6B3A6D0BD2C} - (Bing) -
http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.D16486B5739B1A3751AFD202B9B0E977] [SPRF][24/03/2013] (...) -- C:\Users\Nathalie\AppData\Local\d3d9caps.dat [1356]
[MD5.83B7CD165BAB530FAF0AA2AEFB7BC116] [SPRF][02/07/2013] (...) -- C:\Users\Nathalie\AppData\Roaming\wklnhst.dat [14064]
[MD5.FD7F0F64F0A1A9508E00E76AB9164DCD] [SPRF][01/12/2008] (.Kiwee - Installer Control.) -- C:\Windows\Downloaded Program Files\InstallerControl.dll [921600]
[MD5.DC38B1B71CB7FF8F4241333B9EC84F03] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfbmp13n.dll [57344]
[MD5.6CBA9ECE3186ADEAE144A79E3AC769FE] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfcmp13n.dll [401408]
[MD5.BDD316D6479220B8FA2A911262898640] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfeps13n.dll [65536]
[MD5.8B83DC9053B8164731B15AF455CBD9A9] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lffax13n.dll [98304]
[MD5.A63B94BB949D5E836F144A0A754E5451] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfgif13n.dll [69632]
[MD5.1E1FDE2FF4B0197EF8A36259244CF142] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpcd13n.dll [49152]
[MD5.9D9CA493D0864DF83D282E2393FE5825] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpcx13n.dll [53248]
[MD5.AD6D6FAC370748775FB9FB33A398BFF9] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpng13n.dll [159744]
[MD5.4A3A0CE4ED63580116A7354E06B42CDF] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lfpsd13n.dll [55808]
[MD5.BBBE68D622945FF8BC9CE847975B2389] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lftga13n.dll [53248]
[MD5.333F810C00745C05EDF17D6580A4601E] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\lftif13n.dll [155648]
[MD5.9788C72C2EC7011E6CC40CFDD5CE2251] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltclr13n.dll [1693696]
[MD5.55D16BEB62D0B6C54CE315F7063FA7A1] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltdis13n.dll [299008]
[MD5.F56BA445D7D36EB4DDBFE4477BAD594D] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltefx13n.dll [206336]
[MD5.BF1727ED495670881E18E346D162CA3D] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltfil13n.dll [163840]
[MD5.209B65395E75CD957E14B8EC3C742A7B] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltimg13n.dll [450560]
[MD5.CEFC7E62D25BDC3A4501062718D0A65F] [SPRF][20/11/2006] (.LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) -- C:\Windows\Downloaded Program Files\ltkrn13n.dll [462848]
[MD5.8945CCA5FC4F25168E8B6F401EFAF51F] [SPRF][22/02/2007] (.Microsoft Corporation - Zone.com Stats Client for MSN Messenger.) -- C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll [304544]
[MD5.A0F541D9D2CACEEC7A4A378CD0C31626] [SPRF][20/11/2006] (.Microsoft® Corporation - MSN Photo Upload Tool.) -- C:\Windows\Downloaded Program Files\MsnPUpld.dll [543544]
[MD5.4690A678A1EC998100506D9A5809181A] [SPRF][20/11/2006] (.Eastman Kodak - PCDLIB32.) -- C:\Windows\Downloaded Program Files\pcdlib32.dll [212480]
[MD5.732CACA8E848F6E721B093E51FC50B1D] [SPRF][09/01/2007] (.Microsoft® Corporation - Outil MSN Téléchargement de photos.) -- C:\Windows\Downloaded Program Files\PURfr-fr.dll [110592]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{EA14674E-4D4A-47C8-9047-3D8FDCB78B37}D:\setup.exe" |In - Public - P6 - TRUE | .(...) -- D:\setup.exe (.not file.)
O87 - FAEL: "UDP Query User{9CD2874C-70C7-4776-BE03-79544242607D}D:\setup.exe" |In - Public - P17 - TRUE | .(...) -- D:\setup.exe (.not file.)
~ Firewall: 189 Legitimates Filtered in 00mn 01s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Auto 23/04/2009 133104 | (gupdate1c9c448d19050ac) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/04/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/05/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Disabled 03/12/2007 869672 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SS - | Disabled 14/01/2008 447784 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
SR - | Auto 10/02/2013 634144 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 10/02/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Disabled 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\system32\IoctlSvc.exe
SS - | Disabled 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 29/07/2013 51992 | (WebCakeUpdater) . (.cake bake.) - C:\Program Files\Web Cake\WDesktop.Updater.exe =Adware.WebCake
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.12805 - (30/07/2013)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 7
Fichiers trouvés (Files found) : 6
[HKLM\SYSTEM\CurrentControlSet\Services\WebCakeUpdater] =Adware.WebCake^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{19803860-B306-423C-BBB5-F60A7D82CDE5}] =Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{493CCB71-DCAD-4257-9F08-8750F63BD792}] =Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}] =Adware.VidSaver
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =PUP.BProtector
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =Toolbar.Avast
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =Toolbar.Avast
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}] =PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}] =PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}] =PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:NTRedirect] C:\Users\Nathalie\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (.not file.) =Hijacker.BabSolution^
[HKLM\Software\Mozilla\Firefox\Extensions]:
SpiderMessengerHelper@spidermessenger.com =Spyware.AgenceExclusive
C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\v3x5hkt4.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1} =Toolbar.Yahoo^
C:\Program Files\Web Cake =Adware.WebCake^
C:\ProgramData\BrowserDefender =Hijacker.Eazel^
C:\Users\Nathalie\AppData\Roaming\Web Cake =Adware.WebCake^
C:\Users\Nathalie\AppData\Roaming\Yahoo! =Toolbar.Yahoo^
C:\ProgramData\Software =Adware.Boxore
C:\Users\Nathalie\AppData\Local\Software =Adware.Boxore
C:\Program Files\Web Cake\WDesktop.Updater.exe =Adware.WebCake^
C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\v3x5hkt4.default\searchplugins\babylon.xml =Toolbar.Babylon^
C:\Program Files\Nosibay\Bubble Dock\Deploy.exe =Toolbar.BubbleDock^
[HKCU\Software\AppDataLow\Software\Yahoo] =Toolbar.Yahoo^
[HKCU\Software\Yahoo] =Toolbar.Yahoo^
[HKLM\Software\Yahoo] =Toolbar.Yahoo^
~ Additionnel Scan: 268331 Items scanned in 00mn 23s
---\\ Récapitulatif des détections trouvées sur votre station
~
http://nicolascoolman.webs.com/apps/blo ... re-webcake =Adware.WebCake
~
http://nicolascoolman.webs.com/apps/blo ... eltasearch =Toolbar.DeltaSearch
~
http://nicolascoolman.webs.com/apps/blo ... ar-babylon =Toolbar.Babylon
~
http://nicolascoolman.webs.com/apps/blo ... lbar-yahoo =Toolbar.Yahoo
~
http://nicolascoolman.webs.com/apps/blo ... absolution =Hijacker.BabSolution
~
http://nicolascoolman.webs.com/apps/blo ... cker-eazel =Hijacker.Eazel
~
http://nicolascoolman.webs.com/apps/blo ... p-fbsearch =PUP.Fbsearch
~
http://nicolascoolman.webs.com/apps/blo ... ar-conduit =Toolbar.Conduit
~
http://nicolascoolman.webs.com/apps/blo ... vmntoolbar =Spyware.VMNToolbar
~
http://nicolascoolman.webs.com/apps/blo ... are-bandoo =Adware.Bandoo
~
http://nicolascoolman.webs.com/apps/blo ... e-vidsaver =Adware.VidSaver
~
http://nicolascoolman.webs.com/apps/blo ... bprotector =PUP.BProtector
~
http://nicolascoolman.webs.com/apps/blo ... lbar-avast =Toolbar.Avast
~
http://nicolascoolman.webs.com/apps/blo ... crossrider =PUP.CrossRider
~
http://nicolascoolman.webs.com/apps/blo ... eexclusive =Spyware.AgenceExclusive
~
http://nicolascoolman.webs.com/apps/blo ... are-boxore =Adware.Boxore
~ MSI: 16 link(s) detected in 00mn 23s
~ 1918 Legitimates filtered by white list
End of the scan (549 lines in 01mn 54s)(0)
