J'ai fait l'analyse avec ZHP Diag, voilà le rapport.
J'ai vu dans d'autres post que c'est ce qui été demandé...
Je me suis dis que ça pourrait aider.
~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par Chloé (05/02/2014 15:11:59)
~ Adresse du Site Web
http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection :
http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC):
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v3.28 =Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3818 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 242 GB (53%) free of 451 GB
---\\ Mode de connexion au système
~ Computer Name: CHLOÉ-PC
~ User Name: Chloé
~ All Users Names: HomeGroupUser$, Chloé, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Chloé\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Chloé\AppData\Roaming\
~ %Desktop% : C:\Users\Chloé\Desktop\
~ %Favorites% : C:\Users\Chloé\Favorites\
~ %LocalAppData% : C:\Users\Chloé\AppData\Local\
~ %StartMenu% : C:\Users\Chloé\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 242 Go of 451 Go)
D: CD-ROM drive (Free 0 Go of 0 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/5495
~ Mes musiques (My Musics) : 1/5538
~ Mes Videos (My Videos) : 1/45
~ Mes Favoris (My Favorites) : 1/30
~ Mes Documents (My Documents) : 1/1394
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lancés
[MD5.896A1DB9A972AD2339C2E8569EC926D1] - (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search Destroy\TeaTimer.exe [2144088] [PID.1800]
[MD5.B4446957BEC6BF9E6FC2B3FAAAE21BE5] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768] [PID.1284]
[MD5.DED59B9CAFB20D0ABC4F15574209E09C] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1025616] [PID.1536]
[MD5.CDB517386A26AE420CB24BDB3CD88779] - (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448] [PID.1356]
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.2120]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2144]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2152]
[MD5.0D2DB8305904E25300CBFD844A239315] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [287824] [PID.2192]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.4680]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.2540]
[MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.3236]
[MD5.D8425B8D6DC2AA8D871363B0775BCF18] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe [1861512] [PID.3752]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.2544]
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376] [PID.1452]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1976]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376] [PID.1128]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1464]
[MD5.470F7F19188AB45463F8B612D6DDE7C8] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [311376] [PID.1584]
[MD5.CDCA791AFA0483F44BBA576DBFAFD04D] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.exe [102400] [PID.2084]
[MD5.0191DEE9B9EB7902AF2CF4F67301095D] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584] [PID.2320]
[MD5.8F59A2506AF43F96F5397B3C79938AE9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344] [PID.2404]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2636]
[MD5.506B0B498216371D64ABB69145B70E4C] - (...) -- C:\Program Files (x86)\Tor\tor.exe [3233806] [PID.2856]
[MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232] [PID.2928]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.888]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3700]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Chloé\AppData\Roaming\Mozilla\Firefox\Profiles\ytrjg94w.default\prefs.js
C:\Users\Chloé\AppData\Roaming\Mozilla\Firefox\Profiles\ytrjg94w.default\user.js
M3 - MFPP: Plugins - [Chloé] -- C:\Users\Chloé\AppData\Roaming\Mozilla\Firefox\Profiles\ytrjg94w.default\searchplugins\babylon.xml =PUP.Babylon
M3 - MFPP: Plugins - [Chloé] -- C:\Users\Chloé\AppData\Roaming\Mozilla\Firefox\Profiles\ytrjg94w.default\searchplugins\conduit-search.xml =Toolbar.Conduit
M3 - MFPP: Plugins - [Chloé] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\awesomehp.xml =PUP.Awesomehp
M3 - MFPP: Plugins - [Chloé] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =PUP.Babylon
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.awesomehp.com =PUP.Awesomehp
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.awesomehp.com =PUP.Awesomehp
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
http://www.awesomehp.com =PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.awesomehp.com =PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.awesomehp.com =PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.awesomehp.com =PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.awesomehp.com =PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
http://www.awesomehp.com =PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.awesomehp.com =PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.awesomehp.com =PUP.Awesomehp
~ IE Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Chloé]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Chloé]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [Chloé]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Chloé]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Chloé]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
http://www.awesomehp.com =PUP.Awesomehp
O4 - GS\Desktop [Chloé]: CALVIN THOMAS.lnk . (...) -- C:\Users\Chloé\Documents\DOCU USUELS\CALVIN THOMAS
O4 - GS\Desktop [Chloé]: DOCUMENTS USUELS.lnk . (...) -- C:\Users\Chloé\Documents\DOCU USUELS
O4 - GS\Desktop [Chloé]: GROSESSE.lnk . (...) -- C:\Users\Chloé\Documents\DOCU USUELS\GROSESSE 20082014
O4 - GS\Desktop [Chloé]: JEUX.lnk . (...) -- C:\Users\Chloé\Documents\JEUX
O4 - GS\Desktop [Chloé]: SCAN.lnk - Clé orpheline
O4 - GS\Desktop [Chloé]: SERIES - Raccourci.lnk . (...) -- C:\Users\Chloé\Videos\SERIES
O4 - GS\Desktop [Chloé]: SUVI SERIES.impots.lnk . (...) -- C:\Users\Chloé\Documents\DOCU USUELS\LOISIRS\SUVI SERIES.xls
O4 - GS\Desktop [Chloé]: VIDEOS.lnk . (...) -- C:\Users\Chloé\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
~ Global Startup: 70 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LiveSupport] C:\Program Files (x86)\LiveSupport\LiveSupport.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-2814036381-2848721664-3518809906-1002\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2814036381-2848721664-3518809906-1002\..\Run: [LiveSupport] C:\Program Files (x86)\LiveSupport\LiveSupport.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A118C30-2CA8-4B2E-B4B4-C286496D948D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{320B4790-73D2-4BB9-ADBB-2ADE05A08E8F}: DhcpNameServer = 192.168.10.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CEDED8-4172-4D05-B473-9BFBDF81EE5E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A118C30-2CA8-4B2E-B4B4-C286496D948D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{320B4790-73D2-4BB9-ADBB-2ADE05A08E8F}: DhcpNameServer = 192.168.10.110
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2CEDED8-4172-4D05-B473-9BFBDF81EE5E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A118C30-2CA8-4B2E-B4B4-C286496D948D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{320B4790-73D2-4BB9-ADBB-2ADE05A08E8F}: DhcpNameServer = 192.168.10.110
O17 - HKLM\System\CS2\Services\Tcpip\..\{C2CEDED8-4172-4D05-B473-9BFBDF81EE5E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - c:\progra~3\bitguard\271832~1.68\{16cdf~1\loader.dll (.not file.) =PUP.BitGuard
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Tor Win32 Service (tor) . (...) - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: Updater Service (Updater Service) . (.Acer Group - Updater Service.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
~ Services: 16 Legitimates Filtered in 00mn 11s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{7ED1A1AB-F778-4509-90AF-6224D251DF36}] (...) -- C:\Users\Chloé\Downloads\Install_HOSTS_Anti-Adware.exe (.not file.) [0]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 04s
---\\ HKCU HKLM Software Keys
[HKCU\Software\BabSolution] =Hijacker.BabSolution
[HKCU\Software\BrowserMngr] =PUP.Babylon
[HKCU\Software\Code Industry]
[HKCU\Software\Code-Industry]
[HKCU\Software\DataMngr] =PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =PUP.Datamngr
[HKCU\Software\FileScout] =PUP.FileScout
[HKCU\Software\InstallCore] =Adware.InstallCore
[HKLM\Software\Wow6432Node\Babylon] =PUP.Babylon
[HKLM\Software\Wow6432Node\DataMngr] =PUP.Datamngr
[HKLM\Software\Wow6432Node\SPCP]
[HKLM\Software\Wow6432Node\Wpm] =PUP.WpManager
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM] =PUP.WpManager
~ Key Software: 271 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/02/2014 - 14:41:32 - [0] ----D C:\Program Files (x86)\Plus-HD-7.6 =Adware.PlusHD
O43 - CFD: 05/02/2014 - 14:41:04 - [0,489] ----D C:\Program Files (x86)\SupTab
O43 - CFD: 05/02/2014 - 14:44:03 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 05/02/2014 - 14:40:24 - [0] ----D C:\ProgramData\IePluginService =Trojan.SProtector
O43 - CFD: 05/02/2014 - 14:41:41 - [0] ----D C:\ProgramData\WPM =PUP.WpManager
O43 - CFD: 16/06/2013 - 12:40:51 - [0,308] ----D C:\Users\Chloé\AppData\Roaming\File Scout =PUP.FileScout
O43 - CFD: 05/02/2014 - 13:23:25 - [0,222] ----D C:\Users\Chloé\AppData\Roaming\iSafe =Trojan.Staser
O43 - CFD: 16/09/2013 - 16:59:31 - [0,009] ----D C:\Users\Chloé\AppData\Roaming\{90140011-0066-040C-0000-0000000FF1CE}
O43 - CFD: 06/09/2011 - 18:24:03 - [0] ----D C:\Users\Chloé\AppData\Local\PDF Maker
O43 - CFD: 13/07/2012 - 20:51:18 - [0,002] -SH-D C:\Users\Chloé\AppData\Local\{6490b7d9-dbb8-d5b6-d82b-a03c76dc5dc0}
~ 37 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 262 Legitimates Filtered in 00mn 04s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 03/02/2014 - 21:42:29 ---A- . (...) -- C:\END [0]
O44 - LFC:[MD5.71C2517ABA69D1B7964163FFEB6A40BF] - 05/02/2014 - 12:39:04 ---A- . (...) -- C:\Windows\wininit.ini [835]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 24/01/2014 - 18:51:38 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
~ Files: 72 Legitimates Filtered in 00mn 04s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.BBC89DA4065BDCE34257BE95B2F636EE] - 01/08/2012 - 19:13:42 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [41704]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.B70DF208E97536CA9F29289E609F5B16] - 01/08/2012 - 19:13:40 ---A- . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\taphss.sys [38632]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 17 Legitimates Filtered in 00mn 01s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files (x86)\mozilla firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("avg.install.userHPSettings", "
http://search.babylon.com/?affID=113357 ... =3433576d0[...] =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("avg.install.userSPSettings", "Search the web (Babylon)"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("browser.search.order.1", "Search the web (Babylon)"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.admin", false); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.id", "3433576d00000000000018f46ad23b5b"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.instlDay", "15620"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "
http://search.babylon.com/?babsrc=TB_de ... 18f46ad23b[...] =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "abouthome"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.722:09:55"); =PUP.Babylon
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.crossrider.bic", "143f97c366e3c8e4841285c66145b38a"); =PUP.CrossRider
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("extensions.enabledItems", "{B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1,
engine@conduit.com:3.2.5.2,{05eeb91a-aef7-4f8a-[...]
O69 - SBI: prefs.js [Chloé - ytrjg94w.default] user_pref("keyword.URL", "
http://search.babylon.com/?affID=113357 ... 00000018f4[...] =PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Conduit Search) -
http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) -
http://search.babylon.com =PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (awesomehp) -
http://www.awesomehp.com =PUP.Awesomehp
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][03/03/2010] (...) -- C:\ProgramData\FullRemove.exe [131984]
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][03/02/2014] (.Conduit - SP Usage Sender.) -- C:\Users\Chloé\AppData\Local\Temp\nsqE08.exe [167812] =Toolbar.Conduit
[MD5.0D9D952F7928398E35CDF107606C8426] [SPRF][05/02/2014] (.Pas de propriétaire - Installer.) -- C:\Users\Chloé\AppData\Local\Temp\setup__3815.exe [333312]
[MD5.0D9D952F7928398E35CDF107606C8426] [SPRF][05/02/2014] (.Pas de propriétaire - Installer.) -- C:\Users\Chloé\AppData\Local\Temp\setup__5872.exe [333312]
[MD5.CBF9C44A4C35599989CA8BDA97DDC586] [SPRF][05/02/2014] (...) -- C:\Users\Chloé\AppData\Local\Temp\uttDF19.tmp.bat [77]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\582dddab13bea15\2.6.1339.144\upd]:="upd=1" =PUP.Babylon
[HKCU\Software\582dddab13bea15\2.6.1519.190\upd]:="upd=1" =PUP.Babylon
[HKCU\Software\582dddab13bea15\2.6.1673.238\upd]:="upd=1" =PUP.Babylon
[HKCU\Software\582dddab13bea15\2.6.1694.246\upd]:="upd=" =PUP.Babylon
[HKCU\Software\582dddab13bea15\2.7.1769.27\upd]:="upd=" =PUP.Babylon
[HKCU\Software\582dddab13bea15\2.7.1832.68\upd]:="upd=" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.765.24]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.765.24]:version="2.3.765.24" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:version="2.6.1123.78" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1125.80]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1125.80]:version="2.6.1125.80" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1249.132]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1249.132]:version="2.6.1249.132" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1339.144]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1339.144]:version="2.6.1339.144" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1519.190]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1519.190]:version="2.6.1519.190" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1673.238]:dllName="BitGuard.dll" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1673.238]:exeName="BitGuard.exe" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1673.238]:folderName="BitGuard" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1673.238]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1673.238]:serviceName="BitGuard" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1673.238]:version="2.6.1673.238" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1694.246]:dllName="BitGuard.dll" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1694.246]:exeName="BitGuard.exe" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1694.246]:folderName="BitGuard" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1694.246]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1694.246]:serviceName="BitGuard" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1694.246]:version="2.6.1694.246" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.7.1769.27]:SERVICE_NAME="BitGuard" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.7.1769.27]:dllName="BitGuard.dll" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.7.1769.27]:exeName="BitGuard.exe" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.7.1769.27]:folderName="BitGuard" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.7.1769.27]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.7.1769.27]:version="2.7.1769.27" =PUP.Babylon
[HKLM\Software\Wow6432Node\582dddab13bea15] = Clé orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/12/2010 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 08/02/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 11/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 11/12/2013 569768 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/11/2010 203776 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 18/11/2010 354304 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 17/06/2010 194496 | (AMD Reservation Manager) . (.Advanced Micro Devices.) - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
SR - | Auto 19/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 27/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 09/12/2010 311376 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 29/10/2010 868224 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 18/04/2006 102400 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.exe
SR - | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 12/11/2010 257344 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 11/09/2013 3233806 | (tor) . (...) - C:\Program Files (x86)\Tor\tor.exe
SR - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 12s
---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 24
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 17
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =Adware.CDNHelper
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =Toolbar.Agent
[HKCU\Software\BrowserMngr] =PUP.Babylon
[HKCU\Software\DataMngr] =Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =Adware.Bandoo
[HKCU\Software\SpeedyPC Software] =PUP.SpeedyPC
[HKLM\Software\Wow6432Node\SpeedyPC Software] =PUP.SpeedyPC
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32] =Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS] =Adware.Bandoo
[HKLM\Software\Classes\Prod.cap] =PUP.Babylon
[HKCU\Software\InstallCore] =Adware.InstallCore
[HKCU\Software\AppDataLow\Software\Crossrider] =PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =Adware.Boxore^
C:\Program Files (x86)\Plus-HD-7.6 =Adware.PlusHD^
C:\ProgramData\IePluginService =Trojan.SProtector^
C:\ProgramData\WPM =PUP.WpManager^
C:\Users\Chloé\AppData\Roaming\File Scout =PUP.FileScout^
C:\Users\Chloé\AppData\Roaming\iSafe =Trojan.Staser^
C:\Program Files (x86)\Software =Adware.Boxore
C:\ProgramData\Software =Adware.Boxore
C:\ProgramData\SpeedyPC Software =PUP.SpeedyPC
C:\Users\Chloé\AppData\Roaming\SpeedyPC Software =PUP.SpeedyPC
C:\Users\Chloé\AppData\Local\Software =Adware.Boxore
[HKCU\Software\BabSolution] =Hijacker.BabSolution^
[HKCU\Software\DataMngr_Toolbar] =PUP.Datamngr^
[HKCU\Software\FileScout] =PUP.FileScout^
[HKLM\Software\Wow6432Node\Babylon] =PUP.Babylon^
[HKLM\Software\Wow6432Node\Wpm] =PUP.WpManager^
[HKLM\Software\Wow6432Node\supWPM] =PUP.WpManager^
C:\Users\Chloé\AppData\Local\Temp\nsqE08.exe =Toolbar.Conduit^
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.765.24]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon^
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon^
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1125.80]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon^
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1249.132]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon^
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1339.144]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon^
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1519.190]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =PUP.Babylon^
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1673.238]:dllName="BitGuard.dll" =PUP.Babylon^
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1694.246]:dllName="BitGuard.dll" =PUP.Babylon^
[HKCU\Software\582dddab13bea15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.7.1769.27]:SERVICE_NAME="BitGuard" =PUP.Babylon^
~ Additionnel Scan: 274058 Items scanned in 00mn 45s
---\\ Récapitulatif des détections trouvées sur votre station
~
http://nicolascoolman.webs.com/apps/blo ... ar-babylon =PUP.Babylon
~
http://nicolascoolman.webs.com/apps/blo ... ar-conduit =Toolbar.Conduit
~
http://nicolascoolman.webs.com/apps/blo ... -awesomehp =PUP.Awesomehp
~
http://nicolascoolman.webs.com/apps/blo ... p-bitguard =PUP.BitGuard
~
http://nicolascoolman.webs.com/apps/blo ... absolution =Hijacker.BabSolution
~
http://nicolascoolman.webs.com/apps/blo ... p-datamngr =PUP.Datamngr
~
http://nicolascoolman.webs.com/apps/blo ... -filescout =PUP.FileScout
~
http://nicolascoolman.webs.com/apps/blo ... nstallcore =Adware.InstallCore
~
http://nicolascoolman.webs.com/apps/blo ... -wpmanager =PUP.WpManager
~
http://nicolascoolman.webs.com/apps/blo ... are-plushd =Adware.PlusHD
~
http://nicolascoolman.webs.com/apps/blo ... sprotector =Trojan.SProtector
~
http://nicolascoolman.webs.com/apps/blo ... jan-staser =Trojan.Staser
~
http://nicolascoolman.webs.com/apps/blo ... crossrider =PUP.CrossRider
~
http://nicolascoolman.webs.com/apps/blo ... v9software =PUP.V9Software
~
http://nicolascoolman.webs.com/apps/blo ... are-bandoo =Adware.Bandoo
~
http://nicolascoolman.webs.com/apps/blo ... p-speedypc =PUP.SpeedyPC
~
http://nicolascoolman.webs.com/apps/blo ... timizerpro =PUP.OptimizerPro
~
http://nicolascoolman.webs.com/apps/blo ... oolbar-ask =Toolbar.Ask
~
http://nicolascoolman.webs.com/apps/blo ... are-boxore =Adware.Boxore
~ MSI: 19 link(s) detected in 00mn 46s
~ 1266 Legitimates filtered by white list
End of the scan (574 lines in 01mn 56s)(0)
FLTL_BYEl Magnifico