bonjour quel script dois je formuler pour supprimer ces 2 extentions voila le rapooort de ZHPdiag~ Rapport de ZHPDiag v2014.12.4.169 - Nicolas Coolman (04/12/2014)~ Lancé par sabine (07/12/2014 08:02:33)~ Facebook : https://www.facebook.com/nicolascoolman1~ Adresse du Forum http://forum.nicolascoolman.fr~ Traduit par Nicolas Coolman~ Etat de la version : Version à jour.~ Liste blanche : Activée par le programme~ Elévation des Privilèges : OK~ User Account Control (UAC): Deactivate by program---\\ Navigateurs InternetMSIE: Internet Explorer v11.0.9600.17420GCIE: Google Chrome v39.0.2171.71 (Defaut)---\\ Informations sur les produits Windows~ Langage: Franà§aisWindows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)Windows Server License Manager Script : OK~ Windows Operating System - Windows(R) 7, OEM_SLP channelSystem Locked Preinstallation (OEM_SLP) : OKWindows ID Activation : OK~ Windows Partial Key : 3Q6C9Windows License : OK~ Windows Remaining Initializations Number : 2Software Protection Service (Protection logicielle) : OKWindows Automatic Updates : OKWindows Activation Technologies : OK---\\ Logiciels de protection du systèmeAvast Free Antivirus v10.0.2208Malwarebytes Anti-Malware version 2.0.4.1028Microsoft Security Client v4.6.0305.0Windows Defender W7 (Deactivate)---\\ Logiciels d'optimisation du systèmeCCleaner v3.07---\\ Logiciels de partage PeerToPeer---\\ Surveillance de LogicielsAdobe Flash Player 15 PluginAdobe Reader 9.5.5 MUI---\\ Informations sur le système~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel~ Operating System: 64 BitsBoot mode: Normal (Normal boot)Total RAM: 1909 MB (38% free)System Restore: Activé (Enable)System drive C: has 104 GB (48%) free of 216 GB---\\ Mode de connexion au système~ Computer Name: SABINE-HP~ User Name: sabine~ All Users Names: sabine, HomeGroupUser$, Administrateur, ~ Unselected Option: NoneLogged in as Administrator---\\ Variables d'environnement~ System Unit : C:\~ %AppZHP% : C:\Users\sabine\AppData\Roaming\ZHP\~ %AppData% : C:\Users\sabine\AppData\Roaming\~ %Desktop% : C:\Users\sabine\Desktop\~ %Favorites% : C:\Users\sabine\Favorites\~ %LocalAppData% : C:\Users\sabine\AppData\Local\~ %StartMenu% : C:\Users\sabine\AppData\Roaming\Microsoft\Windows\Start Menu\~ %Windir% : C:\Windows\~ %System% : C:\Windows\System32\---\\ Enumération des unités disquesC: Hard drive, Flash drive, Thumb drive (Free 104 Go of 216 Go)D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 17 Go)E: CD-ROM drive (Not Inserted)Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)---\\ Etat du Centre de Sécurité Windows[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified~ Security Center: 50 Legitimates Filtered in 00mn 00s---\\ Recherche particulière de fichiers génériques[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808][MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024][MD5.6FC2819A4F80AAB2DADEDFC1EFEE3C3F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/11/2014 - 03:17:24.) -- C:\Windows\System32\wininet.dll [2365440][MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168][MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448][MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152][MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128][MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160][MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456][MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400][MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368][MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472][MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224][MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208][MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\DriversetBT.sys [261632][MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Driverstfs.sys [1684928][MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280][MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536][MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184][MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296][MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]~ Generic Processes: Scanned in 00mn 03s---\\ Etat des fichiers cachés (Caché/Total)~ Mes images (My Pictures) : 2/3122~ Mes Videos (My Videos) : 3/88~ Mes Favoris (My Favorites) : 1/3~ Mes Documents (My Documents) : 2/9~ Mon Bureau (My Desktop) : 2/11~ Menu demarrer (Programs) : 1/25~ Hidden Files: Scanned in 00mn 25s---\\ Processus lancés[MD5.16F32849549A5D7B9F61641B6F386DBA] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128] [PID.3416][MD5.043E2C2382D21C3353F4E06BE5276D30] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [444840] [PID.3708][MD5.3CFB25DB09EB90FD2BD4C89D75611E6D] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904] [PID.3832][MD5.656C249A1E6EA7ADB38632E434B62F81] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [22040168] [PID.3076][MD5.47D1F0444CE33A0CA42409A88896CD8D] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1590840] [PID.3348][MD5.A7C69E9E571BC406BD9D39728E2122B2] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408] [PID.4652][MD5.FFB8CB731D62EC434A552680E0F8EC1A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [5226600] [PID.4932][MD5.50EE17A8C40685C98E3CE23875FFFB32] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [297384] [PID.6028][MD5.7242EACF658008D1C6C3EE07C9FB755F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8137728] [PID.3592][MD5.E3F7EC811923F3F1A77B185F22638E5E] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1316][MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.1716][MD5.77C15D7E8F002A173EEBFF0B20CD697D] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [34872] [PID.1976][MD5.7550D101BF49FDB1F92666A233EE36C4] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1072][MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2204][MD5.CB8C1CC4F46FBAC78150754D77460C73] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe [230792] [PID.2404][MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2744][MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.1920][MD5.D2946D9F020AE76E9CEF9B4A6DF838C0] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1129760] [PID.6016]~ Processes Running: Scanned in 00mn 25s---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)C:\Users\sabine\AppData\Local\Google\Chrome\User Data\Default\Preferences---\\ Liste des dossiers d'extension Google Chrome~ Google Lines Browser: 0 Legitimates Filtered in 00mn 15s---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr~ IE Browser: 21 Legitimates Filtered in 00mn 00s---\\ Internet Explorer, Proxy Management (R5)R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> =>Hijacker.ProxyR5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no keyR5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll~ Proxy management: Scanned in 00mn 00s---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programsF2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,F2 - REG:system.ini: Shell=C:\Windows\explorer.exeF2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe~ Keys: Scanned in 00mn 00s---\\ Hosts file redirection (O1)~ Le fichier hôte est sain (The hosts file is clean) (21)~ Hosts File: Scanned in 00mn 00s---\\ Internet Explorer Toolbars (O3)O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orphelineO3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllO3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orphelineO3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline~ Toolbar: Scanned in 00mn 00s---\\ Applications lancées au démarrage du système (O4)O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor CorpO4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe O4 - HKCU\..\Run: [HPAdvisorDock] . (.Pas de propriétaire - HP Advisor Dock.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\sabine\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [7EA7131046BEB30E003D3669CB87ED64E1998E2C._service_run] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B7E96BF0F8F61B53C1E826A9EEED1C31] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems IncorporatedO4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-21-1504353344-1021107580-1741017511-1000\..\Run: [HPAdvisorDock] . (.Pas de propriétaire - HP Advisor Dock.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe O4 - HKUS\S-1-5-21-1504353344-1021107580-1741017511-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe O4 - HKUS\S-1-5-21-1504353344-1021107580-1741017511-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-1504353344-1021107580-1741017511-1000\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O4 - HKUS\S-1-5-21-1504353344-1021107580-1741017511-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\sabine\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-1504353344-1021107580-1741017511-1000\..\Run: [7EA7131046BEB30E003D3669CB87ED64E1998E2C._service_run] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - HKUS\S-1-5-21-1504353344-1021107580-1741017511-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.O4 - HKUS\S-1-5-21-1504353344-1021107580-1741017511-1000\..\Run: [GoogleChromeAutoLaunch_B7E96BF0F8F61B53C1E826A9EEED1C31] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ~ Application: Scanned in 00mn 04s---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico~ IE Extra Buttons: Scanned in 00mn 00s---\\ Modification Domaine/Adresses DNS (O17)O17 - HKLM\System\CCS\Services\Tcpip\..\{9141C3C5-5BC4-4AD3-94C0-A20D10715725}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CS1\Services\Tcpip\..\{9141C3C5-5BC4-4AD3-94C0-A20D10715725}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CS2\Services\Tcpip\..\{9141C3C5-5BC4-4AD3-94C0-A20D10715725}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1~ Domain: Scanned in 00mn 00s---\\ Protocole additionnel (O18)O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation~ Protocole Additionnel: Scanned in 00mn 00s---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll~ Winlogon: Scanned in 00mn 00s---\\ Tà¢ches planifiées en automatique (O39)[MD5.00000000000000000000000000000000] [APT] [Test TimeTrigger] (...) -- C:\Users\sabine\AppData\Local\Temp\Runner.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [{1875F28D-D051-46D9-9ACE-91F2E150462A}] (...) -- C:\Users\sabine\Pictures\Mes images\MagicDesktopSetup.exe (.not file.) [0][MD5.876B1FD3D809AA5D7C5531F7EACAC2F0] [APT] [{4F54FD18-28A3-4C00-9252-D6E585B17502}] (...) -- C:\Program Files (x86)\IncrediMail\Bin\ImSetup.exe [121256]O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1504353344-1021107580-1741017511-1000Core [1078]O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1504353344-1021107580-1741017511-1000UA [1100]O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForSABINE-HP$ [346]O39 - APT: APT: - (..) -- C:\Windows\System32\System32\Tasks\HPCeeScheduleForSABINE-HP$ [346] - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForsabine [336]~ Scheduled Task: 31 Legitimates Filtered in 00mn 19s---\\ Logiciels installés (O42)O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {5C083736-2916-4D06-BCE9-4F981EA53AEC}O42 - Logiciel: IncrediMail 2.5 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail~ Logic: 40 Legitimates Filtered in 00mn 01s---\\ HKCU & HKLM Software Keys[HKCU\Software\CC][HKCU\Software\IncrediMail][HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp~ Key Software: 313 Legitimates Filtered in 00mn 01s---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)O43 - CFD: 14/06/2012 - 11:51:28 - [0] ----D C:\Program Files (x86)\GUM6317.tmpO43 - CFD: 02/04/2011 - 09:27:48 - [] ----D C:\Program Files (x86)\IncrediMailO43 - CFD: 12/04/2013 - 06:04:27 - [] ----D C:\ProgramData\boost_interprocessO43 - CFD: 04/02/2011 - 21:46:25 - [] ----D C:\ProgramData\IMO43 - CFD: 04/02/2011 - 21:45:40 - [] ----D C:\ProgramData\IncrediMailO43 - CFD: 28/01/2014 - 19:28:45 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}O43 - CFD: 07/12/2010 - 22:19:20 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy StarO43 - CFD: 04/12/2014 - 09:32:29 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMailO43 - CFD: 29/11/2011 - 21:52:39 - [] ----D C:\Users\sabine\AppData\Roaming\A la lucarneO43 - CFD: 14/11/2014 - 13:36:30 - [] -SH-D C:\Users\sabine\AppData\Local\EmieBrowserModeListO43 - CFD: 24/12/2012 - 07:48:47 - [0] ----D C:\Users\sabine\AppData\Local\ibO43 - CFD: 10/02/2011 - 09:08:06 - [] ----D C:\Users\sabine\AppData\Local\IMO43 - CFD: 30/11/2014 - 09:17:13 - [0] ----D C:\Users\sabine\AppData\Local\Publish it~ 2009 Dossier CLSID vide (CLSID Empty Folder)~ Program Folder: 2292 Legitimates Filtered in 00mn 53s---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll~ ShellExecuteHooks: Scanned in 00mn 00s---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)O51 - MPSK:{35e5b013-9c53-11e2-bc2a-bf0274325096}\AutoRun\command. (...) -- F:\USBAutoRun.exe (.not file.)~ Keys: Scanned in 00mn 00s---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0O55 - MWPS:[HKCU\...\Policies\System] - "Shell"=0~ MWPS: 22 Legitimates Filtered in 00mn 00s---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogoff"=0O56 - MWPE:[HKCU\...\policies\Explorer] - "NoClose"=0O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s---\\ Liste des pilotes du système (SDL) (O58)O58 - SDL:13/11/2014 - 11:27:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL SoftwareO58 - SDL:13/11/2014 - 11:27:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL SoftwareO58 - SDL:13/11/2014 - 11:27:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL SoftwareO58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]O58 - SDL:15/10/2011 - 15:05:10 -SHA- . (...) -- C:\Windows\SysWOW64\KGyGaAvL.sys [2516]~ Drivers: 94 Legitimates Filtered in 00mn 08s---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)O61 - LFC: 30/11/2014 - 08:08:45 ---A- . (...) -- C:\Users\sabine\AppData\Local\Google\Chrome\User Dataacl_validation_cache.bin [380]~ 821 Fichiers temporaires (Temporary files)~ 24 Fichiers cookies (Cookies files)~ Files: 5 Legitimates Filtered in 00mn 42s---\\ Liste des outils de désinfection (LATC) (O63)O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman~ ADS: Scanned in 00mn 00s---\\ Liste les services legacy du registre (LALS) (O64)O64 - Services: CurCS - 13/11/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID~ Legacy: 85 Legitimates Filtered in 00mn 00s---\\ Associations Shell Spawning (O67)O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)~ FASS Keys: 11 Legitimates Filtered in 00mn 00s---\\ Menu de démarrage Internet (SMI) (O68)O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exeO68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe~ Keys: Scanned in 00mn 00s---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.comO69 - SBI: SearchScopes [HKCU] {380B3E96-1301-4EAC-B077-CDC589804CE3} - (Wikipedia) - http://fr.wikipedia.orgO69 - SBI: SearchScopes [HKCU] {65B8D17F-FE34-489C-82D6-FDC1AFA4696D} [DefaultScope] - (Yahoo) - http://fr.search.yahoo.comO69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.frO69 - SBI: SearchScopes [HKCU] {6DA6C718-D42A-4085-90DA-9304781E6706} - (Bing) - http://www.bing.comO69 - SBI: SearchScopes [HKUS\.DEFAULT] {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} - (DnsBasic) - http://www.dnsbasic.com =>PUP.ZwangiO69 - SBI: SearchScopes [HKUS\S-1-5-18] {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} - (DnsBasic) - http://www.dnsbasic.com =>PUP.Zwangi~ Keys: Scanned in 00mn 00s---\\ Recherche particulière à la racine du système (SPRF) (O84)[MD5.B68F4650184AE3C121EADFF50EFC7276] [SPRF][15/09/2009] (.Google, Inc. - Photo Uploader.) -- C:\Windows\Downloaded Program Files\UploaderX.dll [1001032]~ Files: 4 Legitimates Filtered in 00mn 00s---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)SS - | Demand 26/11/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeSS - | Demand 04/04/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exeSS - | Auto 22/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeSS - | Demand 22/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeSS - | Demand 11/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeSS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exeSR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exeSR - | Auto 13/11/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeSR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software ASSR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard CoSR - | Auto 18/06/2010 103992 | (HP Wireless Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exeSR - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeSR - | Auto 15/02/2012 34872 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeSR - | Auto 19/05/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeSR - | Auto 22/08/2014 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exeSR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft CorporationSR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe~ Services: Scanned in 00mn 16s---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)Run by sabine at 07/12/2014 08:11:40~ OS 64 not supported by MBR tool~ MBR: 0 Legitimates Filtered in 00mn 00s---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)Written by ad13, http://ad13.geekstogRun by sabine at 07/12/2014 08:11:42********* Dump file Name *********C:\PhysicalDisk0_MBR.bin~ MBR: Scanned in 00mn 02s---\\ Scan Additionnel (O88)Database Version : 13026 - (04/12/2014)Clés trouvées (Keys found) : 0Valeurs trouvées (Values found) : 0Dossiers trouvés (Folders found) : 0Fichiers trouvés (Files found) : 1[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp^~ Additionnel Scan: 331382 Items scanned in 00mn 33s---\\ Informations complémentaires sur les modules~ http://nicolascoolman.fr/r5-internet-ex ... ment-iepm/ =>.Internet Explorer, Proxy Management (R5)~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)~ http://nicolascoolman.fr/o4-application ... -registre/ =>.Applications lancées au démarrage du système (O4)~ http://nicolascoolman.fr/o51-mountpoint ... -key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)~ AMI: 4 Legitimates Filtered in 00mn 00s---\\ Récapitulatif des détections trouvées sur votre stationhttp://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxyhttp://nicolascoolman.fr/rogue-pcspeedup =>Rogue.PCSpeedUphttp://nicolascoolman.fr/pup-zwangi =>PUP.Zwangi~ MSI: 3 link(s) detected in 00mn 00s~ 2935 Legitimates filtered by white listEnd of the scan (467 lines in 09mn 43s)(0)
Modifié en dernier par raymond sabine le 09 déc. 2014, 08:40, modifié 1 fois.