Rapport ZHPDiag pas bon

[nicoferra]

Bonjour,

J'ai un rapport ZHP Diag pas jolie jolie !

Merci pour votre aide.

Rapport de ZHPDiag v2013.5.8.70 par Nicolas Coolman, Update du 07/05/2013

Run by nico at 09/05/2013 12:36:56

State : Version à jour.

WhiteList : Enable

High Elevated Privileges : OK

UAC : Deactivate by program

 

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.7601.17514

MFIE: Mozilla Firefox 20.0.1

GCIE: Google Chrome v26.0.1410.64 (Defaut)

 

---\\ Windows Product Information

~ Langage: Français

Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

~ Windows® 7, RETAIL channel

Windows ID Activation : OK

~ Windows Partial Key : K678W

Windows License : OK

~ Windows Remaining Initializations Number : 4

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

 

---\\ System Protection

Avira Free Antivirus v13.0.0.2678

Windows Defender W7

 

---\\ System Optimizer

 

---\\ Peer To Peer (P2P)

eMule

 

---\\ Software Update

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.4 - Français

Java 7 Update 17

 

---\\ System Information

~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3326 MB (62% free)

System Restore: Activé (Enable)

System drive C: has 102 GB (52%) free of 195 GB

 

---\\ Logged in mode

~ Computer Name: FERRARIS-PC

~ User Name: nico

~ All Users Names: Sonos, nico, HomeGroupUser$, Administrateur,

~ Unselected Option: None

Logged in as Administrator

 

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\nico\AppData\Roaming\

~ %Desktop% : C:\Users\nico\Desktop\

~ %Favorites% : C:\Users\nico\Favorites\

~ %LocalAppData% : C:\Users\nico\AppData\Local\

~ %StartMenu% : C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 102 Go of 195 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 71 Go of 401 Go)

E:\ CD-ROM drive (Free 0 Go of 7 Go)

G:\ CD-ROM drive (Not Inserted)

H:\ Floppy drive, Flash card reader, USB Key (Free 9 Go of 15 Go)

 

 

 

---\\ Security Center & Tools Informations

~ Security Center: 34 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]

[MD5.C3D43E21FA49657BC1645E9D745656C6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/03/2013 - 05:58:26.) -- C:\Windows\System32\wininet.dll [981504]

[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]

[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]

[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]

[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]

[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]

[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]

[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]

[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]

[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]

[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]

[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]

[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]

[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]

[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]

[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]

[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]

[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]

[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]

~ Generic Processes: Scanned in 00mn 00s

 

 

 

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 1/776

~ Mes musiques (My Musics) : 1/675

~ Mes Videos (My Videos) : 2/8

~ Mes Favoris (My Favorites) : 1/29

~ Mes Documents (My Documents) : 1/506

~ Mon Bureau (My Desktop) : 2/1863

~ Menu demarrer (Programs) : 1/27

~ Hidden Files: Scanned in 00mn 02s

 

 

 

---\\ Processus lancés

[MD5.A74AC411798DA32CFC655A9A9F2EB74A] - (...) -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2569168] [PID.1944] =>Toolbar.Babylon

[MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.2572]

[MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.2580]

[MD5.E4401CF27225C1D6E664E86195978562] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152544] [PID.2628]

[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.2652]

[MD5.DCBAE6E09552EFFCA9B78B5184D49D12] - (...) -- C:\Users\nico\AppData\Roaming\cacaoweb\cacaoweb.exe [451072] [PID.2660] =>PUP.CacaoWeb

[MD5.9B8B01150C02F965289BD8856757412A] - (.Michel Krämer - Spamihilator.) -- C:\Program Files\Spamihilator\spamihilator.exe [2024960] [PID.2668]

[MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [65536] [PID.2844]

[MD5.74EF310FAC89341CE2897B7F2C4A7B0F] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [65536] [PID.3016]

[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1312720] [PID.1068]

[MD5.899E8C9723A2EEF9D977A86C07561682] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7254016] [PID.8172]

[MD5.8B4D4F514D330759468E35E35299487C] - (.Avira Operations GmbH & Co. KG - Avira Updater remote GUI.) -- C:\Program Files\Avira\AntiVir Desktop\updrgui.exe [46960] [PID.6316]

[MD5.5FE81700B1C45E6AE9727DFD6EBF8DF7] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [172032] [PID.828]

[MD5.AC6A44D143F5B5089A5404EAE2C0A508] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [360448] [PID.1212]

[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1472]

[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1696]

[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1720]

[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1856]

[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.548]

[MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.3432]

[MD5.E8A39D41474BE42FD8830CED32932D6C] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553440] [PID.3508]

[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4948]

[MD5.136044F7DB2FFA66F88994E4CF48479F] - (.Avira Operations GmbH & Co. KG - Avira Updater.) -- C:\Program Files\Avira\AntiVir Desktop\update.exe [600288] [PID.6228]

~ Processes Running: Scanned in 00mn 00s

 

 

 

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:\Users\nico\AppData\Local\Google\Chrome\User Data\Default\Preferences

G0 - GCSP: Preference [user Data\Default][HomePage] Delta Search =>Toolbar.DeltaSearch

G0 - GCSP: Preference [user Data\Default] Delta Search =>Toolbar.DeltaSearch

G2 - GCE: Preference [user Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.2 (Désactivé)

G2 - GCE: Preference [user Data\Default] [jfmjfhklogoienhpfnppmbcbjfjnkonk] RealPlayer HTML5Video Downloader Extension v.1.5 (Désactivé)

G2 - GCE: Preference [user Data\Default] [pgafcinpmmpklohkojmllohdhomoefph] BrowserProtect v.1.0 (Désactivé) =>Toolbar.Babylon

~ Google Browser: 11 Legitimates Filtered in 00mn 10s

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\prefs.js

C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\user.js

M3 - MFPP: Plugins - [nico] -- C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\searchplugins\babylon.xml =>Toolbar.Babylon

M3 - MFPP: Plugins - [nico] -- C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\searchplugins\delta.xml

M3 - MFPP: Plugins - [nico] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon

M0 - MFSP: prefs.js [nico - 95ts5mqw.default-1347390472428]

M2 - MFEP: prefs.js [nico - 95ts5mqw.default-1347390472428\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.30 (..) =>PUP.CacaoWeb

M2 - MFEP: prefs.js [nico - 95ts5mqw.default-1347390472428\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)

~ Firefox Browser: 63 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search =>Toolbar.DeltaSearch

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pucuy.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = Delta Search =>Toolbar.DeltaSearch

~ IE Browser: 9 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

 

 

 

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll =>Toolbar.DeltaSearch

~ BHO: 7 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll =>Toolbar.DeltaSearch

~ Toolbar: Scanned in 00mn 00s

 

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe

O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\nico\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-21-2526033556-873220062-2426088063-1005\..\Run: [cacaoweb] . (...) -- C:\Users\nico\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb

~ Application: Scanned in 00mn 00s

 

 

 

---\\ Autres liens utilisateurs (O4)

O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - GS\TaskBar: OUTLOOK.EXE.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.exe

O4 - GS\TaskBar: VLC media player.lnk . (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe

O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe

O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\QuickLaunch: Démarrer Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.exe

O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\QuickLaunch: Samsung PC Studio 3.lnk . (...) -- C:\Program Files\Samsung\Samsung PC Studio 3\Launcher.exe

O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe

O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe

O4 - Global Startup: C:\Users\nico\Desktop\Dictionnaire des accords de guitare - Copie (2).URL . (...) -- C:\Users\nico\Desktop\Dictionnaire des accords de guitare - Copie (2).URL

O4 - GS\Desktop: Downloads.lnk . (...) -- C:\Users\nico\Downloads

~ Global Startup: Scanned in 00mn 00s

 

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO

~ IE Extra Buttons: Scanned in 00mn 00s

 

 

 

---\\ Internet Explorer Plugins (O12)

O12 - Plugin for .mu3 .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .mus .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .mxl .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .mya .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .myr .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .myt .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

O12 - Plugin for .xmz .(.Myriad Software. - Myriad music plug-in.) -- C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll

~ IE Extra Buttons: 7 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Site dans la Zone de confiance d'Internet Explorer (O15)

O15 - Trusted Zone: [HKCU\...\Domains] *.canalplay.com

O15 - Trusted Zone: [HKCU\...\Domains] *.canalplusactive.com

O15 - Trusted Zone: [HKLM\...\Domains] *.canalplay.com

O15 - Trusted Zone: [HKLM\...\Domains] *.canalplusactive.com

~ IE Zone Confiance: Scanned in 00mn 00s

 

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

~ Objets ActiveX: Scanned in 00mn 00s

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{502A2182-9A11-4C17-8483-C7D7F0E340EC}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{502A2182-9A11-4C17-8483-C7D7F0E340EC}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{502A2182-9A11-4C17-8483-C7D7F0E340EC}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

~ Domain: Scanned in 00mn 00s

 

 

 

---\\ Protocole additionnel (O18)

O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll

~ Protocole Additionnel: Scanned in 00mn 00s

 

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll =>Toolbar.Babylon

~ AppInit DLL: Scanned in 00mn 00s

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon

~ Services: 6 Legitimates Filtered in 00mn 18s

 

 

 

---\\ Tâches planifiées en automatique (O39)

[MD5.7F91A8D7192B1664D4C4B19996ED8281] [APT] [Test TimeTrigger] (...) -- C:\Users\nico\AppData\Local\Temp\Runner.exe [40587]

[MD5.00000000000000000000000000000000] [APT] [{D70097E3-297F-4AAC-9B1F-A62BB0DA6779}] (...) -- E:\setup.exe (.not file.) [0]

~ Scheduled Task: 17 Legitimates Filtered in 00mn 02s

 

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon

O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM] -- delta

~ Logic: 88 Legitimates Filtered in 00mn 00s

 

 

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon

[HKCU\Software\DataMngr] =>PUP.Datamngr

[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr

[HKCU\Software\Delta]

[HKCU\Software\OfferBox] =>PUP.OfferBox

[HKCU\Software\cacaoweb] =>PUP.CacaoWeb

[HKCU\Software\delta LTD]

[HKCU\Software\f53df8ce63bbd14]

[HKLM\Software\Babylon] =>Toolbar.Babylon

[HKLM\Software\DataMngr] =>PUP.Datamngr

[HKLM\Software\Delta]

[HKLM\Software\OfferBox] =>PUP.OfferBox

[HKLM\Software\f53df8ce63bbd14]

~ Key Software: 226 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 09/04/2013 - 20:03:11 - [2,786] ----D C:\Program Files\Delta

O43 - CFD: 09/04/2013 - 20:02:42 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon

O43 - CFD: 09/04/2013 - 20:03:29 - [8,210] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon

O43 - CFD: 09/04/2013 - 20:02:42 - [0,008] ----D C:\Users\nico\AppData\Roaming\Babylon =>Toolbar.Babylon

O43 - CFD: 09/05/2013 - 11:39:44 - [334,174] ----D C:\Users\nico\AppData\Roaming\cacaoweb =>PUP.CacaoWeb

O43 - CFD: 09/04/2013 - 20:03:10 - [0,259] ----D C:\Users\nico\AppData\Roaming\Delta

O43 - CFD: 10/04/2013 - 08:19:57 - [0,449] ----D C:\Users\nico\AppData\Roaming\OfferBox =>PUP.OfferBox

O43 - CFD: 02/04/2013 - 18:59:59 - [0] ----D C:\Users\nico\AppData\Local\Savings Wave =>PUP.CrossRider

O43 - CFD: 09/04/2013 - 20:03:32 - [0,001] ----D C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Toolbar.Babylon

~ Program Folder: 223 Legitimates Filtered in 00mn 03s

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 09/05/2013 - 11:20:12 ---A- . (...) -- C:\Windows\System32\Drivers\lvuvc.hs [0]

~ Files: 10 Legitimates Filtered in 00mn 02s

 

 

 

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)

O45 - LFCP:[MD5.0A57DCD73C232A7D82069FBF9745D260] - 03/05/2013 - 19:49:23 ---A- - C:\Windows\Prefetch\A57B.TMP-C1279D47.pf

O45 - LFCP:[MD5.063D7EE8AB1F02DE9ED222DEC3BB1781] - 04/05/2013 - 07:53:40 ---A- - C:\Windows\Prefetch\MSOHELP.EXE-DF0446AB.pf

O45 - LFCP:[MD5.AAEB1963D26762EBECA4476C5EE65732] - 04/05/2013 - 20:46:04 ---A- - C:\Windows\Prefetch\8C95.TMP-12E07611.pf

O45 - LFCP:[MD5.4E26F0D0C4A22C7535809FD73DF9FA1C] - 05/05/2013 - 21:31:55 ---A- - C:\Windows\Prefetch\4AB8.TMP-815538A7.pf

O45 - LFCP:[MD5.5AE879F92F88C0BFA2FF4CCE21D77DCE] - 08/05/2013 - 12:31:52 ---A- - C:\Windows\Prefetch\DC59.TMP-DA27784D.pf

O45 - LFCP:[MD5.66F9E3E854370D9A84225FB0B77C6B9D] - 09/05/2013 - 11:09:39 ---A- - C:\Windows\Prefetch\BROWSERPROTECT.EXE-9BC18116.pf =>Toolbar.Babylon

~ Prefetcher: 113 Legitimates Filtered in 00mn 00s

 

 

 

---\\ MountPoints2 Shell Key (O51)

O51 - MPSK:{2ed8a8e3-e1f7-11e1-9f8e-0024215c5470}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)

O51 - MPSK:{6e04f40d-b8f2-11de-9981-0024215c5470}\AutoRun\command. (...) -- H:\LaunchU3.exe (.not file.)

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 20 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]

~ Drivers: Scanned in 00mn 00s

 

 

 

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)

O61 - LFC: 06/05/2013 - 03:12:47 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingD06213DE59171D14D34CCC95AE8B4437.cacao [74281341] =>PUP.CacaoWeb

O61 - LFC: 06/05/2013 - 03:23:23 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingF5CD7100E32A268DE6FE88702054F471.cacao [130729278] =>PUP.CacaoWeb

O61 - LFC: 06/05/2013 - 05:14:01 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingC6BDE46BE47694C08F11B6FC2FC3AF00.cacao [117156978] =>PUP.CacaoWeb

O61 - LFC: 06/05/2013 - 06:12:33 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingE23252D0A80B35736B48FFA9F1DB97E0.cacao [103917305] =>PUP.CacaoWeb

O61 - LFC: 06/05/2013 - 07:39:49 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicating510A9C7CA9089B1EE44D85E552136A80.cacao [353954895] =>PUP.CacaoWeb

O61 - LFC: 06/05/2013 - 08:27:18 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicating30E52FBCA31E940074004BBA744555A2.cacao [510089724] =>PUP.CacaoWeb

O61 - LFC: 08/05/2013 - 05:18:40 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingDE7FB3F49135356057B83438755ADA27.cacao [116907785] =>PUP.CacaoWeb

O61 - LFC: 08/05/2013 - 07:08:04 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicating160B4F026B651524664125481FA5DA39.cacao [194226258] =>PUP.CacaoWeb

O61 - LFC: 08/05/2013 - 07:56:19 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingA04DEAEA1A4F2AA9CEBA51D3AC286793.cacao [584025513] =>PUP.CacaoWeb

O61 - LFC: 09/05/2013 - 00:45:40 ---A- C:\Users\nico\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [269830]

O61 - LFC: 09/05/2013 - 06:42:18 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\replicatingE4ACAD2A4469651B60AC78B0403DCE5E.cacao [47196] =>PUP.CacaoWeb

O61 - LFC: 09/05/2013 - 11:20:27 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\npdfile.dat [202] =>PUP.CacaoWeb

O61 - LFC: 09/05/2013 - 11:34:55 ---A- C:\Users\nico\AppData\Local\Google\Chrome\User Data\Local State [41941]

O61 - LFC: 09/05/2013 - 11:37:52 ---A- C:\Users\nico\AppData\Roaming\cacaoweb\storage.db [5447] =>PUP.CacaoWeb

~ 3 Fichiers temporaires (Temporary files)

~ Files: 216 Legitimates Filtered in 00mn 19s

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

~ ADS: Scanned in 00mn 00s

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (...) -- undll32.exe

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (...) -- undll32.exe

~ FASS Keys: 19 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("avg.install.userHPSettings", "");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("avg.install.userSPSettings", "");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.admin", false);

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.aflt", "babsst");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.autoRvrt", "false");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.bbDpng", "9");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.cntry", "FR");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.dfltLng", "en");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.excTlbr", false);

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.ffxUnstlRst", true);

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.hdrMd5", "F9C9D631245A57D4F679C8DAD6DF2309");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.id", "de1eb7ae0000000000000024215c5470");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.instlDay", "15804");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.instlRef", "sst");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.lastVrsnTs", "1.8.16.1620:03:12");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.newTab", false);

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.prdct", "delta");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.prtnrId", "delta");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.rvrt", "false");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.sg", "azb");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.smplGrp", "azb");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.tlbrId", "base");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.tlbrSrchUrl", "");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.vrsn", "1.8.16.16");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.vrsni", "1.8.16.16");

O69 - SBI: prefs.js [nico - 95ts5mqw.default-1347390472428] user_pref("extensions.delta.vrsnTs", "1.8.16.1620:03:12");

O69 - SBI: SearchScopes [HKCU] {0633EE93-1111-472f-A0FF-E1416B8B2EAA} - (Search) - pucuy.com

O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - Delta Search =>Toolbar.DeltaSearch

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - Bing

O69 - SBI: SearchScopes [HKCU] {79DB772F-1A45-42EB-8C7F-A6ACFC7BE21F} - (Yahoo! Search) - Yahoo! Search - Recherche Web

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.44C9E30CD65C7E829BEBEF40A0609108] [sPRF][09/04/2013] (.Aedge Performance BCN SL - OfferBox setup.) -- C:\Users\nico\AppData\Local\Temp\OB.exe [3435912] =>PUP.OfferBox

[MD5.7F91A8D7192B1664D4C4B19996ED8281] [sPRF][02/11/2012] (...) -- C:\Users\nico\AppData\Local\Temp\Runner.exe [40587]

[MD5.8A0F4351919BC63848CEFA14F0115B10] [sPRF][07/04/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\nico\AppData\Local\Temp\uninst1.exe [394312] =>Toolbar.Babylon

[MD5.5B2DA96D90C95228239806D40B720BD2] [sPRF][13/03/2008] (...) -- C:\Users\nico\AppData\Local\Temp\VP6.reg [340]

[MD5.C88C0C118CBEDD5C9D9227A5E39C6BBF] [sPRF][13/03/2008] (...) -- C:\Users\nico\AppData\Local\Temp\VP6Install.exe [26176]

[MD5.EC96E3D04A2CFEFA37E95A03C87EA284] [sPRF][13/03/2008] (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Users\nico\AppData\Local\Temp\VP6VFW.dll [445504]

[MD5.0BFA8EF43FFA27D7A5A3E15216795A25] [sPRF][13/01/2013] (...) -- C:\Users\nico\Desktop\MorphVOXJunior_Install-1.exe [2889608]

~ Files: Scanned in 00mn 00s

 

 

 

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "TCP Query User{B2DC5203-1FA9-4827-A767-F13DB79F29E4}C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb

O87 - FAEL: "UDP Query User{2BA3A5DF-058A-4E1B-8894-E4EDC28D4F43}C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb

~ Firewall: 250 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Scan Additionnel (O88)

Database Version : v2.11971 - (07/05/2013)

Clés trouvées (Keys found) : 59

Valeurs trouvées (Values found) : 2

Dossiers trouvés (Folders found) : 8

Fichiers trouvés (Files found) : 6

 

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon

[HKCU\Software\delta LTD] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon

[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon

[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon

[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon

[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep

[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon

[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon

[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon

[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon

[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods

[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods

[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings

[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon

[HKCU\Software\cacaoweb] =>PUP.CacaoWeb

[HKCU\Software\DataMngr] =>Adware.Bandoo

[HKLM\Software\DataMngr] =>Adware.Bandoo

[HKCU\Software\OfferBox] =>PUP.OfferBox

[HKLM\Software\OfferBox] =>PUP.OfferBox

[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon

[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon

[HKLM\Software\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox

[HKLM\Software\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox

[HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox

[HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods

[HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch

[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods

[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods

[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods

[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods

[HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods

[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch

[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch

[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch

[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch

[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods

[HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods

[HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods

[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb

[HKCU\Software\Mozilla\Firefox\Extensions]:{0F827075-B026-42F3-885D-98981EE7B1AE} =>Toolbar.Babylon

C:\ProgramData\Babylon =>Toolbar.Babylon

C:\ProgramData\BrowserProtect =>Hijacker.Eazel

C:\Users\nico\AppData\Roaming\Babylon =>Toolbar.Babylon

C:\Users\nico\AppData\Roaming\cacaoweb =>PUP.CacaoWeb

C:\Users\nico\AppData\Roaming\OfferBox =>PUP.OfferBox

C:\Users\nico\AppData\Local\Savings Wave =>PUP.CrossRider

C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\Extensions\cacaoweb@cacaoweb.org =>PUP.CacaoWeb

C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\Extensions\ffxtlbr@delta.com =>PUP.Funmoods

C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\bprotector_extensions.sqlite =>PUP.BProtector

C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\95ts5mqw.default-1347390472428\bprotector_prefs.js =>PUP.BProtector

C:\Users\nico\AppData\Local\Temp\OB.exe =>PUP.OfferBox

C:\Users\nico\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon

~ Additionnel Scan: 274925 Items scanned in 00mn 30s

 

 

 

---\\ Random Export Key (O91)

[HKCU\Software\f53df8ce63bbd14] =>Toolbar.Babylon^

[HKCU\Software\f53df8ce63bbd14]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"

[HKCU\Software\f53df8ce63bbd14]:version="2.6.1125.80"

[HKLM\Software\f53df8ce63bbd14] =>Toolbar.Babylon^

[HKLM\Software\f53df8ce63bbd14]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"

[HKLM\Software\f53df8ce63bbd14]:version="2.6.1125.80"

~ Export Key Software: Scanned in 00mn 00s

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 22/11/2009 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

SS - | Demand 21/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

SR - | Auto 23/09/2009 172032 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe

SR - | Auto 28/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

SR - | Auto 28/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SR - | Auto 2569168 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon

SS - | Disabled 30/12/2009 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Disabled 30/12/2009 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

SR - | Demand 12/12/2012 553440 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe

SS - | Disabled 02/05/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Disabled 71096 | (NMSAccess) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe

SS - | Disabled 19/01/2008 4388192 | (Norton Ghost) . (.Symantec Corporation.) - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

SS - | Disabled 12/08/2011 932240 | (Service CANALPLAY) . (.Canal+ Distribution.) - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe

SS - | Disabled 20/12/2007 1553896 | (SymSnapService) . (.Symantec.) - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 00s

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by nico at 09/05/2013 12:39:42

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85D431F8]<<

1 ntkrnlpa!IofCallDriver[0x8328CBC5] >> \Device\Harddisk0\DR0[0x86BA1200]

\Driver\atapi[0x86A4EC08] >> IRP_MJ_CREATE >> 0x85D431F8

kernel: MBR read successfully

user & kernel MBR OK

~ MBR: 14 Legitimates Filtered in 00mn 02s

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by nico at 09/05/2013 12:39:44

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

 

 

 

~ 1592 Legitimates filtered by white list

End of the scan (644 lines in 02mn 48s)(0)

[Apollo]

Bonjour,

 

Hébergez ces longs fichiers SVP! (voir ma signature).

 

1) Télécharge AdwCleaner par Xplode: Téléchargements - Outils de Xplode - AdwCleaner

 

Enregistre-le sur le bureau (et pas ailleurs).

 

Afin de ne pas fausser les rapports, ne passer les outils qu'une seule fois svp!

 

 

Si tu es sous XP double clique sur AdwCleaner pour lancer l'outil.

Si tu es sous Vista/Seven, clique droit sur AdwCleaner et choisis exécuter en temps qu'administrateur.

 

Clique sur Suppression et laisse travailler l'outil.

 

Le rapport va s'ouvrir en fichier texte; copie la totalité de son contenu et colle-le dans ta réponse.

 

Le rapport est en outre sauvegardé sous C:\AdwCleaner[s1]

 

NB: Si l'outil "cale" en mode normal, le lancer en mode sans échec: Comment démarrer Windows en mode sans échec : Astuces pour Dépanner Windows XP

 

A lire absolument: Lisez d'abord, cliquez après !!! : Questions sur la Sécurité Windows

http://www.vista-xp.fr/forum/topic10389.html

 

-------------------------

 

2) Télécharge Junkware Removal Tool sur le bureau: Junkware Removal Tool Download

 

Sous XP, double-clique sur l'icône et presse une touche lorsque cela sera demandé.

 

Sous Vista/7/8, clic droit/exécuter en temps qu'administrateur.

 

Afin de ne pas fausser les rapports, ne passer les outils qu'une seule fois svp!

 

 

Si l'antivirus fait des siennes: désactive-le provisoirement. Si tu ne sais pas comment faire, reporte-toi à cet article.

 

Poste le rapport généré à la fin de l'analyse.

 

NB: Le bureau disparaitra un instant, c'est normal.

 

 

 

 

----------------------------

3) Télécharger SFTGC.exe sur le Bureau >>>> il ne peut pas être ailleurs!

 

Sous XP, double cliquer sur le fichier.

Sous les autres versions de Windows, clic droit sur le fichier et choisir Exécuter en tant qu'administrateur.

 

Après l'initialisation, cliquer sur Go pour lancer le nettoyage.

 

Un rapport va s'ouvrir à la fin.

Ce rapport est sur le bureau (SFT.txt)

 

Héberger sur Accueil de Cjoint.com pour ne pas planter le sujet.

 

---------------------------

4) Télécharge Malwarebytes' Anti-Malware (MBAM).

 

Enregistre l'exécutable sur le bureau. Malwarebytes : Téléchargement gratuit anti-malware, antivirus et anti-espion

 

Télécharger Malwarebytes´ Anti-Malware - Logithèque PC Astuces

 

Attention, ne rien installer d'autre que MBAM car il est parfois proposé des trucs inutiles comme Registry Booster ou autres bêtises. A éviter donc.

A la fin de l'installation, décocher la case proposant l'essai de la version Pro.

 

 

 

Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à redémarrer le pc, fais-le.

 

Si au redémarrage Windows te dit qu'il a bloqué certains programmes de démarrage, clique sur la bulle puis sur Exécuter les programmes bloqués/Malwarebytes Anti-Malware.

 

@++

[nicoferra]

Merci pour ton aide Apollo,

 

Voici les rapports dans l'ordre demandé :

© CJoint.com, 2012

© CJoint.com, 2012

© CJoint.com, 2012

© CJoint.com, 2012

[Apollo]

Re,

 

Bon travail.

 

3792 éléments supprimés => 1.17 Go libérés. (23 s)

 

SFTG a aéré un peu de disque dur

 

---------

Comment va la machine?

 

Fais ces vérifications de sécurité stp:

 

Apollo Et Compagnie :: A vérifier de temps en temps, important!

 

Le PSI de Secunia est pratique pour connaître les failles dans diverses applications.

 

En français depuis la version 3.0. Très simple d'utilisation.

 

---------------------------

Fais ensuite un nouveau ZHPDiag dont tu voudras bien héberger le rapport stp.

 

@++

[nicoferra]

Voici le dernier rapport :

© CJoint.com, 2012

 

Apparemment j'ai toujours des malwares d'après ZEB HELP PROCESS

[Apollo]

C'est justement pour vérifier que j'ai demander le nouveau ZHPDiag.

 

ZHPFix :

 

• Ferme toutes les applications ouvertes
   
  
• Double-clique sur ZHPFix, raccourci installé par ZHPDiag sur le Bureau
  Important:
  Sous Vista et Windows 7/8 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur.
   
  
• Copie les lignes ci-dessous dans la fenêtre

 

O4 - HKCU\..\Run: [sDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (.not file.)

O4 - HKUS\S-1-5-21-2526033556-873220062-2426088063-1005\..\Run: [sDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (.not file.)

O4 - GS\Desktop: Check for Updates.lnk . (...) -- C:\Program Files\FilesFrog Update Checker\update_checker.exe (.not file.)

[HKCU\Software\BI]

O43 - CFD: 02/04/2013 - 18:59:59 - [0] ----D C:\Users\nico\AppData\Local\Savings Wave

[MD5.44C9E30CD65C7E829BEBEF40A0609108] [sPRF][09/04/2013] (.Aedge Performance BCN SL - OfferBox setup.) -- C:\Users\nico\AppData\Local\Temp\OB.exe [3435912]

[MD5.8A0F4351919BC63848CEFA14F0115B10] [sPRF][07/04/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\nico\AppData\Local\Temp\uninst1.exe [394312]

[MD5.7810AB1CF04E012469C141ABC693D3A7] [sPRF][09/05/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\nico\AppData\Local\Temp\UpdateCheckerSetup.exe [295440]

O87 - FAEL: "TCP Query User{B2DC5203-1FA9-4827-A767-F13DB79F29E4}C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.)

O87 - FAEL: "UDP Query User{2BA3A5DF-058A-4E1B-8894-E4EDC28D4F43}C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.)

[HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32]

[HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS]

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:SDP

C:\Users\nico\AppData\Local\Bundled software uninstaller

C:\Users\nico\AppData\Local\Savings Wave

C:\Users\nico\AppData\Local\Temp\OB.exe

C:\Users\nico\AppData\Local\Temp\uninst1.exe

C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.0

C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.1

C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.2

C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.3

C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.4

C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.5

C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.6

C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.7

C:\Users\nico\AppData\Local\Temp\UpdateCheckerSetup.exe

firewallraz

emptytemp

emptyflash

 

• Le script doit automatiquement apparaitre dans ZHPFix, sinon, colle-le. (avec le bouton "coller le presse-papier)
   
  Clique sur le bouton GO pour lancer le nettoyage

 

• Valide par Oui la désinstallation des programmes si demandé
   
  
• Laisse l'outil travailler. Si un redémarrage est demandé, accepte et redémarre le PC
   
  
• Le rapport ZHPFixReport.txt s'affiche. Copie-colle le contenu de ce rapport dans ta réponse.
  Le rapport ZHPFixReport.txt est enregistré sous C:\ZHP\ZHPFix.txt

 

Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide.

 

--------------------------------

@++

[nicoferra]

Le rapport ZHPFIx :

Rapport de ZHPFix 2013.3.9.1 par Nicolas Coolman, Update du 9/03/2013

Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-09-05-2013-23-58-05.txt

Run by nico at 09/05/2013 23:58:04

High Elevated Privileges : OK

Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

 

Corbeille vidée

 

========== Processus mémoire ==========

SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\OB.exe

SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\uninst1.exe

SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\UpdateCheckerSetup.exe

SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.0

SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.1

SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.2

SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.3

SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.4

SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.5

SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.6

SUPPRIME Memory Process: C:\Users\nico\AppData\Local\Temp\bundlesweetimsetup.exe.7

 

========== Clé(s) du Registre ==========

SUPPRIME Key: HKCU\Software\BI

SUPPRIME Key: HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32

SUPPRIME Key: HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS

SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

 

========== Valeur(s) du Registre ==========

SUPPRIME RunValue: SDP

ABSENT RunValue: SDP

ABSENT TCP Query User{B2DC5203-1FA9-4827-A767-F13DB79F29E4}C:/users/nico/appdata/roaming/cacaoweb/cacaoweb.exe

ABSENT UDP Query User{2BA3A5DF-058A-4E1B-8894-E4EDC28D4F43}C:/users/nico/appdata/roaming/cacaoweb/cacaoweb.exe

ABSENT [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:SDP

ABSENT Valeur Standard Profile: FirewallRaz :

ABSENT Valeur Domain Profile: FirewallRaz :

SUPPRIME FirewallRaz (Private) : TCP Query User{B2DC5203-1FA9-4827-A767-F13DB79F29E4}C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe

SUPPRIME FirewallRaz (Private) : UDP Query User{2BA3A5DF-058A-4E1B-8894-E4EDC28D4F43}C:\users\nico\appdata\roaming\cacaoweb\cacaoweb.exe

 

========== Dossier(s) ==========

SUPPRIME Folder: C:\Users\nico\AppData\Local\Savings Wave

SUPPRIME Folder: c:\users\nico\appdata\local\bundled software uninstaller

SUPPRIME Temporaires Windows

SUPPRIME Flash Cookies

 

========== Fichier(s) ==========

ABSENT File: c:\program files\filesfrog update checker\update_checker.exe

SUPPRIME File: c:\users\nico\desktop\check for updates.lnk

SUPPRIME File*: c:\users\nico\appdata\local\temp\ob.exe

SUPPRIME File*: c:\users\nico\appdata\local\temp\uninst1.exe

SUPPRIME File*: c:\users\nico\appdata\local\temp\updatecheckersetup.exe

ABSENT Folder/File: c:\users\nico\appdata\local\savings wave

ABSENT Folder/File: c:\users\nico\appdata\local\temp\ob.exe

ABSENT Folder/File: c:\users\nico\appdata\local\temp\uninst1.exe

SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.0

SUPPRIME File*: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.1

SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.2

SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.3

SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.4

SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.5

SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.6

SUPPRIME File: c:\users\nico\appdata\local\temp\bundlesweetimsetup.exe.7

ABSENT Folder/File: c:\users\nico\appdata\local\temp\updatecheckersetup.exe

SUPPRIME Temporaires Windows

SUPPRIME Flash Cookies

 

 

========== Récapitulatif ==========

11 : Processus mémoire

4 : Clé(s) du Registre

9 : Valeur(s) du Registre

4 : Dossier(s)

19 : Fichier(s)

 

 

End of clean in 00mn 05s

 

========== Chemin de fichier rapport ==========

C:\ZHP\ZHPFix[R1].txt - 02/04/2013 18:01:09 [7240]

C:\ZHP\ZHPFix[R2].txt - 09/05/2013 23:58:05 [4031]

[Apollo]

Bonjour,

 

Si tout est ok,

 

Désinstaller les outils spéciaux.

 

Télécharge DelFix sur ton bureau. Téléchargements - Outils de Xplode - DelFix

Lance-le et appuie sur le bouton "Supprimer les outils de désinfection". >> Exécuter.

 

NB, tu peux également cocher la case "Purger la restauration système", un nouveau point sera automatiquement créé. Conseillé quand le pc est désinfecté.

 

 

Delfix s'auto-détruira ensuite.

 

++