~ Rapport de ZHPDiag v2013.11.4.4 - Nicolas Coolman (04/11/2013) ~ Lancé par Léa (05/11/2013 23:33:13) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16721 GCIE: Google Chrome v30.0.1599.101 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8 Home Premium Edition, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : 4JMQ6 Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W8 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Java 7 Update 25 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 6035 MB (47% free) System Restore: Activé (Enable) System drive C: has 451 GB (67%) free of 671 GB ---\\ Mode de connexion au système ~ Computer Name: HOME ~ User Name: Léa ~ All Users Names: Léa, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Léa\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Léa\AppData\Roaming\ ~ %Desktop% : C:\Users\Léa\Desktop\ ~ %Favorites% : C:\Users\Léa\Favorites\ ~ %LocalAppData% : C:\Users\Léa\AppData\Local\ ~ %StartMenu% : C:\Users\Léa\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 451 Go of 671 Go) D: CD-ROM drive (Not Inserted) F: CD-ROM drive (Free 0 Go of 1 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024] [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/2473 ~ Mes musiques (My Musics) : 1/280 ~ Mes Videos (My Videos) : 1/174 ~ Mes Favoris (My Favorites) : 1/6 ~ Mes Documents (My Documents) : 2/48 ~ Mon Bureau (My Desktop) : 3/1646 ~ Menu demarrer (Programs) : 1/48 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.FDB491D7E5F9DAD4B05AA4ED01602CC1] - (.Samsung Electronics CO., LTD. - Settings.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2623096] [PID.6460] [MD5.61656290AEFD0E925E91AB02442C4DBB] - (.Samsung Electronics CO., LTD. - SW Update Agent.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883192] [PID.9232] [MD5.177E24726F38D24B10532D7DDEE0DCC7] - (...) -- C:\Users\Léa\AppData\Roaming\cacaoweb\cacaoweb.exe [454656] [PID.6832] =>PUP.CacaoWeb [MD5.8CFAFCD10B661D5770A32111EB4CD266] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528] [PID.740] [MD5.AE29724E282EDBE7D0F49E9982642EFD] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392] [PID.9704] [MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.9460] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.692] [MD5.BF739971EC9B05DAFEC793767B632BA9] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.10160] [MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.2176] [MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752] [PID.9500] [MD5.92F0C2F900FA70F2B614FEDCD59832DA] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Léa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736] [PID.3664] [MD5.FA527B20A81462B981F8E3D030E9739A] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AcroTray.exe [3477640] [PID.5484] [MD5.8E331DBFB86B682696ED16D90EC1F11F] - (.Spotify Ltd - Spotify.) -- C:\Users\Léa\AppData\Roaming\Spotify\spotify.exe [4752384] [PID.6196] [MD5.B748868FAA897E85414BF1588ADFC04C] - (...) -- C:\Users\Léa\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [521216] [PID.9712] [MD5.89BECCA60E9A652934D65EDB72A438A4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8174080] [PID.2612] [MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - Hôte Microsoft WWA.) -- C:\windows\syswow64\wwahost.exe [333824] [PID.2804] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Léa\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://www.google.com G2 - GCE: Preference [User Data\Default] [bfbckhhmjfnmedpakkaaflpnmkamdppf] Fotor Photo Editor v.2.4.0 (Activé) G2 - GCE: Preference [User Data\Default] [bfkpkealncpcbfklpgnggcgjjdkbljop] Ultimate YouTube Downloader v.1.0.3.3 (Activé) =>PUP.Dealio G2 - GCE: Preference [User Data\Default] [ennchkafgbngcmjcbbicbobbdomhmklc] Emma Bridgewater v.2 (Activé) G2 - GCE: Preference [User Data\Default] [iclekbbjgpehabpidkpgnnjmohldmedi] Ajouter \u00E0 Fashiolista ! v.1.3.2 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.5.0 (Activé) ~ Google Browser: 38 Legitimates Filtered in 00mn 44s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline O4 - GS\QuickLaunch [Léa]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [Léa]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Léa]: BitComet - a BitTorrent Client.lnk . (...) -- C:\Program Files (x86)\BitComet\BitComet.exe (.not file.) =>P2P.BitComet O4 - GS\TaskBar [Léa]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [Léa]: IrfanView.lnk . (.Irfan Skiljan - IrfanView.) -- C:\Program Files (x86)\IrfanView\i_view32.exe O4 - GS\Program [Léa]: BitComet.lnk . (...) -- C:\Program Files (x86)\BitComet\BitComet.exe (.not file.) =>P2P.BitComet O4 - GS\Program [Léa]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [Léa]: IrfanView.lnk . (.Irfan Skiljan - IrfanView.) -- C:\Program Files (x86)\IrfanView\i_view32.exe O4 - GS\Desktop [Léa]: Downloads - Raccourci.lnk . (...) -- C:\Users\Léa\AppData\Roaming\Microsoft\Windows\Libraries\Downloads.library-ms O4 - GS\Desktop [Léa]: IrfanView.lnk . (.Irfan Skiljan - IrfanView.) -- C:\Program Files (x86)\IrfanView\i_view32.exe ~ Global Startup: 52 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Bluetooth Suite\BtTray.exe O4 - HKLM\..\Run: [BtvStack] . (.Qualcomm Atheros Commnucations - Extension Core.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Léa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\Léa\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Léa\AppData\Roaming\Spotify\spotify.exe O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (.not file.) O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co O4 - HKUS\S-1-5-21-2830974330-3213038589-3334289725-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Léa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKUS\S-1-5-21-2830974330-3213038589-3334289725-1001\..\Run: [cacaoweb] . (...) -- C:\Users\Léa\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O4 - HKUS\S-1-5-21-2830974330-3213038589-3334289725-1001\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Léa\AppData\Roaming\Spotify\spotify.exe O4 - HKUS\S-1-5-21-2830974330-3213038589-3334289725-1001\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe O4 - HKUS\S-1-5-21-2830974330-3213038589-3334289725-1001\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (.not file.) O4 - HKUS\S-1-5-21-2830974330-3213038589-3334289725-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll =>.Microsoft Corporation ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{8CF71B7A-DE7E-4B15-9F95-37B5A2EBA66F}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\..\{F811A574-8392-4A1E-B776-9B8BA0CCDD6F}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{8CF71B7A-DE7E-4B15-9F95-37B5A2EBA66F}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{F811A574-8392-4A1E-B776-9B8BA0CCDD6F}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (vToolbarUpdater15.4.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe =>Toolbar.AVGSearch O23 - Service: ZAtheros Bt and Wlan Coex Agent (ZAtheros Bt and Wlan Coex Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe ~ Services: 14 Legitimates Filtered in 00mn 05s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{58C12D96-D997-4010-8EFF-D0BF16B9DAB2}] (...) -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (.not file.) [0] =>Hijacker.Eazel ~ Scheduled Task: 15 Legitimates Filtered in 00mn 06s ---\\ Logiciels installés (O42) O42 - Logiciel: BitComet 1.35 64-bit - (.CometNetwork.) [HKLM][64Bits] -- BitComet_x64 =>P2P.BitComet ~ Logic: 82 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BitComet] =>P2P.BitComet [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKLM\Software\Airplane] ~ Key Software: 165 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 05/08/2013 - 00:02:02 - [0] ----D C:\Program Files (x86)\myPIX O43 - CFD: 05/11/2013 - 21:08:17 - [10,513] ----D C:\Users\Léa\AppData\Roaming\BitComet =>P2P.BitComet O43 - CFD: 05/11/2013 - 22:51:51 - [403,173] ----D C:\Users\Léa\AppData\Roaming\cacaoweb =>PUP.CacaoWeb ~ Program Folder: 154 Legitimates Filtered in 00mn 09s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.7BDF7481DCDD43EAC6EDB0EBE9906C4B] - 03/11/2013 - 18:33:30 ---A- - C:\Windows\Prefetch\BLUETOOTHCONTROL64.EXE-103C6532.pf O45 - LFCP:[MD5.4391C3023C81E1B2B6A47BEEBE956B8F] - 03/11/2013 - 18:33:32 ---A- - C:\Windows\Prefetch\EASYSETTINGSCMDSERVER.EXE-1B8CA773.pf O45 - LFCP:[MD5.20E47F4876937D1B9559AB9CE71D8D13] - 03/11/2013 - 18:34:02 ---A- - C:\Windows\Prefetch\CACAOWEB.EXE-4AA2FF77.pf =>PUP.CacaoWeb O45 - LFCP:[MD5.8626C3D32805DB902CFE7E14B1FA31D7] - 03/11/2013 - 18:37:33 ---A- - C:\Windows\Prefetch\MOBILEAPSET.EXE-2C67F0CE.pf O45 - LFCP:[MD5.383182341E2EC8F9FA30CB6A791789D8] - 03/11/2013 - 19:28:14 ---A- - C:\Windows\Prefetch\dynreservedpri.db O45 - LFCP:[MD5.00A9662FB024F76FFA253353067CCD7D] - 05/11/2013 - 11:42:52 ---A- - C:\Windows\Prefetch\VIDEOSNAPSHOT.EXE-2C8DDE5F.pf O45 - LFCP:[MD5.79100AE2FC8793B4141C4420C09065DB] - 05/11/2013 - 16:12:07 ---A- - C:\Windows\Prefetch\BITCOMET.EXE-7284570E.pf =>P2P.BitComet O45 - LFCP:[MD5.8093DFAC24A94263DAF3BE690289BA71] - 05/11/2013 - 21:05:49 ---A- - C:\Windows\Prefetch\UPNP.EXE-EC88BFD3.pf O45 - LFCP:[MD5.5E3C36E0E1BB1722BB62E44D42B7205D] - 05/11/2013 - 22:54:43 ---A- - C:\Windows\Prefetch\SPOTIFY.EXE-E859AC09.pf O45 - LFCP:[MD5.A5333524CB7A6F693045F6CBDA0EF863] - 05/11/2013 - 23:33:17 ---A- - C:\Windows\Prefetch\VENDORAPIRUN64.EXE-358606D0.pf O45 - LFCP:[MD5.1A1273ED7B2929CAA0824EF0B01224F4] - 08/10/2013 - 11:12:02 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf O45 - LFCP:[MD5.F669A0DDEA8E12813FFB7310759F284F] - 10/10/2013 - 16:31:56 ---A- - C:\Windows\Prefetch\CLEANUPTXRLOGS.EXE-E3BABE71.pf O45 - LFCP:[MD5.E70774B691A3796FC1A6BCFAA4BBE853] - 13/10/2013 - 16:53:19 ---A- - C:\Windows\Prefetch\SPOTIFY_NEW.EXE-97C29D26.pf O45 - LFCP:[MD5.82F08BA8D119CF43E1AAA11CBB69ABB7] - 23/10/2013 - 13:57:52 ---A- - C:\Windows\Prefetch\VIRTUALDRIVE.EXE-018D4C1C.pf O45 - LFCP:[MD5.EA5DD054DCD491BE7378FE9B28252D8D] - 23/10/2013 - 13:57:59 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf O45 - LFCP:[MD5.820458022A20D890C770989D99FCC3B7] - 31/10/2013 - 11:15:30 ---A- - C:\Windows\Prefetch\CACAONEW5B9E89.EXE-95522201.pf =>PUP.CacaoWeb ~ Prefetcher: 189 Legitimates Filtered in 00mn 00s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.194ED3C117525613E701FF257882303E] - 27/07/2012 - 13:00:03 ---A- . (.Windows (R) Win 7 DDK provider - HID Radio Switch mini driver for USB Fx2 Device.) -- C:\Windows\System32\Drivers\RadioHIDMini.sys [23408] ~ Drivers: 18 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 05/11/2013 - 23:35:26 ---A- . (...) -- C:\Users\Léa\AppData\Local\Google\Chrome\User Data\Local State [47459] O61 - LFC: 05/11/2013 - 23:38:43 ---A- . (...) -- C:\Users\Léa\AppData\Roaming\BitComet\archive\6ddfa44cd3fac7f45dfe9d9e78147e51874283e1.torrent [7882] =>P2P.BitComet O61 - LFC: 05/11/2013 - 23:38:44 ---A- . (...) -- C:\Users\Léa\AppData\Roaming\BitComet\BitComet.xml [4167] =>P2P.BitComet O61 - LFC: 05/11/2013 - 23:38:44 ---A- . (...) -- C:\Users\Léa\AppData\Roaming\BitComet\Downloads.xml [2393] =>P2P.BitComet O61 - LFC: 05/11/2013 - 23:38:44 ---A- . (...) -- C:\Users\Léa\AppData\Roaming\BitComet\Downloads.xml.bak [2393] =>P2P.BitComet O61 - LFC: 05/11/2013 - 23:38:44 ---A- . (...) -- C:\Users\Léa\AppData\Roaming\BitComet\archive\fc544b9585bb2f37377e980cb66103af140e55e0.torrent [32090] =>P2P.BitComet O61 - LFC: 05/11/2013 - 23:38:47 ---A- . (...) -- C:\Users\Léa\AppData\Roaming\BitComet\share\6ddfa44cd3fac7f45dfe9d9e78147e51874283e1.torrent [7882] =>P2P.BitComet O61 - LFC: 05/11/2013 - 23:38:51 ---A- . (...) -- C:\Users\Léa\AppData\Roaming\BitComet\share\fc544b9585bb2f37377e980cb66103af140e55e0.torrent [32090] =>P2P.BitComet O61 - LFC: 05/11/2013 - 23:38:51 ---A- . (...) -- C:\Users\Léa\AppData\Roaming\BitComet\torrents\How.I.Met.Your.Mother.S09E08.HDTV.x264-2HD.mp4.torrent [7882] =>P2P.BitComet O61 - LFC: 05/11/2013 - 23:38:51 ---A- . (...) -- C:\Users\Léa\AppData\Roaming\BitComet\torrents\How.I.Met.Your.Mother.S09E08.HDTV.x264-2HD.mp4.xml [102260] =>P2P.BitComet O61 - LFC: 05/11/2013 - 23:38:51 ---A- . (...) -- C:\Users\Léa\AppData\Roaming\cacaoweb\storage.db [845] =>PUP.CacaoWeb O61 - LFC: 05/11/2013 - 23:38:55 ---A- . (...) -- C:\Users\Léa\AppData\Roaming\ZHP\ZHPDiag.txt [14213] =>.Nicolas Coolman O61 - LFC: 05/11/2013 - 23:38:56 ---A- . (...) -- C:\Users\Léa\Downloads\0487_001 (1).pdf [43564] O61 - LFC: 05/11/2013 - 23:38:56 ---A- . (...) -- C:\Users\Léa\Downloads\0487_001.pdf [43564] O61 - LFC: 05/11/2013 - 23:38:58 ---A- . (...) -- C:\Users\Léa\Downloads\adwcleaner (1).exe [1073262] O61 - LFC: 05/11/2013 - 23:39:25 ---A- . (...) -- C:\Users\Léa\Downloads\how.i.met.your.mother.the.lighthouse.(2013).fre.1cd.(5257060).zip [16386] O61 - LFC: 05/11/2013 - 23:39:34 ---A- . (...) -- C:\Users\Léa\Downloads\Non confirmé 355508.crdownload [0] O61 - LFC: 05/11/2013 - 23:39:57 ---A- . (...) -- C:\Users\Léa\Downloads\[kickass.to]how.i.met.your.mother.s09e08.hdtv.x264.2hd.eztv.torrent [7882] O61 - LFC: 05/11/2013 - 23:40:00 ---A- . (...) -- C:\Users\Léa\Downloads\[kickass.to]the.walking.dead.s04e04.hdtv.x264.2hd.ettv.torrent [32090] ~ 6 Fichiers temporaires (Temporary files) ~ Files: 810 Legitimates Filtered in 05mn 12s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 10 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Enumère les fichiers Crack & Keygen (CKF) (O82) C:\Downloads\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]\Adobe Acrobat XI\AcroPro.msi C:\Downloads\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]\Adobe Acrobat XI\Setup.exe C:\Downloads\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]\Adobe Acrobat XI\VC10RT_x64\vc_red.msi C:\Downloads\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]\Adobe Acrobat XI\WindowsInstaller-KB893803-v2-x86.exe C:\Downloads\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]\Adobe Acrobat XI\AcroPro.msi C:\Downloads\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]\Adobe Acrobat XI\Setup.exe C:\Downloads\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]\Adobe Acrobat XI\VC10RT_x64\vc_red.msi C:\Downloads\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]\Adobe Acrobat XI\WindowsInstaller-KB893803-v2-x86.exe ~ Files: Scanned in 00mn 34s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{09802C2D-5EB3-4DD8-A446-B66C61F4A6D6}C:\users\léa\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\léa\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{B8A1DF5F-68E0-491C-AD14-943255B43A68}C:\users\léa\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\léa\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb ~ Firewall: 254 Legitimates Filtered in 00mn 01s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 23/09/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 01/08/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 31/10/2012 231040 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe SR - | Demand 28/12/2010 1296728 | (BITCOMET_HELPER_SERVICE) . (.www.BitComet.com.) - C:\Program Files\BitComet\tools\BitCometService.exe =>P2P.BitComet SS - | Demand 17/09/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SR - | Auto 05/09/2012 1593976 | (Easy Launcher) . (.Samsung Electronics CO., LTD..) - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe SS - | Auto 03/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 03/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 18/07/2012 128896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe SR - | Auto 18/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 18/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SS - | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 18/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 31/07/2013 1616048 | (vToolbarUpdater15.4.0) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe =>Toolbar.AVGSearch SS - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 31/10/2012 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe ~ Services: Scanned in 00mn 33s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Léa at 05/11/2013 23:41:41 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Léa at 05/11/2013 23:41:43 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 12971 - (04/11/2013) Clés trouvées (Keys found) : 15 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 4 Fichiers trouvés (Files found) : 3 [HKLM\Software\Google\Chrome\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop] =>PUP.Dealio^ [HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater15.4.0] =>Toolbar.AVGSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitComet_x64] =>P2P.BitComet^ [HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke [HKLM\Software\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\secman.DLL] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKLM\Software\Wow6432Node\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb^ C:\Users\Léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop =>PUP.Dealio^ C:\Users\Léa\AppData\Roaming\BitComet =>P2P.BitComet^ C:\Users\Léa\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^ C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch C:\Users\Léa\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb^ [HKCU\Software\BitComet] =>P2P.BitComet^ C:\Users\Léa\Downloads\cacaoweb.exe =>PUP.CacaoWeb ~ Additionnel Scan: 275504 Items scanned in 00mn 32s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb =>PUP.CacaoWeb ~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio ~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel ~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma ~ MSI: 6 link(s) detected in 00mn 32s ~ 1949 Legitimates filtered by white list End of the scan (497 lines in 09mn 02s)(8)