Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par grom2
#195486
Bonjour à  tous, ravi de découvrir l'existence de ce forum et surtout du dévouement de ses membres, impressionnant..

Passons tout de suite aux choses "sérieuses"
Ma machine a bien ralenti suite a une visite sur un site proposant un décrypteur de clé wifi.
Avast s'est mis en route, mais depuis ça rame tout de même.

Le rapport ZHDIAG:
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.8.13.118 - Nicolas Coolman (13/08/2014)
~ Lancé par Antoine (14/08/2014 23:29:51)
~ Adresse du Site Web http://nicolascoolman.fr" onclick="window.open(this.href);return false;
~ Adresse du Forum http://forum.nicolascoolman.fr" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à  jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 31.0 (Defaut)
GCIE: Google Chrome v36.0.1985.125

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 2.0.2.1012
Spybot - Search & Destroy v2.1.21
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.09

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 14 Plugin
Java 7 Update 55

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4072 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 27 GB (8%) free of 302 GB

---\\ Mode de connexion au système
~ Computer Name: ANTOINE-PC
~ User Name: Antoine
~ All Users Names: HomeGroupUser$, Antoine, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Antoine\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Antoine\AppData\Roaming\
~ %Desktop% : C:\Users\Antoine\Desktop\
~ %Favorites% : C:\Users\Antoine\Favorites\
~ %LocalAppData% : C:\Users\Antoine\AppData\Local\
~ %StartMenu% : C:\Users\Antoine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 27 Go of 302 Go)
D: Hard drive, Flash drive, Thumb drive (Free 371 Go of 372 Go)
E: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18/06/2014 - 23:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3428
~ Mes musiques (My Musics) : 20/6299
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/323
~ Mon Bureau (My Desktop) : 1/1952
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 07s



---\\ Processus lancés
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1300]
[MD5.7910158929571214A959D5A6D16DD9C0] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1348]
[MD5.563206BA66F0170735096AA74CA0F682] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [166528] [PID.1104]
[MD5.7D2C5F5A9DF7AE26B4E62E2D7032B96B] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [82944] [PID.2100]
[MD5.5BB1F77C8AF725A15EC9366498D275BB] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992] [PID.2112]
[MD5.DE3B04D5AF8A1578F5430697546EB157] - (.ASUSTeK Computer Inc. - LiveUpdate.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1545856] [PID.2136]
[MD5.A391896CD406E6377F5CEF31FDC12019] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [155648] [PID.2640]
[MD5.37DEB76A2CF005841C4E45DE2B94D84F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.2796]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.2160]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968] [PID.2880]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113208] [PID.2884]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.2996]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.3084]
[MD5.8292C93AA02A0451E243A3CF97878968] - (.syncables, LLC - Syncables.) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe [370480] [PID.3404]
[MD5.7EE22E13DEC8A6D18F4643C1EA34B0F0] - (.Virage Logic Corporation / Sonic Focus - ASUS_MATray.exe.) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400] [PID.4012]
[MD5.79A3B950988F8D2B81906D0C0473158B] - (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624] [PID.1040]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016] [PID.2028]
[MD5.FD22B00049F775E952371E9C3DAC631B] - (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536] [PID.3708]
[MD5.C252C2303FE79F201E64F269FEFF0DDB] - (.cyberlink - brs.) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe [75048] [PID.3868]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3212]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.4232]
[MD5.479321C119B54D7F13A91E16CF7C2E9A] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [378472] [PID.4392]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.912]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3984]
[MD5.45D9E6C134735854866608931269B43E] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe [145184] [PID.5600]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1424]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.6232]
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [135664] [PID.3576]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.6204]
[MD5.6AE8E702D1027A9627DDE2B77BB9992B] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928] [PID.2020]
[MD5.95AA9E165C7DE1B64A11E8B18E91E499] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560] [PID.4040]
[MD5.D31398D4BB4907B517B6E784C2100C4A] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688] [PID.7148]
[MD5.DC2E338E63159454B71659D82515A04E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8091648] [PID.6780]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Antoine\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 20s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Antoine]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Antoine\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Antoine]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Antoine\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Run: [IntelPAN] . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [Syncables] . (.syncables, LLC - Syncables.) -- C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe
O4 - HKLM\..\Wow6432Node\Run: [SonicMasterTray] . (.Virage Logic Corporation / Sonic Focus - ASUS_MATray.exe.) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [Wireless Console 3] . (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Wow6432Node\Run: [BDRegion] . (.cyberlink - brs.) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-896355638-3571867695-197123161-1000\..\Run: [Syncables] . (.syncables, LLC - Syncables.) -- C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
~ Application: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.samsungsetup.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC788CF8-93ED-4BFA-96C4-8513C9CACFEC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DC788CF8-93ED-4BFA-96C4-8513C9CACFEC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DC788CF8-93ED-4BFA-96C4-8513C9CACFEC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 17 Legitimates Filtered in 00mn 03s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{829380DC-A78E-4F1B-BC6E-35BA26E5BAB5}] (...) -- C:\Users\Antoine\Desktop\French\Disk1\Setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-896355638-3571867695-197123161-1000Core [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-896355638-3571867695-197123161-1000UA [1104]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1078]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-896355638-3571867695-197123161-1000Core [1034]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-896355638-3571867695-197123161-1000UA [1086]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AdsFix]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\mybestofferstoday] =>PUP.MyBestOffersToday
[HKLM\Software\AdsFix]
[HKLM\Software\Wow6432Node\AdsFix]
~ Key Software: 303 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/05/2014 - 13:51:29 - [] ----D C:\Program Files (x86)\Torrent Privacy
O43 - CFD: 23/12/2013 - 02:36:38 - [] ----D C:\ProgramData\81510444ceabb558
O43 - CFD: 23/12/2013 - 02:34:35 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 22/05/2014 - 13:51:29 - [] ----D C:\Users\Antoine\AppData\Roaming\TorrentPrivacy
O43 - CFD: 14/08/2014 - 23:08:39 - [] ----D C:\Users\Antoine\AppData\Local\30499
~ 6 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 187 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CE86199026291A9CDB754AD4A1B5EE5D] - 05/08/2014 - 21:08:55 ---A- . (...) -- C:\Windows\win.ini [505]
O44 - LFC:[MD5.5E48EDB0CA8F5DF099C5758CB3F466F0] - 10/08/2014 - 13:37:14 ---A- . (...) -- C:\Windows\comsetup.log [756]
O44 - LFC:[MD5.2F895669CF96FAAC91EE9C3AC9879351] - 12/08/2014 - 22:40:10 ---A- . (...) -- C:\AdsFix.txt [4460]
O44 - LFC:[MD5.023DEBD4ADC959EBFF8BAD1EF98CB388] - 14/08/2014 - 22:10:29 ---A- . (...) -- C:\Windows\System32\ServiceFilter.ini [1730]
~ Files: 18 Legitimates Filtered in 00mn 01s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{366df6b3-0b2b-11e3-91ca-14dae9ad54cc}\AutoRun\command. (...) -- G:\HPLauncher.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\cacaoweb [Key] . (...) -- C:\Users\Antoine\AppData\Roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
~ SMSR Keys: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336] =>.ALWIL Software
O58 - SDL:30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [204880] =>.ALWIL Software
O58 - SDL:08/07/2013 - 18:13:50 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:12/04/2011 - 22:18:08 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [142632]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:01/11/2012 - 19:25:26 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [42248]
O58 - SDL:20/07/2009 - 10:29:40 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:01/11/2012 - 19:31:08 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [40712]
O58 - SDL:17/04/2010 - 00:07:28 ---A- . (...) -- C:\Windows\System32\Drivers\TurboB.sys [13832]
~ Drivers: 78 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 12/08/2014 - 23:30:50 ---A- . (...) -- C:\Users\Antoine\Downloads\adwcleaner_3.304.exe [1366203]
O61 - LFC: 14/08/2014 - 23:30:50 ---A- . (...) -- C:\Users\Antoine\Desktop\AdsFix.exe [2894848]
O61 - LFC: 14/08/2014 - 23:30:50 ---A- . (...) -- C:\Users\Antoine\Desktop\adwcleaner_3.305.exe [1356107]
~ 94 Fichiers temporaires (Temporary files)
~ 30 Fichiers cookies (Cookies files)
~ Files: 6 Legitimates Filtered in 00mn 05s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.90E1D86D979B92738A47D7072CB22DA8] [SPRF][07/07/2010] (...) -- C:\ProgramData\FullRemove.exe [131472]
[MD5.B98BD79E6F5136E2AAF368855355E7F1] [SPRF][14/08/2014] (.Pas de propriétaire - Browser Ads Cleaner.) -- C:\Users\Antoine\Desktop\AdsFix.exe [2894848]
[MD5.504721808E6196C52D15ECC1238180F0] [SPRF][14/08/2014] (...) -- C:\Users\Antoine\Desktop\adwcleaner_3.305.exe [1356107]
[MD5.5E7AEB372B2A416450F0D5CB8CFE2C29] [SPRF][19/10/2012] (...) -- C:\Users\Antoine\Desktop\K.J_121019E.exe [25544236]
~ Files: 5 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{CC05D28D-F8E7-46E2-B1B1-3211AF2F9D72}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Antoine\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{9DEB1A4E-B05E-4625-87AA-E71689FE69D9}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Antoine\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent-7_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent-7_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
~ BTK: 190 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{2E83568E-0640-4025-B60D-A4A6AE7C6076}] (uiMeshPrepCompPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{3366F6CE-2DDD-4F91-B80C-7960B169E02C}] (uiMeshDoctorPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{33F346BB-F43E-455A-A633-5F5FC689D4D0}] (uiMeshDecoWizardPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{AC1789A1-CEB9-479E-852B-6608F910033C}] (uiMeshManipulationPage Class) =>PUP.iMesh
[HKCR\CLSID\{D2DDE660-A14E-4D3D-A0CB-0C9AE7736085}] (uiMeshRelaxPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{E3FCFE4B-1A8A-4D1D-85C6-F84B0E98B43B}] (uiMeshSplitPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{F3AE0F4E-C3C6-41FB-BE1D-39F7A7A6319D}] (uiMeshSmoothPage_c Class) =>PUP.iMesh
~ BCK: 5046 Legitimates Filtered in 00mn 05s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 04/03/2011 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SS - | Auto 12/11/2010 241648 | (CLKMSVC10_38F51D56) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
SS - | Demand 15/10/2009 87336 | (CoordinatorServiceHost) . (.Dassault Systèmes SolidWorks Corp..) - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
SS - | Demand 08/07/2013 867080 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 08/07/2013 1315592 | (FLEXnet Licensing Service 64) . (.Acresso Software Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Auto 13/04/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2011 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Demand 01/08/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 02/05/2011 340240 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 08/07/2013 79360 | (SolidWorks Licensing Service) . (.SolidWorks.) - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 15/12/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 02/05/2011 1517328 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 05/06/2011 993896 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 02/05/2011 844560 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 05/06/2011 378472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 17/04/2010 134928 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Antoine at 14/08/2014 23:31:41
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by Antoine at 14/08/2014 23:31:43
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (13/08/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 9

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb] =>PUP.CacaoWeb^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
C:\ProgramData\InstallMate =>PUP.Tarma^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\mybestofferstoday] =>PUP.MyBestOffersToday^
[HKCR\CLSID\{2E83568E-0640-4025-B60D-A4A6AE7C6076}] (uiMeshPrepCompPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{3366F6CE-2DDD-4F91-B80C-7960B169E02C}] (uiMeshDoctorPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{33F346BB-F43E-455A-A633-5F5FC689D4D0}] (uiMeshDecoWizardPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{AC1789A1-CEB9-479E-852B-6608F910033C}] (uiMeshManipulationPage Class) =>PUP.iMesh^
[HKCR\CLSID\{D2DDE660-A14E-4D3D-A0CB-0C9AE7736085}] (uiMeshRelaxPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{E3FCFE4B-1A8A-4D1D-85C6-F84B0E98B43B}] (uiMeshSplitPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{F3AE0F4E-C3C6-41FB-BE1D-39F7A7A6319D}] (uiMeshSmoothPage_c Class) =>PUP.iMesh^
~ Additionnel Scan: 312352 Items scanned in 00mn 18s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/" onclick="window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/" onclick="window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/" onclick="window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/" onclick="window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/toolbar-conduit" onclick="window.open(this.href);return false; =>Toolbar.Conduit
http://nicolascoolman.fr/pup-tarma" onclick="window.open(this.href);return false; =>PUP.Tarma
http://nicolascoolman.fr/pup-cacaoweb" onclick="window.open(this.href);return false; =>PUP.CacaoWeb
http://nicolascoolman.fr/pup-imesh" onclick="window.open(this.href);return false; =>PUP.iMesh
~ MSI: 4 link(s) detected in 00mn 00s



~ 853 Legitimates filtered by white list
End of the scan (498 lines in 02mn 10s)(0)

Le rapport malwarebyte:
Code: Tout sélectionner
Malwarebytes Anti-Malware
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Scan Date: 14/08/2014
Scan Time: 20:43:46
Logfile: mw.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.14.09
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Antoine

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306661
Time Elapsed: 11 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{E20100D9-EE6D-4C68-B7BD-8F459845DD52}, Quarantined, [3e436c5af08b0135168de2c614ed3bc5],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA0B3812-154D-4226-97AE-34BD2E515764}, Quarantined, [3e436c5af08b0135168de2c614ed3bc5],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA0B3812-154D-4226-97AE-34BD2E515764}, Quarantined, [3e436c5af08b0135168de2c614ed3bc5],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E20100D9-EE6D-4C68-B7BD-8F459845DD52}, Quarantined, [3e436c5af08b0135168de2c614ed3bc5],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, Quarantined, [1a6716b06219a98d3c5ca53714ee07f9],
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, Quarantined, [3d44883e9cdfbb7b4bfc09d3bb4712ee],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\istartsurf uninstall, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],

Registry Values: 1
PUP.Optional.FastStart.A, HKU\S-1-5-21-896355638-3571867695-197123161-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [40414482b0cb53e3154428be3dc5dd23]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\code, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],

Files: 31
PUP.Optional.Amonetize, C:\Users\Antoine\Downloads\Wifi Password Hack 2013 V5 0 G Downloader__3687_i1106462724_il1301118.exe, Quarantined, [dea321a53d3eb383ccd71098a25f6898],
PUP.Optional.Amonetize, C:\Users\Antoine\Downloads\Wifi Password Hack__5160_i1106435715_il1069030.exe, Quarantined, [3e436c5af08b0135168de2c614ed3bc5],
PUP.Optional.Amonetize, C:\Users\Antoine\AppData\Local\30499\a13112.exe, Quarantined, [8af7c006f883e74fbc5fb7eb53ae21df],
PUP.Optional.IStartSurf.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml, Quarantined, [057c10b6512a1c1ab51888557b878a76],
PUP.Optional.ContinueToSave.A, C:\Users\Antoine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage, Quarantined, [e0a15e68a4d7142266af974930d2bf41],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\247.json, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\MessageBox.xml, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\uninstallDlg2.xml, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\UninstallManager.exe, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\bg.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\bg1.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\bk_shadow.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\button.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\button1.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\checkbox.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\checkbox_select.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\checked.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\close.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\loading_bg.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\loading_light.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\min.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\scrollbar.bmp, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\Thumbs.db, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\unchecked.png, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\code\code1.jpg, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\code\code2.jpg, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\code\code3.jpg, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\code\code4.jpg, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\code\code5.jpg, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\code\code6.jpg, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],
PUP.Optional.IStartSurf.A, C:\Users\Antoine\AppData\Roaming\istartsurf\images\code\Thumbs.db, Quarantined, [9ee3a0262c4f3204ddbc5582778b7987],

Physical Sectors: 0
(No malicious items detected)


(end)
Le rapport adwcleaner:

Code: Tout sélectionner
# AdwCleaner v3.305 - Rapport créé le 14/08/2014 à  23:52:30
# Mis à  jour le 14/08/2014 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Antoine - ANTOINE-PC
# Exécuté depuis : C:\Users\Antoine\Desktop\adwcleaner_3.305.exe
# Option : Scanner

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Tà¢ches planifiées ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Présente : HKCU\Software\Conduit
Clé Présente : [x64] HKCU\Software\Conduit
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 fr)

[ Fichier : C:\Users\Antoine\AppData\Roaming\Mozilla\Firefox\Profiles\exl4romb.default-1407269112085\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Fichier : C:\Users\Antoine\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13658 octets] - [05/08/2014 22:07:22]
AdwCleaner[R1].txt - [2454 octets] - [12/08/2014 22:31:58]
AdwCleaner[R2].txt - [1517 octets] - [14/08/2014 20:38:28]
AdwCleaner[R3].txt - [1514 octets] - [14/08/2014 23:26:01]
AdwCleaner[R4].txt - [1309 octets] - [14/08/2014 23:52:30]
AdwCleaner[S0].txt - [10482 octets] - [05/08/2014 22:08:29]
AdwCleaner[S1].txt - [2486 octets] - [12/08/2014 22:35:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1490 octets] ##########
Je n'arrive pas a faire fonctionner adsfix, il démarre, se mets a jour se relance et ça éternellement.(il me dit aussi que spybot est lancé, je ne sais pas le désactiver)
Modifié en dernier par g3n-h@ckm@n le ven. 15 août 2014 00:03, modifié 1 fois. Raison : référencement
Avatar du membre
par g3n-h@ckm@n
#195489
salut pour spybot désinstalle -le il sert à  rien

===

pour adsfix , tente en le prenant ici :

http://www.aht.li/2159847/AdsFix.exe" onclick="window.open(this.href);return false;
Avatar du membre
par g3n-h@ckm@n
#195491
ok ca se passe juste au dessus ^^
Avatar du membre
par g3n-h@ckm@n
#196110
salut il est sur le bureau dans tes icones

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)