Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
Avatar du membre
par pomm_94
#133364
Bonsoir,

Mon ordinateur doit être sacrément infesté de virus vu comment il rame et vu le nombre de pubs qui s'ouvrent toute seule.

J'ai fait un scan adwcleaner, malware et zhp dont j'ai mis les rapports.

Pouvez vous m'aider??

Merci bcp :)
Code: Tout sélectionner
{# AdwCleaner v3.103 - Rapport créé le 21/04/2014 à  23:19:49
# Mis à  jour le 21/04/2014 par Xplode
# Système d'exploitation : Windows 8.1 (64 bits)
# Nom d'utilisateur : constance - POM
# Exécuté depuis : C:\Users\constance\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

Service Supprimé : BackupStack
Service Supprimé : IePluginService
Service Supprimé : nuttkoqiez64
[#] Service Supprimé : pricemeterliveUpdate
[#] Service Supprimé : pricemeterliveUpdatem
Service Supprimé : SECUREASSIST
Service Supprimé : Wpm

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\IePluginService
[!] Dossier Supprimé : C:\ProgramData\PriceMeterLiveUpdate
Dossier Supprimé : C:\ProgramData\WPM
Dossier Supprimé : C:\Program Files (x86)\Iminent
Dossier Supprimé : C:\Program Files (x86)\IminentToolbar
Dossier Supprimé : C:\Program Files (x86)\Mobogenie
Dossier Supprimé : C:\Program Files (x86)\MyPC Backup
Dossier Supprimé : C:\Program Files (x86)\Mysearchdial
Dossier Supprimé : C:\Program Files (x86)\Nosibay
[!] Dossier Supprimé : C:\Program Files (x86)\PriceMeterLiveUpdate
Dossier Supprimé : C:\Program Files (x86)\RegClean Pro
Dossier Supprimé : C:\Program Files (x86)\Re-markit
Dossier Supprimé : C:\Program Files (x86)\SupraSavings
Dossier Supprimé : C:\Program Files (x86)\SupTab
Dossier Supprimé : C:\Program Files (x86)\Systweak Support Dock
Dossier Supprimé : C:\Program Files (x86)\Wajam
Dossier Supprimé : C:\Program Files (x86)\fst_fr_54
Dossier Supprimé : C:\Program Files\003
Dossier Supprimé : C:\Program Files\SupraSavings
Dossier Supprimé : C:\Users\constance\.android
Dossier Supprimé : C:\Users\constance\AppData\Local\cool_mirage
Dossier Supprimé : C:\Users\constance\AppData\Local\CrashRpt
Dossier Supprimé : C:\Users\constance\AppData\Local\lollipop
Dossier Supprimé : C:\Users\constance\AppData\Local\Mobogenie
Dossier Supprimé : C:\Users\constance\AppData\Local\PriceMeter
Dossier Supprimé : C:\Users\constance\AppData\Local\PriceMeterLiveUpdate
Dossier Supprimé : C:\Users\constance\AppData\Local\SwvUpdater
Dossier Supprimé : C:\Users\constance\AppData\Local\Wajam
Dossier Supprimé : C:\Users\constance\AppData\Local\fst_fr_54
Dossier Supprimé : C:\Users\constance\AppData\Roaming\Mysearchdial
Dossier Supprimé : C:\Users\constance\AppData\Roaming\newnext.me
Dossier Supprimé : C:\Users\constance\AppData\Roaming\Nosibay
Dossier Supprimé : C:\Users\constance\AppData\Roaming\SupTab
Dossier Supprimé : C:\Users\constance\AppData\Roaming\Systweak
Dossier Supprimé : C:\Users\constance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Dossier Supprimé : C:\Users\constance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
Dossier Supprimé : C:\Users\constance\Documents\Mobogenie
Fichier Supprimé : C:\WINDOWS\SysWOW64\SecureAssist.ini
Fichier Supprimé : C:\WINDOWS\SysWOW64\SecureAssistOff.ini
Fichier Supprimé : C:\WINDOWS\System32\SecureAssist.ini
Fichier Supprimé : C:\WINDOWS\System32\SecureAssistOff.ini
Fichier Supprimé : C:\Users\constance\daemonprocess.txt
Fichier Supprimé : C:\Users\constance\AppData\Local\mysearchdial-speeddial.crx
Fichier Supprimé : C:\Users\constance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Fichier Supprimé : C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Fichier Supprimé : C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Fichier Supprimé : C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Fichier Supprimé : C:\WINDOWS\System32\Tasks\pricemeterdownloader
Fichier Supprimé : C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
Fichier Supprimé : C:\WINDOWS\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA
Fichier Supprimé : C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
Fichier Supprimé : C:\WINDOWS\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore
Fichier Supprimé : C:\WINDOWS\System32\Tasks\pricemetertask
Fichier Supprimé : C:\WINDOWS\System32\Tasks\pricemeterwatcher

***** [ Raccourcis ] *****

Raccourci Désinfecté : C:\Users\Public\Desktop\Google Chrome.lnk
Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Raccourci Désinfecté : C:\Users\constance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Raccourci Désinfecté : C:\Users\constance\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Raccourci Désinfecté : C:\Users\constance\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Raccourci Désinfecté : C:\Users\constance\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Raccourci Désinfecté : C:\Users\constance\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Clé Supprimée : HKCU\Software\Classes\Applications\lollipop.exe
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0051382.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0051382.BHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0051382.Sandbox
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0051382.Sandbox.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131182}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132282}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135582}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136682}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134482}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131182}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131182}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132282}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135582}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136682}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131182}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Clé Supprimée : HKCU\Software\1ClickDownload
Clé Supprimée : HKCU\Software\installedbrowserextensions
Clé Supprimée : HKCU\Software\suprasavings
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\Rr Savings
Clé Supprimée : HKCU\Software\AppDataLow\Software\suprasavings
Clé Supprimée : HKLM\Software\DealPlyLive
Clé Supprimée : HKLM\Software\IePlugin
Clé Supprimée : HKLM\Software\installedbrowserextensions
Clé Supprimée : HKLM\Software\qone8Software
Clé Supprimée : HKLM\Software\suprasavings
Clé Supprimée : HKLM\Software\supTab
Clé Supprimée : HKLM\Software\supWPM
Clé Supprimée : HKLM\Software\Wpm
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Clé Supprimée : [x64] HKLM\SOFTWARE\installedbrowserextensions
Clé Supprimée : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Clé Supprimée : [x64] HKLM\SOFTWARE\Rr Savings
Clé Supprimée : [x64] HKLM\SOFTWARE\suprasavings
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16518

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v34.0.1847.116

[ Fichier : C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : homepage

*************************

AdwCleaner[R0].txt - [12957 octets] - [21/04/2014 23:13:01]
AdwCleaner[S0].txt - [10694 octets] - [21/04/2014 23:19:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10755 octets] ##########}
Code: Tout sélectionner
{Malwarebytes Anti-Malware
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Date de l'examen: 22/04/2014
Heure de l'examen: 00:11:11
Fichier journal: malwarevytes.txt
Administrateur: Oui

Version: 2.00.1.1004
Base de données Malveillants: v2014.03.04.09
Base de données Rootkits: v2014.02.20.01
Licence: Essai
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Chameleon: Désactivé(e)

Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: constance

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 284401
Temps écoulé: 33 min, 56 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Désactivé(e)
Shuriken: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Clés du Registre: 4
PUP.Optional.1ClickMovieDownload.A, HKLM\SOFTWARE\WOW6432NODE\1ClickMovie-Download V9.0, , [64e5ac538ded8ea86cf38d000df5639d],
PUP.Optional.1ClickMovieDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\1ClickMovie-Download V9.0, , [b49521de057510265b03404d34ceca36],
PUP.Optional.1ClickMovieDownload.A, HKU\S-1-5-21-4251379365-3564927970-2822429743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\1ClickMovie-Download V9.0, , [be8bac53d7a342f43f1f385528daff01],
PUP.Optional.1ClickMovieDownload.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1ClickMovie-Download V9.0, , [2a1f1ee1512959dd2ea58307f2109868],

Valeurs du Registre: 0
(No malicious items detected)

Données du Registre: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[ff4a956a92e8fc3a4af9fb34cd37bd43]

Dossiers: 13
PUP.Optional.1ClickMovieDownloader.A, C:\Program Files (x86)\1clickmoviedownloader.com, , [84c5d827a4d6e74fc61fa0e7b15137c9],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\userCode, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\icons, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\icons\actions, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\api, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\popupResource, , [b19831ce21598caa0cc8f39740c2748c],

Fichiers: 108
PUP.Optional.SkyTech.A, C:\Users\constance\AppData\Local\Temp\fullpackage_temp1397075804\alilog.dll, , [202946b997e32412d9250c73b848b848],
PUP.Optional.SkyTech.A, C:\Users\constance\AppData\Local\Temp\fullpackage_temp1397075804\package1.zip, , [e66307f82d4d4fe7877781fe847c649c],
PUP.Optional.IePluginService.A, C:\Users\constance\AppData\Local\Temp\fullpackage_temp1397075804\tmp\SupTab.exe, , [fa4fc53a2b4fc86e6ecc0494d62b7f81],
PUP.Optional.WpManager, C:\Users\constance\AppData\Local\Temp\fullpackage_temp1397075804\tmp\wpm.exe, , [0d3c1ce3d2a8e452c2a3aaf8926fd729],
PUP.Optional.OneClickDownloader.A, C:\Users\constance\Downloads\Game.of.Thrones.S04E01.PROPER.VOSTFR.HDTV.XviD-ATeam-GameofThrones.vovf.eu (1).exe, , [b891d32c8befbe785e99aaa9fb06ed13],
PUP.Optional.OneClickDownloader.A, C:\Users\constance\Downloads\Game.of.Thrones.S04E01.PROPER.VOSTFR.HDTV.XviD-ATeam-GameofThrones.vovf.eu.exe, , [71d87986166463d329ce1a3932cfde22],
PUP.Optional.Bubbledock.A, C:\Users\constance\AppData\Roaming\Bubble Dock.boostrap.log, , [bf8a1be4bdbdd165eaf7dcb7748eae52],
PUP.Optional.1ClickMovieDownloader.A, C:\Program Files (x86)\1clickmoviedownloader.com\FreeTVDownloader.exe, , [84c5d827a4d6e74fc61fa0e7b15137c9],
PUP.Optional.1ClickMovieDownloader.A, C:\Program Files (x86)\1clickmoviedownloader.com\ftvextsetup.exe, , [84c5d827a4d6e74fc61fa0e7b15137c9],
PUP.Optional.1ClickMovieDownloader.A, C:\Program Files (x86)\1clickmoviedownloader.com\uninst.exe, , [84c5d827a4d6e74fc61fa0e7b15137c9],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-bg.exe, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-bho.dll, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-bho64.dll, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-buttonutil.dll, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-buttonutil.exe, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-buttonutil64.dll, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-buttonutil64.exe, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-codedownloader.exe, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0.ico, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\51382.crx, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\51382.xpi, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.exe, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3.exe, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4.exe, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5.exe, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\background.html, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\Uninstall.exe, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.1ClickMovieDownload.A, C:\Program Files (x86)\1ClickMovie-Download V9.0\utils.exe, , [2a1f1ee1512959dd2ea58307f2109868],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\background.html, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\chromeCoreFilesIndex.txt, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\crossriderManifest.json, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\manifest.json, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\popup.html, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\manifest.xml, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins.json, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\1.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\1000020.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\1000025.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\1000030.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\102.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\103.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\104.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\123.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\13.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\14.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\155.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\17.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\175.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\177.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\180.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\182.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\183.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\19.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\190.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\193.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\195.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\207.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\21.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\22.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\220.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\223.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\246.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\28.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\4.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\47.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\64.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\7.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\72.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\78.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\80.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\9.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\91.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\93.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\plugins\97.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\userCode\background.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\extensionData\userCode\extension.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\icons\icon128.png, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\icons\icon16.png, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\icons\icon48.png, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\icons\actions\1.png, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\background.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\main.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\platformVersion.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\api\chrome.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\api\cookie.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\api\message.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\api\monitor.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\api\pageAction.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\api\pageActionBG.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\app_api.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\bg_app_api.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\consts.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\cookie_store.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\crossriderAPI.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\delegate.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\events.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\extensionDataStore.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\installer.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\logFile.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\logging.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\onBGDocumentLoad.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\reports.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\storageWrapper.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\updateManager.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\util.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\xhr.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\popupResource\newPopup.js, , [b19831ce21598caa0cc8f39740c2748c],
PUP.Optional.CrossRider.A, C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm\1.26.39_0\js\lib\popupResource\popup.js, , [b19831ce21598caa0cc8f39740c2748c],

Secteurs physiques: 0
(No malicious items detected)


(end)}
Avatar du membre
par pomm_94
#133365
dernier rapport :merci2:
Code: Tout sélectionner
{~ Rapport de ZHPDiag v2014.4.21.36 - Nicolas Coolman (21/04/2014)
~ Lancé par constance (22/04/2014 00:18:56)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à  la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16659
GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : KD4D6
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.3.350
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Reader X MUI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3981 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 105 GB (56%) free of 186 GB

---\\ Mode de connexion au système
~ Computer Name: POM
~ User Name: constance
~ All Users Names: HomeGroupUser$, constance, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\constance\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\constance\AppData\Roaming\
~ %Desktop% : C:\Users\constance\Desktop\
~ %Favorites% : C:\Users\constance\Favorites\
~ %LocalAppData% : C:\Users\constance\AppData\Local\
~ %StartMenu% : C:\Users\constance\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 105 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 04:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/11/2013 - 08:08:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.725EF69B2DBEB7B33280019A556201BC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/03/2014 - 11:35:58.) -- C:\Windows\system32\Drivers\ntfs.sys [2008408]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.31/01/2014 - 17:15:23.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 06s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4334
~ Mes musiques (My Musics) : 2/30
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 6/30
~ Mon Bureau (My Desktop) : 2/226
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 21s



---\\ Processus lancés
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.2596]
[MD5.C570FD825751F7805CE226F68C4605DE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54488] [PID.1392]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.2884]
[MD5.C81E206D2DDBD18396506C2978F2C6BA] - (...) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [171224] [PID.2932]
[MD5.25A7E7174C622D3B8D0D2681EE87E4FA] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.3564]
[MD5.2F03C763EE0DFB4DE56176737DEFB2E2] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [21184] [PID.3204]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.3232]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.2196]
[MD5.B9562F200149C64CC53D47F969CEA6C3] - (.Microsoft Corporation - Hôte Microsoft WWA.) -- C:\WINDOWS\syswow64\wwahost.exe [518656] [PID.1316]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.5292]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.5396]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.4592]
[MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.5308]
[MD5.343E19B2F141B65FA1723385C664F861] - (.Spotify Ltd - Spotify.) -- C:\Users\constance\AppData\Roaming\Spotify\spotify.exe [6087224] [PID.5972]
[MD5.F6041A72058ADD22166C31B5FD5E919C] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\constance\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000] [PID.3260]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.5728]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288] [PID.6176]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.6896]
[MD5.2362B857693DA580E04ECE28F7D67E7E] - (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\aprp.exe [3187360] [PID.6356]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.3252]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.7124]
[MD5.6368A4CF33B29665A504ABC2EA4D8385] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7938048] [PID.6912]
[MD5.5777523CDDD178ECFE1BBDB7A3F2D6CF] - (...) -- C:\Users\constance\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [602680] [PID.6776]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://start.mysearchdial.com" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Googleà‚ Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [gphjehcgndcjccmghmjmeeabfecdiilm] 1ClickMovie-Download V9.0 v.1.26.39, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Googleà‚ Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.2.3, (Désactivé) =>PUP.QuickStart

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 21s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Waves MAXXAudio.lnk . (...) -- C:\Program Files (x86)\Realtek\Audio\HDA\MaxxAudioControl64.exe (.not file.)
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\QuickLaunch [constance]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [constance]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [constance]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [constance]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [constance]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 48 Legitimates Filtered in 00mn 05s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [constance]: OneNote 2010 - Capture d‚écran et lancement.lnk . (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\constance\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\constance\AppData\Roaming\Spotify\Spotify.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\constance\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [iTunesHelper] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUSWebStorage] . (.ASUS Cloud Corporation - ASUS WebStorage Panel.) -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-21-4251379365-3564927970-2822429743-1001\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-4251379365-3564927970-2822429743-1001\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-4251379365-3564927970-2822429743-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\constance\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-4251379365-3564927970-2822429743-1001\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\constance\AppData\Roaming\Spotify\Spotify.exe
O4 - HKUS\S-1-5-21-4251379365-3564927970-2822429743-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\constance\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-4251379365-3564927970-2822429743-1001\..\Run: [iTunesHelper] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-4251379365-3564927970-2822429743-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à  OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3ED5859F-5403-40FA-B189-FFCC84E842A0}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F44732C-3A51-4DB7-9E50-CD0DA7035FC1}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC146ECC-0B7E-41FA-B8D2-17281C324C06}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3ED5859F-5403-40FA-B189-FFCC84E842A0}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F44732C-3A51-4DB7-9E50-CD0DA7035FC1}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{DC146ECC-0B7E-41FA-B8D2-17281C324C06}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1] (...) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-codedownloader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2] (...) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3] (...) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4] (...) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5] (...) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5.exe (.not file.) [0]
[MD5.C81E206D2DDBD18396506C2978F2C6BA] [APT] [ASUS Splendid ColorU] (...) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [171224]
O39 - APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1 - (...) -- C:\Windows\Tasks\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1.job [1444] =>PUP.CrossRider
O39 - APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2 - (...) -- C:\Windows\Tasks\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.job [1388] =>PUP.CrossRider
O39 - APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3 - (...) -- C:\Windows\Tasks\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3.job [3162] =>PUP.CrossRider
O39 - APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4 - (...) -- C:\Windows\Tasks\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4.job [2292] =>PUP.CrossRider
O39 - APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5 - (...) -- C:\Windows\Tasks\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5.job [1496] =>PUP.CrossRider
~ Scheduled Task: 34 Legitimates Filtered in 00mn 23s



---\\ Logiciels installés (O42)
O42 - Logiciel: Price Meter (remove only) - (.Price Meter.) [HKCU][64Bits] -- Price Meter =>PUP.PriceMeter
O42 - Logiciel: SupraSavings - (.SupraSavings.) [HKLM][64Bits] -- {E6B105B8-1F65-4428-9397-1DFD8A03B94D} =>PUP.SupraSavings
~ Logic: 27 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\PriceMeter] =>PUP.PriceMeter
~ Key Software: 177 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/01/2014 - 21:00:19 - [] ----D C:\Program Files (x86)\PC Cleaner =>USP.PCCleaner
O43 - CFD: 09/04/2014 - 22:31:00 - [] ----D C:\Users\constance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com =>PUP.SoftwareEngine
~ Program Folder: 116 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0DE593914F0268FB2B4DE7B9C7B33057] - 09/04/2014 - 21:38:58 ---A- . (.SecureAssist - WFP driver.) -- C:\Windows\System32\Drivers\SAWFP64.sys [41768] =>PUP.SupraSavings
~ Files: 21 Legitimates Filtered in 02mn 09s



---\\ Derniers fichiers malwares créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.28F803FEE76BE09943D57D45DC4335D6] - 19/04/2014 - 09:48:49 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-D2D9F9B9.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.B56528312CA1ACFCC0496CEE2B292A81] - 21/04/2014 - 14:19:07 ---A- - C:\Windows\Prefetch\PRICEMETER.EXE-E642B963.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.9AAAD0A827E0D43BCE970FEF441EC27A] - 21/04/2014 - 22:01:43 ---A- - C:\Windows\Prefetch\PRICEMETERLIVEUPDATE.EXE-78B4F584.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.15DE84CAB22DED3F013C6EAD20A9E693] - 12/04/2014 - 22:45:08 ---A- - C:\Windows\Prefetch\PRICEMETERLIVEUPDATEHANDLER.E-4B6DF71D.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.6CC6FB4883D7EF6BF6BB1B761756EAC6] - 11/04/2014 - 00:37:34 ---A- - C:\Windows\Prefetch\PRICEMETERW.EXE-C650C11E.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.DA843415EC06A00EA1F93FBAB8104693] - 12/04/2014 - 10:49:28 ---A- - C:\Windows\Prefetch\SUPTAB.EXE-948D75A7.pf =>PUP.SupTab
~ Prefetcher: 6 Legitimates Filtered in 00mn 03s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:02/08/2012 - 04:22:48 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:18/03/2014 - 14:12:04 ---A- . (.SecureAssist - WFP driver.) -- C:\Windows\System32\Drivers\SAWFP64.sys [41768] =>PUP.SupraSavings
O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:13/12/2012 - 14:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 17 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 19/04/2014 - 00:28:24 ---A- . (...) -- C:\Users\constance\Downloads\tableau budget trésorerie .xlsx [10457]
O61 - LFC: 21/04/2014 - 00:24:02 ---A- . (...) -- C:\Users\constance\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [306100]
O61 - LFC: 21/04/2014 - 00:24:09 ---A- . (...) -- C:\Users\constance\AppData\Local\Google\Chrome\User Data\Local State [69079]
O61 - LFC: 21/04/2014 - 00:28:09 ---A- . (...) -- C:\Users\constance\AppData\Roaming\sp_data.sys [62]
O61 - LFC: 21/04/2014 - 00:28:12 ---A- . (...) -- C:\Users\constance\Downloads\1339148784-50708.pdf [1197975]
O61 - LFC: 21/04/2014 - 00:28:13 ---A- . (...) -- C:\Users\constance\Downloads\adwcleaner.exe [1324843]
O61 - LFC: 21/04/2014 - 00:28:14 ---A- . (...) -- C:\Users\constance\Downloads\AIDE_MEMOIRE_EXCEL_2007_s1A_5.pdf [860630]
O61 - LFC: 21/04/2014 - 00:28:16 ---A- . (...) -- C:\Users\constance\Downloads\Le cartel_des_palaces_parisiens (1).pdf [211822]
O61 - LFC: 21/04/2014 - 00:28:16 ---A- . (...) -- C:\Users\constance\Downloads\Le cartel_des_palaces_parisiens.pdf [211822]
O61 - LFC: 21/04/2014 - 00:28:17 ---A- . (...) -- C:\Users\constance\Downloads\livreblanc4.pdf [2857577]
O61 - LFC: 21/04/2014 - 00:28:17 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (1).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:17 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (10).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (11).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (12).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (13).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (14).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (15).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (16).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (17).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (18).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (19).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (2).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (20).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (21).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (3).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (4).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (5).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (6).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (7).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (8).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04 (9).doc [78336]
O61 - LFC: 21/04/2014 - 00:28:18 ---A- . (.Guillaume.) -- C:\Users\constance\Downloads\Marketing_résumé_2e_03-04.doc [78336]
O61 - LFC: 21/04/2014 - 00:28:24 ---A- . (...) -- C:\Users\constance\Downloads\Theme 4 Chapitre 1 - PRESENTATION DE LA NOTION DE CONTRAT.docx [28715]
O61 - LFC: 21/04/2014 - 00:28:24 ---A- . (...) -- C:\Users\constance\Downloads\Theme 4 Chapitre 2 - LA FORMATION DU CONTRAT (1).docx [28759]
O61 - LFC: 21/04/2014 - 00:28:24 ---A- . (...) -- C:\Users\constance\Downloads\Theme 4 Chapitre 2 - LA FORMATION DU CONTRAT.docx [166624]
O61 - LFC: 21/04/2014 - 00:28:26 ---A- . (...) -- C:\Users\constance\Links\Photos iCloud.lnk [160]
~ Files: 74 Legitimates Filtered in 04mn 37s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.72110F1F18C34AD782CE40ACD2644548] [SPRF][21/04/2014] (...) -- C:\Users\constance\AppData\Roaming\sp_data.sys [62]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "8B501B6E56F182443979D1DFA8309BD4" . (.SupraSavings.) -- c:\WINDOWS\Installer\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}\icon64.ico =>PUP.SupraSavings
O90 - PUC: "BD04C21DD7DC68D42958E5F22E63394E" . (.SupraSavings.) -- c:\WINDOWS\Installer\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}\icon64.ico =>PUP.SupraSavings
~ Update Products: 2 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][09/04/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\3e66a6f0.msi [3162112] =>PUP.SupraSavings
[MD5.9A5263D3C011F34BFA10C5458CF27197] [WIS][09/04/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\3e66a6f5.msi [4997120] =>PUP.SupraSavings
~ WIS: 2 Legitimates Filtered in 00mn 08s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
~ BTK: 24 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 14/03/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SS - | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 04/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 14/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 05/10/2012 110976 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 01/10/2012 30080 | (DptfParticipantProcessorService) . (.Intel Corporation.) - C:\Windows\System32\DptfParticipantProcessorService.exe
SR - | Auto 01/10/2012 31616 | (DptfPolicyConfigTDPService) . (.Intel Corporation.) - C:\Windows\System32\DptfPolicyConfigTDPService.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 20/12/2012 45488 | (WakeupService) . (.ASUSTek Computer Inc..) - C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 25s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by constance at 22/04/2014 00:32:51
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by constance at 22/04/2014 00:32:53
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (21/04/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 8

[HKLM\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Meter] =>PUP.PriceMeter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}] =>PUP.SupraSavings^
C:\Users\constance\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
C:\Program Files (x86)\PC Cleaner =>USP.PCCleaner^
C:\Users\constance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com =>PUP.SoftwareEngine^
C:\Windows\Tasks\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1.job =>PUP.CrossRider^
C:\Windows\Tasks\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.job =>PUP.CrossRider^
C:\Windows\Tasks\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3.job =>PUP.CrossRider^
C:\Windows\Tasks\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4.job =>PUP.CrossRider^
C:\Windows\Tasks\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5.job =>PUP.CrossRider^
[HKCU\Software\PriceMeter] =>PUP.PriceMeter^
C:\Windows\Installer\3e66a6f0.msi =>PUP.SupraSavings^
C:\Windows\Installer\3e66a6f5.msi =>PUP.SupraSavings^
~ Additionnel Scan: 252458 Items scanned in 00mn 57s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/41962558-pup-quickstart" onclick="window.open(this.href);return false; =>PUP.QuickStart
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider" onclick="window.open(this.href);return false; =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/41981105-pup-pricemeter" onclick="window.open(this.href);return false; =>PUP.PriceMeter
http://nicolascoolman.webs.com/apps/blog/show/42067481-pup-suprasavings" onclick="window.open(this.href);return false; =>PUP.SupraSavings
http://nicolascoolman.webs.com/apps/blog/show/29956939-usp-pccleaner" onclick="window.open(this.href);return false; =>USP.PCCleaner
http://nicolascoolman.webs.com/apps/blog/show/29758660-pup-softwareengine" onclick="window.open(this.href);return false; =>PUP.SoftwareEngine
http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup" onclick="window.open(this.href);return false; =>PUP.MyPCBackup
http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab" onclick="window.open(this.href);return false; =>PUP.SupTab
~ MSI: 9 link(s) detected in 00mn 00s



~ 876 Legitimates filtered by white list
End of the scan (514 lines in 14mn 57s)(0)}
Avatar du membre
par kink06
#133366
Bonsoir, ;)

Tu n'as pas supprimer ce que MalwareBytes a trouvé !

A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à  gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.


2)
  • Télécharge Junkware Removal Tool (de thisisu) sur ton bureau.
  • Lance Junkware Removal Tool, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Appuie sur n'importe quelle touche.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à  été créé.
  • Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

3)
  • Désactive ton antivirus
  • Télécharge Shortcut_Module sur ton bureau.

    Note : Enregistrer votre travail avant de continuer !
  • Lance Shortcut_Module,
  • Clic sur Nettoyer

    Image

    Note : Patiente le temps du scan
  • Laisse travailler l'outil même s'il te parait bloqué
  • Si l'outil détecte un proxy que tu ne connais pas clic sur : "Supprimer le proxy"
  • Héberge le rapport C:\Shortcut_Module_date_heure.txt sur http://upload.sosvirus.net/" onclick="window.open(this.href);return false; puis donne le lien obtenu

puis:

Nouveau scan ZHPDiag
Refais un scan avec ZHPDiag poste ensuite son rapport en lien. => Poste le contenu de ce rapport en utilisant cet hébergeur de fichiers :Sosupload
Aide: comment héberger un fichier sur Sosupload
Avatar du membre
par kink06
#137583
Il est ou ?Bonjour Hello,
Sans réponse de ta part, je considère le problème comme résolu !,
Il est pourtant très important de suivre une désinfection jusqu'au bout. En effet, même si les symptômes qui t'on amené à demander de l'aide on disparu, ton ordinateur reste toutefois infecté. Tu dois savoir également que notre aide est bénévole, voir ton sujet abandonné sans aucune explication est pour nous un manque de respect. Merci de respecter les personnes qui donnent de leur temps afin de vous aider. Quoiqu'il en soit, nous laissons ton sujet ouvert au cas où tu décides de revenir ... @ Bientôt sur SosVirus.
Il est ou ?

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)