[Maurice Vassilitch]

Bonjour à tous,

Le PC de mes parents est vérolé tant et si bien qu'ils ne peuvent même plus ouvrir ie8 (c'est pas une grande perte vous allez me dire ! )

J'ai suivi les trois procédures et j'obtiens ceci :

-ZHPdiag

Code: Tout sélectionner

~ Rapport de ZHPDiag v2014.5.31.79 - Nicolas Coolman (31/05/2014)
~ Lancé par christine (31/05/2014 18:16:55)
~ Adresse du Site Web https://nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Internet Security v9.0.2018
Trusteer Sécurité des points d'accès v3.5.1307.76
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4076 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 332 GB (73%) free of 454 GB

---\\ Mode de connexion au système
~ Computer Name: CHRISTINE-PC
~ User Name: christine
~ All Users Names: christine, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\christine\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\christine\AppData\Roaming\
~ %Desktop% : C:\Users\christine\Desktop\
~ %Favorites% : C:\Users\christine\Favorites\
~ %LocalAppData% : C:\Users\christine\AppData\Local\
~ %StartMenu% : C:\Users\christine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 332 Go of 454 Go)
D: Hard drive, Flash drive, Thumb drive (Free 282 Go of 454 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2011 - 06:30:29.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/03/2014 - 07:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 06:33:59.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/9734
~ Mes musiques (My Musics) : 13/3852
~ Mes Videos (My Videos) : 1/11
~ Mes Favoris (My Favorites) : 1/50
~ Mes Documents (My Documents) : 1/416
~ Mon Bureau (My Desktop) : 2/41
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 18s



---\\ Processus lancés
[MD5.9C63BAEE102BB99BC10D6E56F3AED7BC] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2640152] [PID.2344]
[MD5.CBDE95D1122FC04AF029F2BDE36D9484] - (.ITE Tech. Inc. - ITECIR Filter Application for RCMM Protocol.) -- C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe [603752] [PID.2916]
[MD5.D4543C87D3AC0B8A29EBA0B33C165B38] - (.Pas de propriétaire - Time Inspector.) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5676656] [PID.2924]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2364]
[MD5.D2BF8B1568789A25CE8889A645499FD8] - (.CyberLink - MediaEspresso DeviceDetector.) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [986208] [PID.3812]
[MD5.A1741C3B79F9DF8895E05EF43579E74B] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3780]
[MD5.0FC14BE5CF18C16F83011B5ED8CEC445] - (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912] [PID.3532]
[MD5.02081691225E79F298A36A786C5C869C] - (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [626792] [PID.3940]
[MD5.193B1D98DCD8FF8D1FCD0F990DC5EDA5] - (.Creative Technology Ltd - THXAudio.) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720] [PID.292]
[MD5.9F96F98409B89C5806F4380867DD48E0] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.704]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3888648] [PID.1000]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.4500]
[MD5.6877258ACB29024D4681BC4FE8B63E8D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.1292]
[MD5.26C5CB49D0FF828BB0FD36FD379B6EBE] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392] [PID.960]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1384]
[MD5.55FF0FFE359702D2E2B99DF5CBB3DD06] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [109048] [PID.1652]
[MD5.1474F121C3DF1232D3E7239C03691EE6] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 9.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408] [PID.1760]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1832]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1888]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [36456] [PID.1976]
[MD5.E4693409D06785477A49FB34AFAE1B92] - (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088] [PID.1404]
[MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624] [PID.2064]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2104]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2184]
[MD5.46F230E8E90237D35F3A28F1BA03AD49] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.3164]
[MD5.13AA2130F2A104DD775EAD0F0EE5417B] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [598312] [PID.2340]
[MD5.A93420F6BFBC3DFBB3BE8F5C58DAA2CA] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.4472]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\christine\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Googleà‚Â Wallet v.0.0.6.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\p2omdrub.default\prefs.js
M2 - MFEP: prefs.js [christine - p2omdrub.default\jid1-yZwVFzbsyfMrqQ@jetpack] [] Lavasoft Search Plugin v0.6 (..)
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.rechercherweb.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.rechercherweb.com
~ IE Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [THXCfg64] . (.Creative Technology Ltd. - Pas de description.) -- C:\Windows\system32\THXCfg64.dll
O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe =>.Symantec Corporation
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [THX Audio Control Panel] . (.Creative Technology Ltd - THXAudio.) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdReg] . (.Creative Technology Ltd. - Creative UpdReg.) -- C:\Windows\UpdReg.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{46C89CDD-F53A-432A-AA6F-6BF7A2EE9E4B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8390D4D2-EB8B-4D9B-B5BD-DD7E561BAD3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{46C89CDD-F53A-432A-AA6F-6BF7A2EE9E4B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8390D4D2-EB8B-4D9B-B5BD-DD7E561BAD3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{46C89CDD-F53A-432A-AA6F-6BF7A2EE9E4B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8390D4D2-EB8B-4D9B-B5BD-DD7E561BAD3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (sasnative64) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.03262DB7886A3953BBFC34535FA9C3C8] [APT] [FileAdvisorCheck] (...) -- C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2216616]
[MD5.F15945323AF428B653330E725EB93B7C] [APT] [FileAdvisorUpdate] (.File Type Advisor.) -- C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [3750512]
[MD5.D4543C87D3AC0B8A29EBA0B33C165B38] [APT] [TimeInspectorRun] (...) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5676656]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1074]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 04s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (wStLib64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLib64.sys =>PUP.LinkiDoo
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Candy Crush Saga Packages - (...) [HKCU][64Bits] -- Candy Crush Saga Packages
O42 - Logiciel: File Type Advisor 1.6 - (...) [HKLM][64Bits] -- File Type Advisor_is1
O42 - Logiciel: Time Inspector 1.1 - (...) [HKLM][64Bits] -- Time Inspector_is1
~ Logic: 48 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\FileAdvisor]
[HKCU\Software\IncrediMail]
~ Key Software: 348 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 31/05/2014 - 07:15:04 - [] ----D C:\Program Files (x86)\File Type Advisor
O43 - CFD: 16/05/2014 - 07:15:39 - [] ----D C:\Program Files (x86)\Time Inspector
O43 - CFD: 16/05/2014 - 07:17:54 - [] ----D C:\Users\christine\AppData\Roaming\AdvertismentImages
O43 - CFD: 31/05/2014 - 06:54:42 - [0] ----D C:\Users\christine\AppData\Roaming\FileAdvisor
O43 - CFD: 31/05/2014 - 18:17:23 - [] ----D C:\Users\christine\AppData\Roaming\Time Inspector
~ 1606 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 1830 Legitimates Filtered in 00mn 21s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0EF694242F94FB46CA9F18F93A723D50] - 31/05/2014 - 13:46:00 ---A- . (...) -- C:\Windows\IE10_main.log [11753]
~ Files: 16 Legitimates Filtered in 00mn 05s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:11/05/2014 - 18:19:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:11/05/2014 - 18:19:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:11/05/2014 - 18:19:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:30/06/2011 - 07:03:04 ---A- . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- C:\Windows\System32\Drivers\EtronHub3.sys [54784]
O58 - SDL:30/06/2011 - 07:03:02 ---A- . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- C:\Windows\System32\Drivers\EtronXHCI.sys [77696]
O58 - SDL:16/04/2013 - 18:34:04 ---A- . (.GFI Software - GFI Boot Time Operations Driver.) -- C:\Windows\System32\Drivers\gfibto.sys [14456]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2010 - 16:57:08 ---A- . (.ITE Tech. Inc. - ITE Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\itecir.sys [69736]
O58 - SDL:22/03/2011 - 14:27:46 ---A- . (.ITE Tech. Inc. - ITECIR Filter Driver.) -- C:\Windows\System32\Drivers\ITECIRfilter.sys [28264]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:18/03/2014 - 07:02:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLib64.sys [61120] =>PUP.LinkiDoo
~ Drivers: 84 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 30/05/2014 - 18:18:59 ---A- . (.monAlbumPhoto.) -- C:\Users\christine\Downloads\monAlbumPhoto_Setupalt_3.5(1).exe [25260456]
O61 - LFC: 30/05/2014 - 18:18:59 ---A- . (.monAlbumPhoto.) -- C:\Users\christine\Downloads\monAlbumPhoto_Setupalt_3.5.exe [25260456]
O61 - LFC: 31/05/2014 - 18:18:59 ---A- . (...) -- C:\Users\christine\Downloads\adwcleaner_3.211 (1).exe [1327971]
O61 - LFC: 31/05/2014 - 18:18:59 ---A- . (...) -- C:\Users\christine\Downloads\adwcleaner_3.211.exe [1327971]
~ 4964 Fichiers temporaires (Temporary files)
~ 5693 Fichiers cookies (Cookies files)
~ Files: 8 Legitimates Filtered in 00mn 31s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: RSIT - (.random/random.)
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 11/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 18/03/2014 - C:\Windows\System32\drivers\wStLib64.sys (wStLib64) .(.StdLib - StdLib.) - LEGACY_WSTLIB64 =>PUP.LinkiDoo
~ Legacy: 99 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - https://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.C9FA1D6878DBDBCA52CCCB86052A9CC2] [SPRF][29/01/2012] (...) -- C:\Users\christine\Desktop\YeaChess.dll [112640]
[MD5.B3AB80473351024C678AD9DAD700F380] [SPRF][29/01/2012] (.Drazen Beljan - Pas de description.) -- C:\Users\christine\Desktop\YeaChess.exe [57344]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "279A5E3D51A9D724EA8718185ADF49C3" . (.eBay Worldwide.) -- c:\Windows\Installer\{D3E5A972-9A15-427D-AE78-8181A5FD943C}\_6FEFF9B68218417F98F549.exe =>Toolbar.eBay
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.33492D075AAC7CE1D12E83843F5242C0] [WIS][09/04/2014] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\2547bc5.msi [28672] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 12s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_0102-0d89a395_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_0102-0d89a395_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkeyUpdater_RASAPI32 =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkeyUpdater_RASMANCS =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsPal_RASAPI32 =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsPal_RASMANCS =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricepeep_130001_1001_RASAPI32 =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricepeep_130001_1001_RASMANCS =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tuto4pc_fr_30_RASAPI32 =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tuto4pc_fr_30_RASMANCS =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-1380_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-1380_RASMANCS =>Adware.Yontoo
~ BTK: 227 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 4390 Legitimates Filtered in 00mn 05s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 16/05/2014 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 16/05/2014 203344 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 25/12/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/12/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 25/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 30/09/2010 169408 | (AdobeActiveFileMonitor9.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 29/06/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 11/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 11/05/2014 109048 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
SR - | Auto 27/12/2010 1817088 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 01/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 22/04/2011 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
SR - | Auto 22/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 01/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe =>.Symantec Corporation
SR - | Auto 03/05/2014 1882392 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 22/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by christine at 31/05/2014 18:20:10
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by christine at 31/05/2014 18:20:12
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (31/05/2014)
Clés trouvées (Keys found) : 65
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 10

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Windows\Installer\2547bc5.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
C:\Users\christine\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\christine\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
C:\Users\christine\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe =>PUP.Babylon
C:\Users\christine\AppData\Local\Temp\tbedrs.dll =>Toolbar.Conduit
C:\Users\christine\AppData\Local\Temp\tbWis2.dll =>Toolbar.Conduit
~ Additionnel Scan: 419773 Items scanned in 00mn 38s



---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
https://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
https://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
https://nicolascoolman.fr/adware-addlyrics =>Adware.AddLyrics
https://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
https://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
https://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
https://nicolascoolman.fr/pup-babylon =>PUP.Babylon
https://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
~ MSI: 9 link(s) detected in 00mn 00s



~ 2473 Legitimates filtered by white list
End of the scan (597 lines in 03mn 56s)(0)

Si j'ai bien tout compris, j'attends votre retour pour voir ce que je peux faire ?

Merci pour tout en tout cas !

[Maurice Vassilitch]

La suite sur ADW Cleaner & Malwarebytes :


-ADWCleaner

Code: Tout sélectionner

# AdwCleaner v3.211 - Rapport créé le 31/05/2014 à 14:51:04
# Mis à jour le 26/05/2014 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : christine - CHRISTINE-PC
# Exécuté depuis : C:\Users\christine\Downloads\adwcleaner_3.211.exe
# Option : Nettoyer

***** [ Services ] *****

Service Supprimé : CltMngSvc
[#] Service Supprimé : Update BrowseSmart

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Program Files (x86)\BrowseSmart
Dossier Supprimé : C:\Program Files (x86)\Mobogenie
Dossier Supprimé : C:\Program Files (x86)\MyPC Backup
Dossier Supprimé : C:\Program Files (x86)\Mysearchdial
Dossier Supprimé : C:\Program Files (x86)\SearchProtect
Dossier Supprimé : C:\Program Files (x86)\Toolbar Cleaner
Dossier Supprimé : C:\Windows\SysWOW64\ARFC
Dossier Supprimé : C:\Windows\SysWOW64\jmdp
Dossier Supprimé : C:\Users\christine\AppData\Local\Mobogenie
Dossier Supprimé : C:\Users\christine\AppData\Local\SearchProtect
Dossier Supprimé : C:\Users\CHRIST~1\AppData\Local\Temp\mt_ffx
Dossier Supprimé : C:\Users\christine\AppData\Roaming\0V1L2Z2Z1T1I1L1T
Dossier Supprimé : C:\Users\christine\AppData\Roaming\Mysearchdial
Dossier Supprimé : C:\Users\christine\AppData\Roaming\OpenCandy
Dossier Supprimé : C:\Users\christine\AppData\Roaming\Systweak
Dossier Supprimé : C:\Users\christine\Documents\Mobogenie
Dossier Supprimé : C:\Users\wangzhisong\AppData\Local\Mobogenie
Dossier Supprimé : C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\p2omdrub.default\Extensions\ffxtlbr@mysearchdial.com
Fichier Supprimé : C:\Windows\System32\dmwu.exe
Fichier Supprimé : C:\Windows\System32\ImhxxpComm.dll
Fichier Supprimé : C:\Windows\System32\roboot64.exe
Fichier Supprimé : C:\Users\christine\daemonprocess.txt
Fichier Supprimé : C:\Users\christine\AppData\Local\mysearchdial-speeddial.crx
Fichier Supprimé : C:\Users\CHRIST~1\AppData\Local\Temp\uninstaller.exe
Fichier Supprimé : C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\p2omdrub.default\searchplugins\Mysearchdial.xml
Fichier Supprimé : C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\p2omdrub.default\searchplugins\trovi-search.xml
Fichier Supprimé : C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\p2omdrub.default\user.js

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\d
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Clé Supprimée : HKLM\SOFTWARE\Classes\speedupmypc
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\mysearchdial
Clé Supprimée : HKCU\Software\mysearchdial.com
Clé Supprimée : HKCU\Software\systweak
Clé Supprimée : HKCU\Software\Vittalia
Clé Supprimée : HKCU\Software\AppDataLow\Software
Clé Supprimée : HKLM\Software\adawaretb
Clé Supprimée : HKLM\Software\InstallCore
Clé Supprimée : HKLM\Software\SearchProtect
Clé Supprimée : HKLM\Software\systweak
Clé Supprimée : HKLM\Software\Toolbar Cleaner
Clé Supprimée : HKLM\Software\Uniblue
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D3BEDD9-C4BF-4040-BE99-8DA827F265A7}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Clé Supprimée : [x64] HKLM\SOFTWARE\WNLT
Donnée Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Donnée Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Donnée Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Clé Supprimée : HKLM\Software\Classes\Installer\Features\9DDEB3D0FB4C0404EB99D88A722F567A
Clé Supprimée : HKLM\Software\Classes\Installer\Products\9DDEB3D0FB4C0404EB99D88A722F567A

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17041

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (fr)

[ Fichier : C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\p2omdrub.default\prefs.js ]

Ligne Supprimée : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M177C856D-686F-4F2F-BE91-C6385FB3BECE&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPFF99FBE4-8BEB-479[...]
Ligne Supprimée : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M177C856D-686F-4F2F-BE91-C6385FB3BECE&SearchSource=55&CUI=&UM=5&UP=SPFF99FBE4-8BEB-4797-B670[...]
Ligne Supprimée : user_pref("extensions.enabledAddons", "ffxtlbr%40mysearchdial.com:1.6.0,%7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119,wrc%40avast.com:9.0.2018.95,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.aflt", "irmsd1103aw");
Ligne Supprimée : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Ligne Supprimée : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyByE0D0EtB0BtCtBtCyByE0BzytD0EtAtN0D0Tzu0SyBtDyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Ligne Supprimée : user_pref("extensions.mysearchdial.cntry", "FR");
Ligne Supprimée : user_pref("extensions.mysearchdial.cr", "40079498");
Ligne Supprimée : user_pref("extensions.mysearchdial.dfltLng", "");
Ligne Supprimée : user_pref("extensions.mysearchdial.dfltSrch", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.dnsErr", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.excTlbr", false);
Ligne Supprimée : user_pref("extensions.mysearchdial.hdrMd5", "086B20C6E29539ED7C062AAD45FF09D5");
Ligne Supprimée : user_pref("extensions.mysearchdial.hmpg", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0BtCtBtCyByE0BzytD0EtAtN0D0Tzu0SyBtDyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.id", "74DE2B12174B90E3");
Ligne Supprimée : user_pref("extensions.mysearchdial.instlDay", "16046");
Ligne Supprimée : user_pref("extensions.mysearchdial.instlRef", "");
Ligne Supprimée : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0BtCtBtCyByE0BzytD0EtAtN0D0Tzu0SyBtDyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.017:12:28");
Ligne Supprimée : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1103aw&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0BtCtBtCyByE0BzytD0EtAtN0D0Tzu0SyBtDyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Ligne Supprimée : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.sg", "none");
Ligne Supprimée : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.tlbrId", "base");
Ligne Supprimée : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1103aw&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0BtCtBtCyByE0BzytD0EtAtN0D0Tzu0SyBtDyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Ligne Supprimée : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Ligne Supprimée : user_pref("extensions.mysearchdial_i.hmpg", true);
Ligne Supprimée : user_pref("extensions.mysearchdial_i.newTab", false);
Ligne Supprimée : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Ligne Supprimée : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.017:12:28");

-\\ Google Chrome v35.0.1916.114

[ Fichier : C:\Users\christine\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&affID=119556&babsrc=SP_ss_gr&mntrId=A05B74DE2B12174B
Supprimée [Search Provider] : hxxp://search.fr-recherche.com/?q={searchTerms}&k=1
Supprimée [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=A05B74DE2B12174B
Supprimée [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103aw&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0BtCtBtCyByE0BzytD0EtAtN0D0Tzu0SyBtDyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=40079498&ir=
Supprimée [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M177C856D-686F-4F2F-BE91-C6385FB3BECE&SearchSource=58&CUI=&UM=5&UP=SPFF99FBE4-8BEB-4797-B670-B1AFEE0B60DC&q={searchTerms}&SSPV=
Supprimée [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M177C856D-686F-4F2F-BE91-C6385FB3BECE&SearchSource=55&CUI=&UM=5&UP=SPFF99FBE4-8BEB-4797-B670-B1AFEE0B60DC&SSPV=
Supprimée [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M177C856D-686F-4F2F-BE91-C6385FB3BECE&SearchSource=55&CUI=&UM=5&UP=SPFF99FBE4-8BEB-4797-B670-B1AFEE0B60DC&SSPV=
Supprimée [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Supprimée [Extension] : flpcjncodpafbgdpnkljologafpionhb
Supprimée [Extension] : khialnikbocfgkohdegnebhmmaifoglp
Supprimée [Extension] : pflphaooapbgpeakohlggbpidpppgdff

*************************

AdwCleaner[R0].txt - [21748 octets] - [31/05/2014 14:49:57]
AdwCleaner[S0].txt - [20537 octets] - [31/05/2014 14:51:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20598 octets] ##########

Malwarbyte

Code: Tout sélectionner

Malwarebytes Anti-Malware
https://www.malwarebytes.org

Scan Date: 31/05/2014
Scan Time: 17:46:31
Logfile: Malewarebyte.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.31.07
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: christine

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291222
Time Elapsed: 19 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}, Quarantined, [f9fa471098e388aeb906fe44d72b639d],
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\TypeLib\{44444444-4444-4444-4444-440044224458}, Quarantined, [e0136ee92f4c7db96e51340e4ab8d22e],
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066226658}, Quarantined, [e0136ee92f4c7db96e51340e4ab8d22e],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Quarantined, [10e3094e6219b5814844f4d53fc47090],
PUP.Optional.DealPly.A, HKU\S-1-5-21-1853157513-659025026-108309675-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [ea090e49ff7c0531b6e0d0c0d032f709],

Registry Values: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, SIM, Quarantined, [10e3094e6219b5814844f4d53fc47090]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 30
PUP.Optional.OptimizePro.A, C:\Users\christine\AppData\Local\Temp\OptimizerPro.exe, Quarantined, [da19c790ed8ef14572c1fa24fa06e41c],
PUP.Optional.Somoto.A, C:\Users\christine\AppData\Local\Temp\biclient.exe, Quarantined, [698aef68b9c2fb3b0b0061b83cc5748c],
PUP.Optional.SweetIM, C:\Users\christine\AppData\Local\Temp\bundlesweetimsetup.exe, Quarantined, [9f5488cfd4a777bfa63da1e14eb68b75],
PUP.Optional.Conduit.A, C:\Users\christine\AppData\Local\Temp\nsl784F.exe, Quarantined, [00f38dcae89360d632dcaed53cc5f60a],
PUP.Optional.Conduit.A, C:\Users\christine\AppData\Local\Temp\nslE29B.exe, Quarantined, [f20134238af143f39a74a6dd5ca50af6],
PUP.Optional.Conduit.A, C:\Users\christine\AppData\Local\Temp\nslFB98.exe, Quarantined, [eb083a1d4b30df5746c8592a53aee41c],
PUP.Optional.SweetIM, C:\Users\christine\AppData\Local\Temp\mgsqlite3.7z, Quarantined, [ed060453bdbe42f4657e7012ac5832ce],
PUP.Optional.SweetIM, C:\Users\christine\AppData\Local\Temp\mgsqlite3.dll, Quarantined, [c33074e3c1ba65d134af493957ad6e92],
PUP.Optional.Conduit.A, C:\Users\christine\AppData\Local\Temp\nsa910D.exe, Quarantined, [d51eb7a08deeff3763aba7dc788953ad],
PUP.Optional.Conduit.A, C:\Users\christine\AppData\Local\Temp\nsb1409.exe, Quarantined, [bc3756011665ad892ce2dea59c658080],
Trojan.RotBrow.A, C:\Users\christine\AppData\Local\Temp\che4073.tmp, Quarantined, [ac47d483047761d51e645724fe0348b8],
PUP.Optional.Conduit.A, C:\Users\christine\AppData\Local\Temp\SPSetup.exe, Quarantined, [757eb1a60c6fee48ef1f89fa837ed729],
PUP.Optional.SweetIM, C:\Users\christine\AppData\Local\Temp\1363809260_137390267_274_4.tmp, Quarantined, [09ea67f0f784cc6a19ca7c0640c417e9],
PUP.Optional.Conduit.A, C:\Users\christine\AppData\Local\Temp\nsvAA39.exe, Quarantined, [fdf6ca8d3f3cf73f49c5c0c332cf36ca],
PUP.Optional.Babylon.A, C:\Users\christine\AppData\Local\Temp\D86A61A3-BAB0-7891-BB70-F9C3D6106067\Latest\CrxInstaller.dll, Quarantined, [dd16e96eaad179bdc885db3fea17b54b],
PUP.Optional.Delta.A, C:\Users\christine\AppData\Local\Temp\D86A61A3-BAB0-7891-BB70-F9C3D6106067\Latest\MyBabylonTB.exe, Quarantined, [fef53b1caad17db9fe291d54ed143cc4],
PUP.Optional.Babylon.A, C:\Users\christine\AppData\Local\Temp\D86A61A3-BAB0-7891-BB70-F9C3D6106067\Latest\Setup.exe, Quarantined, [6a8961f6f08bd26462367795e21ffa06],
PUP.Optional.Delta.A, C:\Users\christine\AppData\Local\Temp\nsd6F33.tmp\DeltaTB_2501-c733154b.exe, Quarantined, [9f54da7d8bf09e98108c9c6c42bf0000],
PUP.Optional.Iminent.A, C:\Users\christine\AppData\Local\Temp\nsd6F33.tmp\Iminent_0102-0d89a395.exe, Quarantined, [b53ec097205bd95d6a6d56d851b07c84],
Adware.Tuto4PC, C:\Users\christine\AppData\Local\Temp\nsd6F33.tmp\tuto4pc_FR_1503-c0cf74af.exe, Quarantined, [07ec2e29aad153e3e0bef8f855ab8d73],
PUP.Optional.Conduit.A, C:\Users\christine\AppData\Local\Temp\nskDD85\SpSetup.exe, Quarantined, [aa49a7b0512a59dd63abe99aa061dc24],
PUP.Optional.Dealply, C:\Users\christine\AppData\Local\Temp\is1373634743\dp.exe, Quarantined, [bf34a8af0972ec4aa185e2a1e51fdb25],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsqC4A.exe, Quarantined, [17dc43148dee013560ae22619968837d],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsvD3FC.exe, Quarantined, [23d076e1b6c50a2c7b93790a5da49d63],
PUP.Optional.Freemium.A, C:\Users\christine\Downloads\installer_candy_crush_saga_French.exe, Quarantined, [678c4017b9c2ad898e7826026c95f10f],
PUP.Optional.InstallCore, C:\Users\christine\Downloads\wlsetup-web.exe, Quarantined, [dd16f6618eede2548de3150c52aeda26],
PUP.Optional.SweetIM, C:\Windows\Installer\82fa801.msi, Quarantined, [12e1acabea915cdaf6ed99e9877d8c74],
PUP.Optional.SweetIM, C:\Windows\Installer\82fa807.msi, Quarantined, [51a2fe59dc9f45f1f3f0a6dc73918a76],
PUP.Optional.Superfish.A, C:\Users\christine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [d320da7d83f8a88ebacf6c2731d1a45c],
PUP.Optional.Superfish.A, C:\Users\christine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [7083a2b54f2ceb4b0584fb987a881ee2],

Physical Sectors: 0
(No malicious items detected)


(end)

[kink06]

Bonjour,

ok pour les rapport

• 1)
• Télécharge Junkware Removal Tool (de thisisu) sur ton bureau.
• Lance Junkware Removal Tool, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
• Appuie sur n'importe quelle touche.
  
  
• Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à été créé.
• Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

2)

• Désactive ton antivirus sinon l'outil ne pourra pas travailler convenablement.
• Télécharge Shortcut_Module sur ton bureau.
  
  Note : Enregistrer votre travail avant de continuer !
• Lance Shortcut_Module,
• Clic sur Nettoyer
  
  
  
  Note : Patiente le temps du scan
• Laisse travailler l'outil même s'il te parait bloqué
• Si l'outil détecte un proxy que tu ne connais pas clic sur : "Supprimer le proxy"
• Héberge le rapport C:\Shortcut_Module_date_heure.txt sur https://upload.sosvirus.net/ puis donne le lien obtenu

[Maurice Vassilitch]

Bonjour,

Merci pour votre réponse.

Ci-joint le lien de JRT : https://upload.sosvirus.net/www/?a=d&i=VBqmwclxsU

Et celui de shortcutmodule : https://upload.sosvirus.net/www/?a=d&i=QrVkQbBSef

MV

[kink06]

Bonjour

on va refaire aussi le scan de ADWCleaner et MalwareBytes stp =>

• 1)
• Télécharge Adwcleaner (de Xplode) sur ton Bureau !
• Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista,sinon double-clique pour XP
  1. Choisis l'option Scanner
  2. Choisis l'option Nettoyer
• Accepte l'avertissement en cliquant sur OK
  
  
• Accepte les avertissements/informations en cliquant sur OK
• Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

======================================================================================================

• 2)
• Télécharge MalwareBytes
• Procède à l'installation de celui çi Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware Premium"
• Clic sur Mettre à jour (à droite, au centre)
• Clic sur Examen (en haut)
• Sélectionne Examen "Menaces"
• Clic sur Examiner maintenant
  
  
• A la fin du scan clic sur Tout mettre en quarantaine !
• Clic sur Copier dans le Presse-papiers
• Un rapport va s'ouvrir. Copie/Colle son contenue dans ta prochaine réponse.

==============================================================================================

3)Pour contrôle refais un nouveau scan ZHPDiag
Refais un scan avec ZHPDiag poste ensuite son rapport en lien.

[Maurice Vassilitch]

Hello,

Ci-joint les résultats.

ADWCleaner :

Code: Tout sélectionner

# AdwCleaner v3.211 - Rapport créé le 03/06/2014 à 20:50:26
# Mis à jour le 26/05/2014 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : christine - CHRISTINE-PC
# Exécuté depuis : C:\Users\christine\Downloads\adwcleaner_3.211.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (fr)

[ Fichier : C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\p2omdrub.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

*************************

AdwCleaner[R0].txt - [21748 octets] - [31/05/2014 14:49:57]
AdwCleaner[R1].txt - [1040 octets] - [03/06/2014 20:48:12]
AdwCleaner[S0].txt - [20815 octets] - [31/05/2014 14:51:04]
AdwCleaner[S1].txt - [964 octets] - [03/06/2014 20:50:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1023 octets] ##########

MalewareByte:

Code: Tout sélectionner

Malwarebytes Anti-Malware
https://www.malwarebytes.org

Date de l'examen: 04/06/2014
Heure de l'examen: 06:58:31
Fichier journal: Malewarebyte-04062014.txt
Administrateur: Oui

Version: 2.00.2.1012
Base de données Malveillants: v2014.06.04.01
Base de données Rootkits: v2014.06.02.01
Licence: Essai
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Self-protection: Désactivé(e)

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: christine

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 285672
Temps écoulé: 17 min, 28 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Désactivé(e)
Heuristics: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Clés du Registre: 0
(No malicious items detected)

Valeurs du Registre: 0
(No malicious items detected)

Données du Registre: 0
(No malicious items detected)

Dossiers: 0
(No malicious items detected)

Fichiers: 0
(No malicious items detected)

Secteurs physiques: 0
(No malicious items detected)


(end)

ZHPDiag:

Code: Tout sélectionner

~ Rapport de ZHPDiag v2014.5.31.79 - Nicolas Coolman (31/05/2014)
~ Lancé par christine (04/06/2014 17:19:39)
~ Adresse du Site Web https://nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2018
Trusteer Sécurité des points d'accès v3.5.1307.76
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4076 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 336 GB (73%) free of 454 GB

---\\ Mode de connexion au système
~ Computer Name: CHRISTINE-PC
~ User Name: christine
~ All Users Names: christine, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\christine\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\christine\AppData\Roaming\
~ %Desktop% : C:\Users\christine\Desktop\
~ %Favorites% : C:\Users\christine\Favorites\
~ %LocalAppData% : C:\Users\christine\AppData\Local\
~ %StartMenu% : C:\Users\christine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 336 Go of 454 Go)
D: Hard drive, Flash drive, Thumb drive (Free 277 Go of 454 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2011 - 06:30:29.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/03/2014 - 07:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 06:33:59.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/9713
~ Mes musiques (My Musics) : 13/3852
~ Mes Videos (My Videos) : 1/11
~ Mes Favoris (My Favorites) : 1/50
~ Mes Documents (My Documents) : 1/441
~ Mon Bureau (My Desktop) : 2/45
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 20s



---\\ Processus lancés
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2668]
[MD5.9C63BAEE102BB99BC10D6E56F3AED7BC] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2640152] [PID.2560]
[MD5.CBDE95D1122FC04AF029F2BDE36D9484] - (.ITE Tech. Inc. - ITECIR Filter Application for RCMM Protocol.) -- C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe [603752] [PID.3156]
[MD5.D4543C87D3AC0B8A29EBA0B33C165B38] - (.Pas de propriétaire - Time Inspector.) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5676656] [PID.3164]
[MD5.D2BF8B1568789A25CE8889A645499FD8] - (.CyberLink - MediaEspresso DeviceDetector.) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [986208] [PID.3620]
[MD5.A1741C3B79F9DF8895E05EF43579E74B] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3688]
[MD5.0FC14BE5CF18C16F83011B5ED8CEC445] - (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912] [PID.3860]
[MD5.02081691225E79F298A36A786C5C869C] - (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [626792] [PID.3504]
[MD5.193B1D98DCD8FF8D1FCD0F990DC5EDA5] - (.Creative Technology Ltd - THXAudio.) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720] [PID.2520]
[MD5.9F96F98409B89C5806F4380867DD48E0] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.3640]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3888648] [PID.3864]
[MD5.DE93885641D5C4F7EA7563A08137B218] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [311760] [PID.4812]
[MD5.7DC4759F1D9D590B3D1310F7DB43256C] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [101888] [PID.8852]
[MD5.6877258ACB29024D4681BC4FE8B63E8D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.6352]
[MD5.26C5CB49D0FF828BB0FD36FD379B6EBE] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392] [PID.976]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1428]
[MD5.1474F121C3DF1232D3E7239C03691EE6] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 9.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408] [PID.1776]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1888]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1932]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [36456] [PID.1280]
[MD5.E4693409D06785477A49FB34AFAE1B92] - (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088] [PID.1496]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.1692]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.1828]
[MD5.46F230E8E90237D35F3A28F1BA03AD49] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.4568]
[MD5.13AA2130F2A104DD775EAD0F0EE5417B] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [598312] [PID.4416]
[MD5.A93420F6BFBC3DFBB3BE8F5C58DAA2CA] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.5128]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\p2omdrub.default\prefs.js
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [THXCfg64] . (.Creative Technology Ltd. - Pas de description.) -- C:\Windows\system32\THXCfg64.dll
O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe =>.Symantec Corporation
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [THX Audio Control Panel] . (.Creative Technology Ltd - THXAudio.) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdReg] . (.Creative Technology Ltd. - Creative UpdReg.) -- C:\Windows\UpdReg.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{46C89CDD-F53A-432A-AA6F-6BF7A2EE9E4B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8390D4D2-EB8B-4D9B-B5BD-DD7E561BAD3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{46C89CDD-F53A-432A-AA6F-6BF7A2EE9E4B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8390D4D2-EB8B-4D9B-B5BD-DD7E561BAD3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{46C89CDD-F53A-432A-AA6F-6BF7A2EE9E4B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8390D4D2-EB8B-4D9B-B5BD-DD7E561BAD3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (sasnative64) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.03262DB7886A3953BBFC34535FA9C3C8] [APT] [FileAdvisorCheck] (...) -- C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2216616]
[MD5.F15945323AF428B653330E725EB93B7C] [APT] [FileAdvisorUpdate] (.File Type Advisor.) -- C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [3750512]
[MD5.D4543C87D3AC0B8A29EBA0B33C165B38] [APT] [TimeInspectorRun] (...) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5676656]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1074]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 04s



---\\ Logiciels installés (O42)
O42 - Logiciel: Candy Crush Saga Packages - (...) [HKCU][64Bits] -- Candy Crush Saga Packages
O42 - Logiciel: File Type Advisor 1.6 - (...) [HKLM][64Bits] -- File Type Advisor_is1
O42 - Logiciel: Time Inspector 1.1 - (...) [HKLM][64Bits] -- Time Inspector_is1
~ Logic: 48 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\FileAdvisor]
[HKCU\Software\IncrediMail]
[HKLM\Software\Wow6432Node\Shortcut_Module]
~ Key Software: 348 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/06/2014 - 07:16:11 - [] ----D C:\Program Files (x86)\File Type Advisor
O43 - CFD: 16/05/2014 - 07:15:39 - [] ----D C:\Program Files (x86)\Time Inspector
O43 - CFD: 16/05/2014 - 07:17:54 - [] ----D C:\Users\christine\AppData\Roaming\AdvertismentImages
O43 - CFD: 04/06/2014 - 06:52:35 - [0] ----D C:\Users\christine\AppData\Roaming\FileAdvisor
O43 - CFD: 04/06/2014 - 17:19:35 - [] ----D C:\Users\christine\AppData\Roaming\Time Inspector
~ Program Folder: 171 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.133F8F6BE165ADCFBE8A97B75EED19D1] - 01/06/2014 - 21:32:51 ---A- . (...) -- C:\Shortcut_Module_01_06_2014_22_32_51.txt [62998]
O44 - LFC:[MD5.0EF694242F94FB46CA9F18F93A723D50] - 31/05/2014 - 13:46:00 ---A- . (...) -- C:\Windows\IE10_main.log [11753]
~ Files: 17 Legitimates Filtered in 00mn 05s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:11/05/2014 - 18:19:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:11/05/2014 - 18:19:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:11/05/2014 - 18:19:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:30/06/2011 - 07:03:04 ---A- . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- C:\Windows\System32\Drivers\EtronHub3.sys [54784]
O58 - SDL:30/06/2011 - 07:03:02 ---A- . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- C:\Windows\System32\Drivers\EtronXHCI.sys [77696]
O58 - SDL:16/04/2013 - 18:34:04 ---A- . (.GFI Software - GFI Boot Time Operations Driver.) -- C:\Windows\System32\Drivers\gfibto.sys [14456]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2010 - 16:57:08 ---A- . (.ITE Tech. Inc. - ITE Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\itecir.sys [69736]
O58 - SDL:22/03/2011 - 14:27:46 ---A- . (.ITE Tech. Inc. - ITECIR Filter Driver.) -- C:\Windows\System32\Drivers\ITECIRfilter.sys [28264]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:18/03/2014 - 07:02:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLib64.sys [61120] =>PUP.LinkiDoo
~ Drivers: 82 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/06/2014 - 17:21:29 ---A- . (...) -- C:\Users\christine\Desktop\Shortcut_Module.exe [2562048]
O61 - LFC: 30/05/2014 - 17:21:29 ---A- . (.monAlbumPhoto.) -- C:\Users\christine\Downloads\monAlbumPhoto_Setupalt_3.5(1).exe [25260456]
O61 - LFC: 30/05/2014 - 17:21:29 ---A- . (.monAlbumPhoto.) -- C:\Users\christine\Downloads\monAlbumPhoto_Setupalt_3.5.exe [25260456]
O61 - LFC: 31/05/2014 - 17:21:29 ---A- . (...) -- C:\Users\christine\Downloads\adwcleaner_3.211 (1).exe [1327971]
O61 - LFC: 31/05/2014 - 17:21:29 ---A- . (...) -- C:\Users\christine\Downloads\adwcleaner_3.211.exe [1327971]
~ 20 Fichiers temporaires (Temporary files)
~ 5788 Fichiers cookies (Cookies files)
~ Files: 8 Legitimates Filtered in 00mn 32s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: RSIT - (.random/random.)
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 11/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 98 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\Firefox.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.A5537D31A0DD356B28E428F9BEE2B0AA] [SPRF][01/06/2014] (.Pas de propriétaire - Shortcut_Module.) -- C:\Users\christine\Desktop\Shortcut_Module.exe [2562048]
[MD5.C9FA1D6878DBDBCA52CCCB86052A9CC2] [SPRF][29/01/2012] (...) -- C:\Users\christine\Desktop\YeaChess.dll [112640]
[MD5.B3AB80473351024C678AD9DAD700F380] [SPRF][29/01/2012] (.Drazen Beljan - Pas de description.) -- C:\Users\christine\Desktop\YeaChess.exe [57344]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.33492D075AAC7CE1D12E83843F5242C0] [WIS][01/06/2014] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\2547bc5.msi [28672] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 12s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
~ BTK: 201 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 4390 Legitimates Filtered in 00mn 05s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 16/05/2014 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 16/05/2014 203344 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 25/12/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/12/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 25/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 30/09/2010 169408 | (AdobeActiveFileMonitor9.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 29/06/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 11/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
SR - | Auto 27/12/2010 1817088 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 01/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 22/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 01/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe =>.Symantec Corporation
SR - | Auto 03/05/2014 1882392 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 22/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by christine at 04/06/2014 17:22:46
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by christine at 04/06/2014 17:22:48
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (31/05/2014)
Clés trouvées (Keys found) : 22
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3

[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Windows\Installer\2547bc5.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 330529 Items scanned in 00mn 29s



---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
https://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
https://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
~ MSI: 3 link(s) detected in 00mn 00s



~ 812 Legitimates filtered by white list
End of the scan (495 lines in 03mn 38s)(0)

MV

[kink06]

Bonjour,

• Lances ZHPFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  
  
  A l'aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l'encadré ci-dessous
  
  Code : Tout sélectionner

  Script ZHPFix =>
  SysRestore 
  ShortcutFix
  O58 - SDL:18/03/2014 - 07:02:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLib64.sys [61120] =>PUP.LinkiDoo
  HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
  HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] 
  [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] 
  O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)   
  O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll 
  O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline   
  O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline 
  [MD5.33492D075AAC7CE1D12E83843F5242C0] [WIS][01/06/2014] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\2547bc5.msi [28672] 
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS 
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS 
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS 
  [HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) 
  [HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) 
  [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] 
  [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} 
  C:\Windows\Installer\2547bc5.msi 
  [HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) 
  [HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) 
  [HKCU\Software\IncrediMail]    
  O44 - LFC:[MD5.0EF694242F94FB46CA9F18F93A723D50] - 31/05/2014 - 13:46:00 ---A- . (...) -- C:\Windows\IE10_main.log [11753]   
  OPT:O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
  OPT:SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
  O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
  EmptyFlash
  EmptyCLSID
  Firewallraz
  EmptyTemp  

  1. Clique sur Importer
  2. Puis Clic sur "GO"
  
  
  
• Confirmes les nettoyages des données en cliquant sur "Oui"
• Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
• Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

Pour contrôle refais un nouveau scan ZHPDiag
Refais un scan avec ZHPDiag poste ensuite son rapport en lien.

[kink06]

Bonjour ,

Sans réponse de ta part, je considère le problème comme résolu ,

Il est pourtant très important de suivre une désinfection jusqu'au bout. En effet, même si les symptômes qui t'on amené à demander de l'aide on disparu, ton ordinateur reste toutefois infecté. Tu dois savoir également que notre aide est bénévole, voir ton sujet abandonné sans aucune explication est pour nous un manque de respect. Merci de respecter les personnes qui donnent de leur temps afin de vous aider. Quoiqu'il en soit, nous laissons ton sujet ouvert au cas où tu décides de revenir ... @ Bientôt sur SosVirus.