A7KGEquN.vbs 2013-11-14T13:54:55+00:00
  • Auteur
    Messages
  • dorothea
    Participant
    Nombre d'articles : 13

    Bonjour à vous,

    Merci d’avance de votre aide ou de tout simplement d’avoir essayé 😉
    Je viens vers vous car je ne sais plus trop comment réagir vis à vis de ce virus (si il est seul :D)
    j’ai essayé malwarebite et il semble bien planter “programme ne repond plus” de meme pour usbfix -_-‘

    quant à adwcleaner :

    [spoiler:ead2nz1s]# AdwCleaner v3.012 – Rapport créé le 14/11/2013 à 14:41:02
    # Mis à jour le 11/11/2013 par Xplode
    # Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # Nom d'utilisateur : Nayo – PC-DE-NAYO
    # Exécuté depuis : C:UsersNayoDownloadsadwcleaner(1).exe
    # Option : Scanner

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v9.0.8112.16421

    -\ Mozilla Firefox v8.0 (fr)

    [ Fichier : C:UsersNayoAppDataRoamingMozillaFirefoxProfiles47woh48s.defaultprefs.js ]

    -\ Google Chrome v

    [ Fichier : C:UsersNayoAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [1264 octets] – [14/11/2013 13:01:44]
    AdwCleaner[R1].txt – [1648 octets] – [14/11/2013 13:05:42]
    AdwCleaner[R2].txt – [1276 octets] – [14/11/2013 13:50:30]
    AdwCleaner[R3].txt – [971 octets] – [14/11/2013 14:41:02]
    AdwCleaner[S0].txt – [1328 octets] – [14/11/2013 13:02:55]
    AdwCleaner[S1].txt – [1720 octets] – [14/11/2013 13:09:00]
    AdwCleaner[S2].txt – [1340 octets] – [14/11/2013 13:51:20]

    ########## EOF – C:AdwCleanerAdwCleaner[R3].txt – [1210 octets] ##########[/spoiler:ead2nz1s]

    et pour zhpdiag:

    [spoiler:ead2nz1s]~ Rapport de ZHPDiag v2013.11.13.29 – Nicolas Coolman (12/11/2013)
    ~ Lancé par Nayo (14/11/2013 14:47:55)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v9.0.8112.16421
    MFIE: Mozilla Firefox 8.0 (Defaut)
    GCIE: Google Chrome v30.0.1599.101

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
    Windows Server License Manager Script : OK
    ~ Vista, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : KRDMH
    Windows License : OK
    Windows Automatic Updates : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 1.75.0.1300

    —\ Logiciels d'optimisation du système
    CCleaner v3.00 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Java 7 Update 45

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 2558 MB (59% free)
    System Restore: Activé (Enable)
    System drive C: has 91 GB (51%) free of 177 GB

    —\ Mode de connexion au système
    ~ Computer Name: PC-DE-NAYO
    ~ User Name: Nayo
    ~ All Users Names: UpdatusUser, Nayo, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersNayoAppDataRoamingZHP
    ~ %AppData% : C:UsersNayoAppDataRoaming
    ~ %Desktop% : C:UsersNayoDesktop
    ~ %Favorites% : C:UsersNayoFavorites
    ~ %LocalAppData% : C:UsersNayoAppDataLocal
    ~ %StartMenu% : C:UsersNayoAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 91 Go of 177 Go)
    D: CD-ROM drive (Free 0 Go of 0 Go)
    E: CD-ROM drive (Free 0 Go of 0 Go)
    F: Floppy drive, Flash card reader, USB Key (Not Inserted)
    G: Floppy drive, Flash card reader, USB Key (Free 1 Go of 2 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiSpywareOverride: Modified
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiVirusOverride: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
    ~ Security Center: 50 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.D07D4C3038F3578FFCE1C0237F2A1253] – (.Microsoft Corporation – Explorateur Windows.) (.11/04/2009 – 07:27:36.) — C:WindowsExplorer.exe [2926592]
    [MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.21/01/2008 – 03:33:13.) — C:WindowsSystem32Wininit.exe [96768]
    [MD5.1D94FA7C81D2FFE494AF094619BA706F] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.14/12/2011 – 03:57:18.) — C:WindowsSystem32wininet.dll [1127424]
    [MD5.898E7C06A350D4A1A64A9EA264D55452] – (.Microsoft Corporation – Application d'ouverture de session Windows.) (.11/04/2009 – 07:28:13.) — C:WindowsSystem32Winlogon.exe [314368]
    [MD5.3911B972B55FEA0478476B2E777B29FA] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.21/04/2011 – 14:58:27.) — C:Windowssystem32DriversAFD.sys [273408]
    [MD5.1F05B78AB91C9075565A9D8A4B880BC4] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.11/04/2009 – 07:32:26.) — C:Windowssystem32Driversatapi.sys [19944]
    [MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.21/01/2008 – 03:33:23.) — C:Windowssystem32DriversCdfs.sys [70144]
    [MD5.6B4BFFB9BECD728097024276430DB314] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.11/04/2009 – 05:39:17.) — C:Windowssystem32DriversCdrom.sys [67072]
    [MD5.622C41A07CA7E6DD91770F50D532CB6C] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:59:03.) — C:Windowssystem32DriversDfsC.sys [75264]
    [MD5.062452B7FFD68C8C042A6261FE8DFF4A] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.11/04/2009 – 05:42:42.) — C:Windowssystem32DriversHDAudBus.sys [561152]
    [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.21/01/2008 – 03:32:45.) — C:Windowssystem32Driversi8042prt.sys [54784]
    [MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.21/01/2008 – 03:34:06.) — C:Windowssystem32DriversIpNat.sys [100864]
    [MD5.1E94971C4B446AB2290DEB71D01CF0C2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 14:24:40.) — C:Windowssystem32DriversMRxSmb.sys [106496]
    [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] – (.Microsoft Corporation – MBT Transport driver.) (.11/04/2009 – 05:45:37.) — C:Windowssystem32DriversnetBT.sys [185856]
    [MD5.6A4A98CEE84CF9E99564510DDA4BAA47] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.11/04/2009 – 07:32:49.) — C:Windowssystem32Driversntfs.sys [1083880]
    [MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.2/11/2006 – 09:51:30.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/01/2008 – 03:34:44.) — C:Windowssystem32DriversRasl2tp.sys [76288]
    [MD5.FBC0BACD9C3D7F6956853F64A66E252D] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.21/01/2008 – 03:32:22.) — C:Windowssystem32Driversrdpdr.sys [248832]
    [MD5.7B75299A4D201D6A6533603D6914AB04] – (.Microsoft Corporation – SMB Transport driver.) (.11/04/2009 – 05:45:22.) — C:Windowssystem32Driverssmb.sys [66560]
    [MD5.76B06EB8A01FC8624D699E7045303E54] – (.Microsoft Corporation – TDI Translation Driver.) (.11/04/2009 – 05:45:56.) — C:Windowssystem32Driverstdx.sys [72192]
    [MD5.147281C01FCB1DF9252DE2A10D5E7093] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.11/04/2009 – 07:32:55.) — C:Windowssystem32Driversvolsnap.sys [226280]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/7
    ~ Mes musiques (My Musics) : 1/2
    ~ Mes Videos (My Videos) : 1/9
    ~ Mes Favoris (My Favorites) : 1/23
    ~ Mes Documents (My Documents) : 2/1879
    ~ Mon Bureau (My Desktop) : 3/1754
    ~ Menu demarrer (Programs) : 0/61
    ~ Hidden Files: Scanned in 00mn 05s

    —\ Processus lancés
    [MD5.12F5EF4C135EED92126471426E7D7DBC] – (.LogMeIn Inc. – Hamachi Client Application.) — C:Program FilesLogMeIn Hamachihamachi-2-ui.exe [2349392] [PID.2916]
    [MD5.04DB1E60FBFB9A77AF16238A209C2CDD] – (.NVIDIA Corporation – NVIDIA Settings.) — C:Program FilesNVIDIA CorporationDisplaynvtray.exe [373864] [PID.3300]
    [MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] – (.Microsoft Corporation – GrooveMonitor Utility.) — C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [30040] [PID.3320]
    [MD5.6E7864615969FF2FA56B354E7F0C093D] – (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program FilesSamsungKiesKiesTrayAgent.exe [3521424] [PID.3328]
    [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe [254336] [PID.3336]
    [MD5.1259E03DCD5F265B23DB738FB075DF8C] – (.Microsoft Corporation – Microsoft (R) Windows Based Script Host.) — C:WindowsSystem32wscript.exe [155648] [PID.3356]
    [MD5.F4158E8EED7ED7AB0727F54DCDC1FF89] – (.Pas de propriétaire – KiesPDLR.) — C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe [21392] [PID.3388]
    [MD5.BCBF4039D1234E59388C364E5E30AD31] – (.FreeVoipDeal – Client to make VoIP calls..) — C:Program FilesFreeVoipDeal.comFreeVoipDealFreeVoipDeal.exe [19614536] [PID.3396]
    [MD5.4CB4054659ABEEEF925B153E2290E634] – (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe [924632] [PID.3848]
    [MD5.FD67E2C52F62995C3CF1D6D720EEB66F] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program FilesMozilla Firefoxplugin-container.exe [16856] [PID.2792]
    [MD5.705FD70F8FF19A91F51F40D395C5FA05] – (.Java (TM) – Java (TM).) — C:windowsIntel(TM)7z.exe [24675532] [PID.2820]
    [MD5.65C05CC168F30145E893641A4C4167C8] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8214016] [PID.4692]
    [MD5.6080A176D09435FC8E6E800996656E18] – (.Microsoft Corporation – Console IME.) — C:Windowssystem32conime.exe [69120] [PID.5980]
    [MD5.7C732AFF202DCD06C3D262966D71604C] – (.NVIDIA Corporation – NVIDIA Driver Helper Service, Version 275.3.) — C:Windowssystem32nvvsvc.exe [615528] [PID.900]
    [MD5.862BB4CBC05D80C5B45BE430E5EF872F] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [3408896] [PID.1280]
    [MD5.3D36332478EF0026439D8AD4471E800C] – (.NVIDIA Corporation – NVIDIA User Experience Driver Component.) — C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe [839272] [PID.1392]
    [MD5.E8FE4FCE23D2809BD88BCC1D0F8408CE] – (…) — C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe [124832] [PID.732]
    [MD5.EAD65493EDBA0EBEA2192D46B938298E] – (.Autodesk – System Level Service Utility.) — C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe [79360] [PID.1916]
    [MD5.E9EFCB47B90FD5498695BB7FEFD36CAE] – (.Seiko Epson Corporation – Epson Scanner Service (32bit).) — C:Windowssystem32EscSvc.exe [122000] [PID.284]
    [MD5.B11671AF7E1E13F373B903E1725BEC31] – (.Packard Bell Services – HID Service Vista compliant.) — C:Windowssystem32HidService.exe [83264] [PID.2120]
    [MD5.E7BF96BC4C766C2A30D0733CBFEEC438] – (.LogMeIn, Inc. – LMIGuardianSvc.) — C:Program FilesLogMeIn HamachiLMIGuardianSvc.exe [375056] [PID.2152]
    [MD5.AA0C4A2C33CE075DF2C272D678734991] – (…) — C:Program FilesAutodesk3ds Max 2009mentalraysatelliteraysat_3dsMax2009_32server.exe [65536] [PID.2200]
    [MD5.40D7D0A208EE863BCA8D89E299216F15] – (.Nero AG – Nero BackItUp.) — C:Program FilesNeroNero8Nero BackItUpNBService.exe [877864] [PID.2216]
    [MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] – (.Prolific Technology Inc. – PLFlash DeviceIoControl Service.) — C:Windowssystem32IoctlSvc.exe [81920] [PID.2264]
    [MD5.A1DD33D16F277CE34124EE52AB2C0F14] – (…) — C:Windowssystem32PnkBstrA.exe [75064] [PID.2288]
    [MD5.10DD27FE05A03FED8028A946A76FAC50] – (.LogMeIn Inc. – Hamachi Client Tunneling Engine.) — C:Program FilesLogMeIn Hamachihamachi-2.exe [1616208] [PID.2504]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.3068]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512] [PID.3084]
    [MD5.DCF3E3EDF5109EE8BC02FE6E1F045795] – (.Microsoft Corporation – wpffontcache_v0400.exe.) — C:WindowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [753504] [PID.3684]
    [MD5.262D2FBF211A88DCB84249DF0F6EF6E7] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program FilesNVIDIA CorporationNVIDIA Updatusdaemonu.exe [2214504] [PID.2664]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersNayoAppDataLocalGoogleChromeUser DataDefaultPreferences
    G1 – GCS: Preference [User DataDefault] http://www.google.com” onclick=”window.open(this.href);return false;
    G2 – GCE: Preference [User DataDefault] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods v.2.1.4 (Activé) =>PUP.Funmoods
    G2 – GCE: Preference [User DataDefault] [cjpglkicenollcignonpgiafdgfeehoj] Nouvel onglet v.9.4.1.1 (Activé) =>Adware.SearchYa
    G2 – GCE: Preference [User DataDefault] [gaiilaahiahdejapggenmdmafpmbipje] DealPly v.3.5.3.0 (Activé) =>PUP.DealPly
    G2 – GCE: Preference [User DataDefault] [mamnihopcnbfnbfnnneplcohmnkkpipb] Illimitux v.1.0 (Désactivé)
    ~ Google Browser: 13 Legitimates Filtered in 00mn 16s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersNayoAppDataRoamingMozillaFirefoxProfiles47woh48s.defaultprefs.js
    M3 – MFPP: Plugins – [Nayo] — C:Program FilesMozilla FireFoxsearchpluginsMediaDICO-fr.xml
    M2 – MFEP: prefs.js [Nayo – 47woh48s.default49ffxtbr-bs@UtilityChest_49.com] [] Utility Chest v1.2 (..) =>Adware.MyWebSearch
    P2 – FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] – (…) — C:Program FilesDivXDivX Plus Web Playernpdivx32.dll (.not file.)
    P2 – FPN: [HKLM] [@UtilityChest_49.com/Plugin] – (…) — C:Program FilesUtilityChest_49bar1.binNP49Stub.dll (.not file.) =>Adware.MyWebSearch
    ~ Firefox Browser: 45 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Internet Explorer Toolbars (O3)
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. – EPSON Scan.) — C:Windowstwain_32escndvescndv.exe
    O4 – GSDesktop [Public]: JoinMe_For_Android.lnk . (…) — C:Program FilesZTEJoinMe_For_AndroidJoin Me.exe
    O4 – GSDesktop [Public]: Wondershare Data Recovery.lnk . (…) — C:Program FilesWondershareData RecoveryDataRecovery.exe
    O4 – GSProgram [Public]: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation – Windows 7 Upgrade Advisor.) — C:Program FilesMicrosoft Windows 7 Upgrade AdvisorWindowsUpgradeAdvisor.exe
    O4 – GSProgram [Public]: Magic Desktop.lnk . (.EasyBits Software AS – EasyBits Security Shield.) — C:Program FilesEasyBits For KidsezSecShield.exe =>.EasyBits Software AS
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSDesktop [UpdatusUser]: logiciel de mise à jour mobile.lnk . (.ZTE – ZTE Self-help Serve System.) — C:Program FilesZTE update toolZTE_Dous.exe
    O4 – GSQuickLaunch [Nayo]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:UsersNayoAppDataLocalGoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [Nayo]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSProgram [Nayo]: GameRanger.lnk . (…) — C:UsersNayoAppDataRoamingGameRangerGameRangerGameRanger.exe (.not file.)
    O4 – GSProgram [Nayo]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSProgram [Nayo]: Jouer (EasyBits GO).lnk . (.EasyBits Software AS – Game Organizer.) — C:ProgramDataEasybits GOEasyBitsGO.exe =>.EasyBits Software AS
    O4 – GSSystemTools [Nayo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSDesktop [Nayo]: AnumanLive.lnk . (…) — C:UsersNayoAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe (.not file.)
    O4 – GSDesktop [Nayo]: BSmax Script [7.2].lnk . (.mIRC Co. Ltd. – mIRC.) — C:Program FilesBSmaxScript[7.2]mirc.exe
    O4 – GSDesktop [Nayo]: FreeVoipDeal.lnk . (.FreeVoipDeal – Client to make VoIP calls..) — C:Program FilesFreeVoipDeal.comFreeVoipDealFreeVoipDeal.exe
    O4 – GSDesktop [Nayo]: La Culture Générale pour Les Nuls.lnk . (.Adobe Systems, Inc. – Adobe Flash Player 9.0 r45.) — C:Program FilesAnuman interactiveLa Culture Générale pour Les NulsCultureGenerale.exe
    O4 – GSDesktop [Nayo]: logiciel de mise à jour mobile.lnk . (.ZTE – ZTE Self-help Serve System.) — C:Program FilesZTE update toolZTE_Dous.exe
    O4 – GSDesktop [Nayo]: ZTE Mise à jour en ligne du logiciel mobile.lnk . (.ZTE – ZTE Self-help Serve System.) — C:Program FilesZTE update toolZTE_Dous.exe
    ~ Global Startup: 67 Legitimates Filtered in 00mn 00s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Nayo]: i7i9VclD.lnk . (.Java (TM) – Java (TM).) — C:UsersPublicIntel(R)Graph.exe
    O4 – HKLM..Run: [GrooveMonitor] . (.Microsoft Corporation – GrooveMonitor Utility.) — C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
    O4 – HKLM..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program FilesSamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
    O4 – HKLM..Run: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. – Hamachi Client Application.) — C:Program FilesLogMeIn Hamachihamachi-2-ui.exe
    O4 – HKLM..Run: [A7KGEquN] . (.Microsoft Corporation – Microsoft (R) Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKLM..Run: [Intel(TM)7z] . (.Java (TM) – Java (TM).) — C:windowsIntel(TM)7z.exe
    O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersNayoAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [KiesHelper] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKiesHelper.exe
    O4 – HKCU..Run: [KiesPDLR] . (.Pas de propriétaire – KiesPDLR.) — C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    O4 – HKCU..Run: [FreeVoipDeal] . (.FreeVoipDeal – Client to make VoIP calls..) — C:Program FilesFreeVoipDeal.comFreeVoipDealFreeVoipDeal.exe
    O4 – HKCU..Run: [A7KGEquN] . (.Microsoft Corporation – Microsoft (R) Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersNayoAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [KiesHelper] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKiesHelper.exe
    O4 – HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [KiesPDLR] . (.Pas de propriétaire – KiesPDLR.) — C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
    O4 – HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [FreeVoipDeal] . (.FreeVoipDeal – Client to make VoIP calls..) — C:Program FilesFreeVoipDeal.comFreeVoipDealFreeVoipDeal.exe
    O4 – HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [A7KGEquN] . (.Microsoft Corporation – Microsoft (R) Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: &Ajout Direct dans Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office12ONBttnIE.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Site dans la Zone de confiance d'Internet Explorer (O15)
    O15 – Trusted Zone: [HKCU…Domains] *.chat-land.com =>Hijacker.ChercheUS
    O15 – Trusted Zone: [HKCU…Domains] *.chat-land.net =>Hijacker.ChercheUS
    O15 – Trusted Zone: [HKCU…Domains] *.search-web.net
    ~ IE Zone Confiance: Scanned in 00mn 01s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab” onclick=”window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{3D6D1277-DCAB-487E-B166-BBDBA2FE0B59}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{C7A09133-F961-450F-858E-E652570070DE}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCCSServicesTcpip..{C7A09133-F961-450F-858E-E652570070DE}: DhcpDomain = lan
    O17 – HKLMSystemCS1ServicesTcpip..{3D6D1277-DCAB-487E-B166-BBDBA2FE0B59}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{C7A09133-F961-450F-858E-E652570070DE}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS1ServicesTcpip..{C7A09133-F961-450F-858E-E652570070DE}: DhcpDomain = lan
    O17 – HKLMSystemCS2ServicesTcpip..{3D6D1277-DCAB-487E-B166-BBDBA2FE0B59}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{C7A09133-F961-450F-858E-E652570070DE}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS2ServicesTcpip..{C7A09133-F961-450F-858E-E652570070DE}: DhcpDomain = lan
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlmailhtml – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation – Windows Live Mail.) — C:Program FilesWindows LiveMailmailcomm.dll =>.Microsoft Corporation
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l'interface utilisateur du.) — C:WindowsSystem32browseui.dll
    ~ STS/SSO: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Utility ChestService (UtilityChest_49Service) . (…) – C:Program FilesUTILIT~2bar1.bin49barsvc.exe (.not file.) =>Adware.MyWebSearch
    O23 – Service: {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) . (.Cyberlink Corp. – FCL Driver.) – C:Program FilesCyberLinkPlayMovie00.fcl
    ~ Services: 17 Legitimates Filtered in 00mn 06s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Desktop General: BackupWallPaper – .(…) – C:WindowsWebWallpaperimg2.jpg
    O24 – Desktop General: WallPaper – .(…) – C:WindowsWebWallpaperimg2.jpg
    ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (…) — C:Program FilesLavasoftAd-AwareAd-AwareAdmin.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{113A9899-6CEC-4158-81ED-62A0D11E5D35}] (…) — C:UsersNayoAppDataLocalTempPacSteamT_-_060708_+_MAJ_050209_FR_+_tutorielPacSteamT-060708.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{119F5467-E0AC-402E-B33F-4DC6C3072A71}] (…) — C:UsersNayoDownloadsNimbus.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{3D7D85D7-ACCF-4F57-8650-FA7C4EEBA856}] (…) — C:UsersNayoDownloadsmyboxscript.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{43F0FBA4-2E7E-422C-9532-E8CFF1B3911A}] (…) — C:Program FilesNoteWorthy Composer 2 ViewerUninstall.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{449384B0-ED1F-4F87-8F41-0419AE858F0D}] (…) — C:UsersNayoDownloadsxchat-2.8.7f.exe (.not file.) [0]
    [MD5.5AC917B24060CCAB0D8A46147A432AA8] [APT] [{4E6424EB-C1FE-4E20-B65B-1BDFE3BF5F05}] (…) — C:Program FilesZTE update toolInstallMCCI.exe [36864]
    [MD5.00000000000000000000000000000000] [APT] [{4E6CEA81-59DC-45A6-965D-5A61D2FED488}] (…) — C:UsersNayoDownloadsWolfET.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{59A42D4C-568E-412D-BC25-24CB07350016}] (…) — C:UsersNayoDownloadsET_Ultimate_Installer_1.6_beta.exe (.not file.) [0]
    [MD5.4C8294B4D5A94E997E9BD0AF31801D30] [APT] [{81D48A63-2F7C-4007-8208-7A4831CE6285}] (…) — C:UsersNayoDocumentsxchat-1xchat-2.8.7e.exe [992872]
    [MD5.00000000000000000000000000000000] [APT] [{A27A83F8-1683-48C1-BF4F-81C47D474F8B}] (…) — C:Program FilesAGIcore4.2.0.10753InstallerGUI.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{A9D78D33-D511-4B71-B9BE-0918D4CD4169}] (…) — C:UsersNayoAppDataLocalTempTemp1_GeForce_3D_Vision_CD_v1.08_WinVista_int.zipGeForce_3D_Vision_CD_v1.08_intLaunch.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{BA39D9D6-A3FB-47BE-B950-C76E09D6837B}] (…) — C:UsersNayoDownloadsMyWebFaceSetup2.3.50.49.GRfox000.exe (.not file.) [0] =>PUP.MyWebFace
    [MD5.00000000000000000000000000000000] [APT] [{C95B71A5-FAFD-43B1-A96A-1E422D1FC475}] (…) — C:UsersNayoDownloads15.49_nforce_winvista_win7_32bit_international_whql.exe (.not file.) [0]
    [MD5.5ED3408AFDA2DFD77AEA4851E7CDF58F] [APT] [{CC794B50-B279-4CF0-9DF1-D706AD7D6BB6}] (…) — C:ACERPreloadAutorunDRVHauppauge TV Tuner Win-TV HVR-1200SoftMCE_Setup.exe [2315265]
    [MD5.3642E638EBA8C0B0B229BE83B9E1629A] [APT] [{FFC8B658-6F4E-49BD-83F0-450E513DB7E6}] (…) — C:Program FilesaomfdpAge of Mythologyaom10to110_JeuxVideo.com_7923.exe [8276752]
    ~ Scheduled Task: 33 Legitimates Filtered in 00mn 02s

    —\ Logiciels installés (O42)
    O42 – Logiciel: AlfascriptV2.58 – (…) [HKLM] — AlfascriptV2.58
    O42 – Logiciel: BSmaxScript 7.2 – (…) [HKCU] — BSmaxScript 7.2
    O42 – Logiciel: GR 1.2 Patch by Omega – (.Cult of Omega.) [HKLM] — {632E3B86-F090-4340-B75C-DB2CFD6E12ED}
    O42 – Logiciel: Game Scanner – (.GameScanner.) [HKLM] — {4D737C75-ECA3-49A1-BF2F-C8826BAF3CDE}
    O42 – Logiciel: Nimbus – (…) [HKLM] — {96A667E0-2626-11D6-B337-00B0D05FF2C4}
    ~ Logic: 120 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareShunra]
    [HKLMSoftware685D6D1C-D73A-4F37-B7E5E53660311DDB]
    [HKLMSoftwareCA561A]
    [HKLMSoftwareSpeedTouch]
    ~ Key Software: 289 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 21/10/2013 – 11:45:34 – [2,022] —-D C:Program FilesAlfascriptV2.58
    O43 – CFD: 20/06/2010 – 00:11:19 – [1336,266] —-D C:Program Filesaomfdp
    O43 – CFD: 11/01/2013 – 20:32:57 – [50,287] —-D C:Program FilesBSmaxScript[7.2]
    O43 – CFD: 6/06/2009 – 20:03:38 – [3,610] —-D C:Program FilesGameScanner
    O43 – CFD: 1/11/2009 – 15:04:00 – [7,412] —-D C:Program FilesGoa
    O43 – CFD: 28/08/2010 – 15:03:38 – [1,607] —-D C:Program Filesmirc6.34
    O43 – CFD: 1/08/2010 – 13:29:24 – [3,282] —-D C:Program Filesmirc6.35
    O43 – CFD: 17/07/2011 – 19:10:16 – [0,179] —-D C:Program FilesShunra
    O43 – CFD: 6/06/2009 – 20:03:53 – [0] —-D C:ProgramDataGameScanner
    O43 – CFD: 4/02/2010 – 20:31:02 – [25,094] —-D C:ProgramData{66E2F539-12B6-4870-A500-7689CDE75C5E}
    O43 – CFD: 6/06/2009 – 20:03:59 – [0,161] —-D C:UsersNayoAppDataRoamingGameScanner
    O43 – CFD: 20/11/2011 – 19:59:18 – [0,003] —-D C:UsersNayoAppDataRoamingNoNameScript
    O43 – CFD: 22/07/2009 – 21:21:20 – [0] —-D C:UsersNayoAppDataRoamingMicrosoftWindowsStart MenuProgramsAlfascriptV2.58
    O43 – CFD: 6/06/2009 – 20:03:41 – [0,004] —-D C:UsersNayoAppDataRoamingMicrosoftWindowsStart MenuProgramsGameScanner
    O43 – CFD: 1/08/2010 – 22:22:31 – [0,008] —-D C:UsersNayoAppDataRoamingMicrosoftWindowsStart MenuProgramsNoNameScript
    ~ Program Folder: 266 Legitimates Filtered in 01mn 19s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.F82D59C9F827F76A1F08E1D87EA42B6F] – 14/11/2013 – 13:00:55 —A- . (…) — C:DelFix.txt [1762]
    O44 – LFC:[MD5.74D67E671B78B2CA472AEF616E51879F] – 14/11/2013 – 14:24:39 —A- . (…) — C:Windowsntbtlog.txt [895370]
    O44 – LFC:[MD5.D8E85C048E4FE7C711876D28279A5B58] – 14/11/2013 – 14:44:16 —A- . (…) — C:WindowspLsd.dat [480990]
    ~ Files: 15 Legitimates Filtered in 00mn 03s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.F117C71ABA1E59365A608D03965279E3] – 14/11/2013 – 00:02:44 —A- – C:WindowsPrefetchGETPOPUPINFO.EXE-29F941BC.pf
    O45 – LFCP:[MD5.16FB822DD0328B7D51F4871301E28136] – 21/10/2013 – 10:51:23 —A- – C:WindowsPrefetchSETUPFREEVOIPDEAL.TMP-AEDDF0D5.pf
    O45 – LFCP:[MD5.E682B8D26DD03AC35F1053EC194F42CD] – 21/10/2013 – 10:51:25 —A- – C:WindowsPrefetchSETUPFREEVOIPDEAL.EXE-DB5BD0F2.pf
    O45 – LFCP:[MD5.272BF680DB31D4522863CF4D0998366F] – 21/10/2013 – 10:51:26 —A- – C:WindowsPrefetchSETUPFREEVOIPDEAL.TMP-231241BE.pf
    O45 – LFCP:[MD5.E31DC8CC2186C26058FC8BFB55211A5E] – 21/10/2013 – 11:38:09 —A- – C:WindowsPrefetchHDWWIZ.EXE-AA21B149.pf
    O45 – LFCP:[MD5.38C053F418D4E245604F1685DF58F66B] – 21/10/2013 – 11:39:44 —A- – C:WindowsPrefetchFUNMOODSSRV.EXE-A96A5AC7.pf =>PUP.Funmoods
    O45 – LFCP:[MD5.AEC8A098B1846589DB7F53B15E2576D1] – 21/10/2013 – 11:45:54 —A- – C:WindowsPrefetchUCHATLAND.EXE-864D8B00.pf
    O45 – LFCP:[MD5.B861367E7EBD7F0C2DB4CF52A2882885] – 21/10/2013 – 11:46:23 —A- – C:WindowsPrefetch_IU14D2N.TMP-CD6E136D.pf
    O45 – LFCP:[MD5.6B169548038AF04BD36A75EA4536578F] – 21/10/2013 – 11:58:53 —A- – C:WindowsPrefetchFREEVOIPDEAL.EXE-85F5B5BD.pf
    O45 – LFCP:[MD5.8B79BB4C78E2C98760017CA2A99E1222] – 5/11/2013 – 15:33:57 —A- – C:WindowsPrefetch30.0.1599.101_30.0.1599.69_CH-7E20DB33.pf
    ~ Prefetcher: 97 Legitimates Filtered in 00mn 00s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – EasyBits Security Shield Hook – prevents launching insecure programs by kids – {E54729E8-BB3D-4270-9D49-7389EA579090} – C:Windowssystem32EZUPBH~1.DLL
    O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{1fb0b6f6-534c-11de-984f-002511090558}AutoRuncommand. (…) — E:LaunchU3.exe
    O51 – MPSK:{37b03eaa-f36c-11e1-97b6-806e6f6e6963}AutoRuncommand. (…) — E:Autorun.exe (.not file.)
    O51 – MPSK:{c2315550-e35a-11de-978f-002511090558}AutoRuncommand. (…) — E:USBAutoRun.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregFreeCall [Key] . (…) — C:Program FilesFreeCall.comFreeCallfreecall.exe (.not file.)
    O53 – SMSR:HKLM…startupregRaptr [Key] . (…) — C:Program FilesRaptrraptrstub.exe (.not file.)
    O53 – SMSR:HKLM…startupregTkBellExe [Key] . (…) — C:Program FilesCommon FilesRealUpdate_OBrealsched.exe (.not file.)
    ~ SMSR Keys: 29 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    ~ MWPS: 19 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKCU…policiesExplorer] – “NoLogoff”=0
    O56 – MWPE:[HKCU…policiesExplorer] – “HonorAutoRunSetting”=0
    O56 – MWPE:[HKLM…policiesExplorer] – “HonorAutoRunSetting”=0
    ~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.8E8DC22528E88C5FA1AF22A69A8CF1BE] – 17/07/2011 – 19:01:59 —A- . (…) — C:WindowsSystem32Driversbcim.sys [226560]
    O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 2/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    ~ Drivers: 19 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 14/11/2013 – 14:50:06 R–A- . (…) — C:UsersNayoAppDataLocalGoogleChromeTempsource3732_22301chrome.7z [593511]
    O61 – LFC: 14/11/2013 – 14:50:13 —A- . (…) — C:UsersNayoAppDataRoamingZHPLog.txt [20096] =>.Nicolas Coolman
    O61 – LFC: 14/11/2013 – 14:50:13 —A- . (…) — C:UsersNayoAppDataRoamingZHPTestsZHPDiag.txt [2795] =>.Nicolas Coolman
    O61 – LFC: 14/11/2013 – 14:50:13 —A- . (…) — C:UsersNayoDownloadsadwcleaner(1).exe [1085542]
    O61 – LFC: 14/11/2013 – 14:50:13 —A- . (…) — C:UsersNayoDownloadsadwcleaner.exe [1085542]
    O61 – LFC: 14/11/2013 – 14:50:14


    . (…) — C:UsersNayoDownloadsRogueKiller(2).exe [3679744]
    O61 – LFC: 14/11/2013 – 14:50:14 —A- . (…) — C:UsersNayoDownloadsRogueKiller.exe [3679744]
    ~ 8 Fichiers temporaires (Temporary files)
    ~ Files: 29 Legitimates Filtered in 00mn 08s

    —\ Fichiers Alternate Data Stream (ADS) (O62)
    O62 – ADS:Alternate Data Stream File – C:WindowsSystem32SpoonUninstall.exe:Zone.Identifier
    ~ ADS: Scanned in 00mn 01s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:UsersNayoAppDataLocalGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] ${searchCLSID} – (Funmoods) – http://start.funmoods.com” onclick=”window.open(this.href);return false; =>PUP.Funmoods
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {1268B448-035D-480D-AFD0-BE815B459530} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {281DE0E1-8F33-F678-0E02-1679D40FC472} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les fichiers Crack & Keygen (CKF) (O82)
    C:Autodesk.3ds.Max.2009.32bit.64bitAutodesk.3ds.Max.2009.32bit.64bit3dsMax2009.Keygen64bitXF-MAX2k9-64bit-KG.exe
    C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATCrackmIRC.exe
    C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATCrackmIRC.reg
    C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATmirc717.exe
    C:Autodesk.3ds.Max.2009.32bit.64bitAutodesk.3ds.Max.2009.32bit.64bit3dsMax2009.Keygen64bitXF-MAX2k9-64bit-KG.exe
    C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATCrackmIRC.exe
    C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATCrackmIRC.reg
    C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATmirc717.exe
    ~ Files: Scanned in 00mn 23s

    —\ Enumère les service demarrés par Svchost (SSS) (O83)
    O83 – Search Svchost Services: ydtgrsts (ydtgrsts) . (…) — C:Windowssystem32ddzvsgh.dll [0]
    ~ Services: 33 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.277A317C4B5F4ABDBDED2594C957122E] [SPRF][9/05/2010] (…) — C:ProgramDataezsid.dat [32]
    [MD5.E86A99342EE8EE479AF972F7BBB94CBA] [SPRF][30/04/2010] (…) — C:ProgramDataqGF5Un4w.dat [112]
    [MD5.125E207E0272498ED027DA756738958E] [SPRF][7/06/2013] (…) — C:UsersNayoAppDataLocald3d9caps.dat [1356]
    [MD5.705FD70F8FF19A91F51F40D395C5FA05] [SPRF][2/10/2013] (.Java (TM) – Java (TM).) — C:UsersNayoAppDataLocalIntel(TM)7z.exe [24675532]
    [MD5.ED92900BF225E26A4E54C2C14FA1424F] [SPRF][9/09/2011] (.Ask.com – AskIC Dynamic Link Library.) — C:UsersNayoAppDataLocalTempAskSLib.dll [246440]
    [MD5.985798A255262E4AC1B0F663EFCC32A1] [SPRF][5/02/2010] (…) — C:UsersNayoAppDataRoamingwklnhst.dat [1092]
    [MD5.142B6367A1086C43767AD366E9498387] [SPRF][7/06/2009] (…) — C:UsersNayoDesktopETMinimizer.exe [13824]
    ~ Files: 18 Legitimates Filtered in 00mn 01s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “TCP Query User{8C343241-0EFE-4BBE-B4C8-E81808FF2FD6}C:usersnayodownloadsalfascriptv258alfascriptv258mirc.exe” |In – Public – P6 – TRUE | .(…) — C:usersnayodownloadsalfascriptv258alfascriptv258mirc.exe (.not file.)
    O87 – FAEL: “UDP Query User{3E62566C-1EC4-4E07-8DD8-B843DFFF0C41}C:usersnayodownloadsalfascriptv258alfascriptv258mirc.exe” |In – Public – P17 – TRUE | .(…) — C:usersnayodownloadsalfascriptv258alfascriptv258mirc.exe (.not file.)
    O87 – FAEL: “TCP Query User{DEB4FBD0-668B-42F2-8189-EE14BFDE0C4F}C:program filesalfascriptv2.58mirc.exe” |In – Public – P6 – TRUE | .(…) — C:program filesalfascriptv2.58mirc.exe (.not file.)
    O87 – FAEL: “UDP Query User{F871B6EA-E53D-4FD6-8126-7BC6C03F85E4}C:program filesalfascriptv2.58mirc.exe” |In – Public – P17 – TRUE | .(…) — C:program filesalfascriptv2.58mirc.exe (.not file.)
    O87 – FAEL: “TCP Query User{E79A7883-2249-42A0-83F7-B3ED54F2E8FC}C:program filesalfascriptv2.58mirc.exe” |In – Private – P6 – TRUE | .(…) — C:program filesalfascriptv2.58mirc.exe (.not file.)
    O87 – FAEL: “UDP Query User{07DD1065-9860-4BEC-98BF-AB173CD011B4}C:program filesalfascriptv2.58mirc.exe” |In – Private – P17 – TRUE | .(…) — C:program filesalfascriptv2.58mirc.exe (.not file.)
    O87 – FAEL: “TCP Query User{575C01F9-2D3A-4EDB-978C-554A778566B7}C:program filesamsnbinwish.exe” |In – Private – P6 – TRUE | .(…) — C:program filesamsnbinwish.exe (.not file.)
    O87 – FAEL: “UDP Query User{ADEBE432-C422-4A34-B0B6-EE2CB3885F19}C:program filesamsnbinwish.exe” |In – Private – P17 – TRUE | .(…) — C:program filesamsnbinwish.exe (.not file.)
    O87 – FAEL: “TCP Query User{E503890A-0D59-45A7-AAF6-94109A3A7279}C:usersnayoappdataroaminggamerangergamerangergameranger.exe” |In – Public – P6 – TRUE | .(…) — C:usersnayoappdataroaminggamerangergamerangergameranger.exe (.not file.)
    O87 – FAEL: “UDP Query User{93D6EDE2-569B-442F-A331-DCB3CB668019}C:usersnayoappdataroaminggamerangergamerangergameranger.exe” |In – Public – P17 – TRUE | .(…) — C:usersnayoappdataroaminggamerangergamerangergameranger.exe (.not file.)
    O87 – FAEL: “TCP Query User{1B221AC2-AE64-4293-9EB3-04C29D277D96}C:program filesamsnbinwish.exe” |In – Public – P6 – TRUE | .(…) — C:program filesamsnbinwish.exe (.not file.)
    O87 – FAEL: “UDP Query User{8CC650F0-0B01-4F00-BEC3-BD0A33E6EC22}C:program filesamsnbinwish.exe” |In – Public – P17 – TRUE | .(…) — C:program filesamsnbinwish.exe (.not file.)
    O87 – FAEL: “TCP Query User{82EF3A32-3366-4E12-A8F5-680FC5EE864E}C:program filesx-chat 2xchat.exe” |In – Private – P6 – TRUE | .(…) — C:program filesx-chat 2xchat.exe (.not file.)
    O87 – FAEL: “UDP Query User{05E9C293-22E1-4716-893C-85B638F85443}C:program filesx-chat 2xchat.exe” |In – Private – P17 – TRUE | .(…) — C:program filesx-chat 2xchat.exe (.not file.)
    O87 – FAEL: “TCP Query User{D18AE2C0-5DFF-4437-841F-EC2829A2A7B7}C:program filesx-chat 2xchat.exe” |In – Public – P6 – TRUE | .(…) — C:program filesx-chat 2xchat.exe (.not file.)
    O87 – FAEL: “UDP Query User{4D097E3B-261F-487F-B85A-16950919300F}C:program filesx-chat 2xchat.exe” |In – Public – P17 – TRUE | .(…) — C:program filesx-chat 2xchat.exe (.not file.)
    O87 – FAEL: “TCP Query User{78C999DA-37E0-4103-9446-16B98DC2F575}C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe” | In – Public – P6 – TRUE | .(.FreeVoipDeal.) — C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe
    O87 – FAEL: “UDP Query User{527C9450-B21A-41F8-BEEC-64BA290D9BE7}C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe” | In – Public – P17 – TRUE | .(.FreeVoipDeal.) — C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe
    ~ Firewall: 316 Legitimates Filtered in 00mn 01s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “E0710AC8E9E65A34EAF1588A82028B74” . (.FreeCompressor.) — C:WindowsInstaller{8CA0170E-6E9E-43A5-AE1F-85A82820B847}ARPPRODUCTICON.exe
    ~ Update Products: 94 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.93D9EEBCFD18DFFBDB7F0724F313831C] [WIS][23/01/2010] (.Secure Digital Services – FreeCompressor.) — C:WindowsInstaller2dcc058.msi [2442240] =>Adware.SPointer
    [MD5.6C29BB0F5777FC8374E822C5566FD892] [WIS][15/02/2010] (.Valve Corporation – Steam.) — C:WindowsInstaller85c1de.msi [1094144]
    [MD5.FFFA6B5669E0FA40B3E8D9EBAD9B0447] [WIS][2/11/2010] (.Cult of Omega – GR 1.2 Patch by Omega.) — C:WindowsInstallerdc7dbe.msi [227328]
    ~ WIS: 97 Legitimates Filtered in 00mn 07s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SR – | Auto 11/09/2007 124832 | (AdobeActiveFileMonitor6.0) . (…) – C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe
    SS – | Demand 9/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 31/07/2009 79360 | (Autodesk Licensing Service) . (.Autodesk.) – C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
    SR – | Auto 11/12/2011 122000 | (EpsonScanSvc) . (.Seiko Epson Corporation.) – C:Windowssystem32EscSvc.exe
    SR – | Auto 21/01/2008 21504 | C:WindowsSystem32ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) – C:WindowsSystem32svchost.exe
    SS – | Demand 15/12/2009 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) – C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    SR – | Auto 29/05/2008 83264 | (GenericHidService) . (.Packard Bell Services.) – C:WindowsSystem32HidService.exe
    SS – | Demand 10/07/1658 0 | (getPlus(R) Helper) . (…) – C:Program FilesNOSbingetPlus_HelperSvc.exe
    SS – | Demand 10/07/1658 0 | (GoogleDesktopManager-110309-193829) . (…) – C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
    SS – | Auto 16/02/2010 135664 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 16/02/2010 135664 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SR – | Auto 11/11/2013 1616208 | (Hamachi2Svc) . (.LogMeIn Inc..) – C:Program FilesLogMeIn Hamachihamachi-2.exe
    SR – | Auto 11/10/2013 375056 | (LMIGuardianSvc) . (.LogMeIn, Inc..) – C:Program FilesLogMeIn HamachiLMIGuardianSvc.exe
    SR – | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
    SR – | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
    SR – | Auto 9/03/2008 65536 | (mi-raysat_3dsMax2009_32) . (…) – C:Program FilesAutodesk3ds Max 2009mentalraysatelliteraysat_3dsMax2009_32server.exe
    SR – | Auto 18/02/2008 877864 | (Nero BackItUp Scheduler 3) . (.Nero AG.) – C:Program FilesNeroNero8Nero BackItUpNBService.exe
    SS – | Demand 28/04/2008 529704 | (NMIndexingService) . (.Nero AG.) – C:Program FilesCommon FilesNeroLibNMIndexingService.exe
    SS – | Demand 23/09/2009 3429200 | (npggsvc) . (.INCA Internet Co., Ltd..) – C:Windowssystem32GameMon.des
    SR – | Auto 21/05/2011 615528 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 21/05/2011 2214504 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA CorporationNVIDIA Updatusdaemonu.exe
    SR – | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) – C:Windowssystem32IoctlSvc.exe
    SR – | Auto 20/09/2009 75064 | (PnkBstrA) . (…) – C:Windowssystem32PnkBstrA.exe
    SR – | Auto 14/05/2010 249136 | (SeaPort) . (.Microsoft Corporation.) – C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
    SS – | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
    SS – | Demand 14/10/2011 419624 | (Steam Client Service) . (.Valve Corporation.) – C:Program FilesCommon FilesSteamSteamService.exe
    SS – | Auto 10/07/1658 0 | (UtilityChest_49Service) . (…) – C:Program FilesUTILIT~2bar1.bin49barsvc.exe =>Adware.MyWebSearch
    SS – | Auto 21/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 21/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 31/03/2008 41456 | ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) . (.Cyberlink Corp..) – C:Program FilesCyberLinkPlayMovie00.fcl
    ~ Services: Scanned in 00mn 08s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    ~ MBR: 1 Legitimates Filtered in 00mn 02s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Nayo at 14/11/2013 14:50:58

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 12994 – (12/11/2013)
    Clés trouvées (Keys found) : 14
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 4
    Fichiers trouvés (Files found) : 1

    [HKLMSoftwareGoogleChromeExtensionsbbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^
    [HKLMSoftwareGoogleChromeExtensionscjpglkicenollcignonpgiafdgfeehoj] =>Adware.SearchYa^
    [HKLMSoftwareGoogleChromeExtensionsgaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly^
    [HKLMSYSTEMCurrentControlSetServicesUtilityChest_49Service] =>Adware.MyWebSearch^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheVuze_Remote Toolbar] =>Toolbar.Conduit
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1B812BD0725DF36459D5BA985C9193C4] =>PUP.Kiwee
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2514EB7147619DA498D025C07B3421DD] =>PUP.Kiwee
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components73962F57F2FA32C43A431C9C05459330] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB63FC54A3B9D36449AD536B3C29D2A97] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsC512D8DDA7F6553429ACE05EC3197DAB] =>PUP.OfferBox
    [HKLMSoftwareClassesInstallerFeaturesE0710AC8E9E65A34EAF1588A82028B74] =>Adware.SPointer
    [HKLMSoftwareClassesInstallerProductsE0710AC8E9E65A34EAF1588A82028B74] =>Adware.SPointer
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsE0710AC8E9E65A34EAF1588A82028B74] =>Adware.SPointer
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components28EB4629F5E20FB449E3ED25A5D22E66] =>PUP.Offerbox^
    C:UsersNayoAppDataLocalGoogleChromeUser DataDefaultExtensionsbbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^
    C:UsersNayoAppDataLocalGoogleChromeUser DataDefaultExtensionscjpglkicenollcignonpgiafdgfeehoj =>Adware.SearchYa^
    C:UsersNayoAppDataLocalGoogleChromeUser DataDefaultExtensionsgaiilaahiahdejapggenmdmafpmbipje =>PUP.DealPly^
    C:UsersNayoAppDataRoamingMozillaFirefoxProfiles47woh48s.defaultextensions49ffxtbr-bs@UtilityChest_49.com =>Adware.MyWebSearch^
    C:WindowsInstaller2dcc058.msi =>Adware.SPointer^
    ~ Additionnel Scan: 412324 Items scanned in 00mn 32s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods” onclick=”window.open(this.href);return false; =>PUP.Funmoods
    ~ http://nicolascoolman.webs.com/apps/blog/show/27529784-adware-searchya” onclick=”window.open(this.href);return false; =>Adware.SearchYa
    ~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply” onclick=”window.open(this.href);return false; =>PUP.DealPly
    ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/26609108-hijacker-chercheus” onclick=”window.open(this.href);return false; =>Hijacker.ChercheUS
    ~ http://nicolascoolman.webs.com/apps/blog/show/27747161-pup-mywebface” onclick=”window.open(this.href);return false; =>PUP.MyWebFace
    ~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer” onclick=”window.open(this.href);return false; =>Adware.SPointer
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/28863080-toolbar-kiwee” onclick=”window.open(this.href);return false; =>PUP.Kiwee
    ~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox” onclick=”window.open(this.href);return false; =>PUP.OfferBox
    ~ MSI: 10 link(s) detected in 00mn 32s

    ~ 1663 Legitimates filtered by white list
    End of the scan (657 lines in 03mn 36s)(8)[/spoiler:ead2nz1s]

    marciii Doro

  • kink06
    Nombre d'articles : 0

    salut, et :welcome: sur sosvirus 😉

    Tu as des adwares fais ce qui suit, dans l’ordre

    1)

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer

    • Accepte l’avertissement en cliquant sur OK


      __________________________________________________________________________________________________________

      2)

      • Télécharge Junkware Removal Tool Download (de thisisu) sur ton bureau.
      • Lance Junkware Removal Tool Download, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
      • Appuie sur n’importe quelle touche.

      • Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à été créé.
      • Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC
  • H.A.W.X
    Participant
    Nombre d'articles : 1704

    Bonjour te bienvenue sur le forum ! 🙂
    Nous allons commencer par UsbFix puis nous allons continuer avec MBAM pour vérifier si il n’y a pas d’autres intruts que ZHPDiag ne voit pas 😉

    1.

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Choisis l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    2.

    • Télécharges MalwareBytes Anti-Malware
    • Installe le. Décoche “Activer l’essai gratuit de Malwarebytes Anti-Malware PRO”
    • Lance Malwarebytes’ Anti-Malware.
    • Clic sur l’onglet “Mises à jours” puis sur “Rechercher des mises à jours”
    • Clic sur l’onglet “Recherche“, coche “éxécuter un examen Rapide” puis clic sur Rechercher

    • A la fin de l’analyse, si MBAM n’a rien trouvé :
      • Clic sur OK, le rapport s’ouvre spontanément
    • Si des menaces ont été détectées :
      • Clic sur OK puis “Afficher les résultats
      • Choisis l’option “Supprimer la sélection
      • Si MBAM demande le redémarrage de Windows : Clic sur “Oui
      • Une fois le PC redémarré, le rapport se trouve dans l’onglet “Rapports/Logs
      • Sinon le rapport s’ouvre automatiquement après la suppression
      • Poste le rapport dans ta prochaine réponse

    Nous attendons tes rapports 🙂

  • dorothea
    Participant
    Nombre d'articles : 13

    helloww 🙂

    pour adwcleaner: [spoiler:3jpuk37e]# AdwCleaner v3.012 – Rapport créé le 14/11/2013 à 15:14:10
    # Mis à jour le 11/11/2013 par Xplode
    # Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # Nom d'utilisateur : Nayo – PC-DE-NAYO
    # Exécuté depuis : C:UsersNayoDownloadsadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v9.0.8112.16421

    -\ Mozilla Firefox v8.0 (fr)

    [ Fichier : C:UsersNayoAppDataRoamingMozillaFirefoxProfiles47woh48s.defaultprefs.js ]

    -\ Google Chrome v

    [ Fichier : C:UsersNayoAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [926 octets] – [14/11/2013 15:13:21]
    AdwCleaner[S0].txt – [848 octets] – [14/11/2013 15:14:10]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [907 octets] ##########[/spoiler:3jpuk37e]

    voici pour jrt : https://antimalware.top/log/SosUpload.a701207c32b2907353a2c16dd1c23493.txt” onclick=”window.open(this.href);return false;

    Quant à malwarebite et usbfix je veux bien ENCORE essayer mais si ça planté les deux premières fois … de prime abord y a pas de raison que ca fonctionne maintenant 🙂

  • dorothea
    Participant
    Nombre d'articles : 13

    ça a planté encore mais j’ai pu faire un listing (sur usbfix) je ne sais pas si c’est utile :

    [spoiler:3fpncxws]############################## | UsbFix V 7.150 | [Listing]

    Utilisateur: Nayo (Administrateur) # PC-DE-NAYO
    Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 16:08:28 | 14/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Packard Bell BV (MCP73VT-PM)
    CPU: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz
    RAM -> [Total : 2559 | Free : 1643]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-Bit) Service Pack 2
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Mozilla Firefox : 8.0

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AS: Windows Defender [(!) Disabled | (!) Outdated]
    AS: Windows Defender : 1.1.1600.0
    AS: Malwarebytes' Anti-Malware : 1.75.0001
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 177 Go (91 Go libre(s) – 51%) [OS] # NTFS
    D: -> CD-ROM
    E: -> CD-ROM
    G: -> Disque amovible # 2 Go (513 Mo libre(s) – 26%) [NAYO CRUZER] # FAT

    ################## | Listing |

    [30/04/2010 – 11:31:50 | SHD ] C:$Recycle.Bin
    [25/06/2010 – 03:14:08 | D ] C:6303d3514e6155741bdbd6b9
    [09/06/2009 – 10:51:31 | D ] C:ACER
    [06/10/2011 – 19:12:09 | D ] C:Ad-Remover
    [15/12/2009 – 20:26:11 | A | 0] C:AdobeDebug.txt
    [14/11/2013 – 15:14:18 | D ] C:AdwCleaner
    [31/07/2009 – 00:09:51 | D ] C:Autodesk.3ds.Max.2009.32bit.64bit
    [18/09/2006 – 22:43:36 | A | 24] C:autoexec.bat
    [29/10/2009 – 23:00:32 | RASD ] C:autorun.inf
    [27/09/2009 – 01:18:50 | SD ] C:Boot
    [11/04/2009 – 07:36:36 | RAS | 333257] C:bootmgr
    [12/12/2008 – 08:08:08 | RAS | 8192] C:BOOTSECT.BAK
    [01/05/2010 – 20:18:23 | D ] C:Civ
    [18/09/2006 – 22:43:37 | A | 10] C:config.sys
    [14/11/2013 – 15:09:44 | A | 1169] C:DelFix.txt
    [18/10/2011 – 12:36:54 | A | 844] C:DelFix[R1].txt
    [18/10/2011 – 12:37:04 | A | 960] C:DelFix[S1].txt
    [18/10/2011 – 12:37:09 | A | 749] C:DelFix[S2].txt
    [07/06/2009 – 21:47:34 | D ] C:drivers
    [07/11/2007 – 07:00:40 | A | 17734] C:eula.1028.txt
    [07/11/2007 – 07:00:40 | A | 17734] C:eula.1031.txt
    [07/11/2007 – 07:00:40 | A | 10134] C:eula.1033.txt
    [07/11/2007 – 07:00:40 | A | 17734] C:eula.1036.txt
    [07/11/2007 – 07:00:40 | A | 17734] C:eula.1040.txt
    [07/11/2007 – 07:00:40 | A | 118] C:eula.1041.txt
    [07/11/2007 – 07:00:40 | A | 17734] C:eula.1042.txt
    [07/11/2007 – 07:00:40 | A | 17734] C:eula.2052.txt
    [07/11/2007 – 07:00:40 | A | 17734] C:eula.3082.txt
    [20/03/2011 – 09:05:22 | SD ] C:found.000
    [19/06/2011 – 21:41:02 | SD ] C:found.001
    [07/11/2007 – 07:00:40 | A | 1110] C:globdata.ini
    [14/11/2013 – 16:03:05 | ASH | 2683514880] C:hiberfil.sys
    [07/06/2013 – 09:53:29 | D ] C:images
    [07/11/2007 – 07:03:18 | A | 562688] C:install.exe
    [07/11/2007 – 07:00:40 | A | 843] C:install.ini
    [07/11/2007 – 07:03:18 | A | 76304] C:install.res.1028.dll
    [07/11/2007 – 07:03:18 | A | 96272] C:install.res.1031.dll
    [07/11/2007 – 07:03:18 | A | 91152] C:install.res.1033.dll
    [07/11/2007 – 07:03:18 | A | 97296] C:install.res.1036.dll
    [07/11/2007 – 07:03:18 | A | 95248] C:install.res.1040.dll
    [07/11/2007 – 07:03:18 | A | 81424] C:install.res.1041.dll
    [07/11/2007 – 07:03:18 | A | 79888] C:install.res.1042.dll
    [07/11/2007 – 07:03:18 | A | 75792] C:install.res.2052.dll
    [07/11/2007 – 07:03:18 | A | 96272] C:install.res.3082.dll
    [06/10/2011 – 10:11:01 | RAS | 0] C:IO.SYS
    [30/04/2010 – 10:17:46 | A | 127] C:mbam-error.txt
    [06/10/2011 – 10:11:01 | RAS | 0] C:MSDOS.SYS
    [12/12/2008 – 00:10:56 | RD ] C:MSOCache
    [07/05/2010 – 21:20:24 | D ] C:NVIDIA
    [17/02/2010 – 15:42:33 | D ] C:PacSteamT
    [14/11/2013 – 16:03:04 | ASH | 524288000] C:pagefile.sys
    [21/01/2008 – 03:43:50 | D ] C:PerfLogs
    [14/11/2013 – 15:49:56 | RD ] C:Program Files
    [14/11/2013 – 12:43:38 | D ] C:ProgramData
    [05/06/2009 – 19:32:57 | A | 477] C:RHDSetup.log
    [01/11/2010 – 15:21:32 | D ] C:Sierra
    [07/05/2010 – 08:36:01 | D ] C:Sounds
    [31/08/2012 – 15:09:03 | SHD ] C:System Volume Information
    [05/04/2012 – 20:52:07 | D ] C:Temp
    [20/01/2012 – 13:54:31 | D ] C:ts3overlay
    [14/11/2013 – 16:08:29 | D ] C:UsbFix
    [14/11/2013 – 16:08:29 | A | 4341] C:UsbFix [Listing 1 ] PC-DE-NAYO.txt
    [14/11/2013 – 15:35:59 | A | 7729] C:UsbFix [Scan 1] PC-DE-NAYO.txt
    [15/08/2011 – 13:00:59 | RD ] C:Users
    [07/11/2007 – 07:00:40 | A | 5686] C:vcredist.bmp
    [07/11/2007 – 07:09:22 | A | 1442522] C:VC_RED.cab
    [07/11/2007 – 07:12:28 | A | 232960] C:VC_RED.MSI
    [14/11/2013 – 13:18:18 | D ] C:Windows
    [01/01/1995 – 01:00:00 | R | 44] D:Track01.cda
    [01/01/1995 – 01:00:00 | R | 44] D:Track02.cda
    [01/01/1995 – 01:00:00 | R | 44] D:Track03.cda
    [01/01/1995 – 01:00:00 | R | 44] D:Track04.cda
    [01/01/1995 – 01:00:00 | R | 44] D:Track05.cda
    [01/01/1995 – 01:00:00 | R | 44] D:Track06.cda
    [01/01/1995 – 01:00:00 | R | 44] D:Track07.cda
    [01/01/1995 – 01:00:00 | R | 44] D:Track08.cda
    [01/01/1995 – 01:00:00 | R | 44] D:Track09.cda
    [01/01/1995 – 01:00:00 | R | 44] D:Track10.cda
    [06/05/2008 – 13:26:23 | R | 309] E:autorun.inf
    [23/10/2007 – 08:45:39 | R | 1336632] E:LaunchU3.exe
    [06/05/2008 – 13:11:20 | R | 5600229] E:LaunchPad.zip
    [20/09/2013 – 09:44:40 | SHD ] G:Documents
    [13/06/2007 – 18:40:02 | SHD ] G:System
    [10/10/2013 – 15:01:32 | SH | 137593] G:A7KGEquN.vbs
    [02/10/2013 – 09:35:58 | SHD ] G:QSD2
    [17/09/2013 – 07:56:54 | SHD ] G:ppw
    [04/11/2013 – 15:21:38 | SHD ] G:QSD
    [10/03/2013 – 22:00:58 | SH | 39936] G:Fichededepistagedescontacts-personnel.doc
    [10/10/2013 – 13:39:26 | SH | 16394] G:Gestion des problematiques.docx
    [18/10/2013 – 21:42:52 | SHD ] G:SECSOC
    [10/03/2013 – 21:52:04 | SH | 45056] G:Annexe V-Grille d'évaluation.DOC
    [23/10/2007 – 08:45:40 | SH | 1336632] G:LaunchU3.exe
    [18/03/2013 – 20:32:00 | SH | 18296] G:droit.docx
    [27/03/2012 – 22:31:56 | SHD ] G:.Trash-1000
    [01/10/2013 – 12:16:18 | SH | 165] G:~$Classeur1.xlsx
    [14/11/2013 – 16:08:30 | A | 1379] G:droit.lnk
    [28/02/2013 – 13:02:36 | SHD ] G:Stats
    [10/10/2013 – 14:03:14 | SHD ] G:tourisme
    [10/03/2013 – 22:19:02 | SH | 885987] G:GestionRessourcesHumaines_5.pdf
    [26/09/2013 – 11:26:04 | SH | 60576] G:art_malchaire_art._strategie_gestion_risques_mte_98.pdf
    [04/10/2013 – 17:10:50 | SH | 18085] G:Classeur1.xlsx
    [30/09/2013 – 14:41:26 | SH | 25193] G:naomotiv3.odt
    [04/10/2013 – 18:32:44 | SH | 40448] G:CVNAOdoclast.doc
    [03/06/2009 – 08:33:08 | SHD ] G:Recycled
    [03/06/2009 – 08:33:08 | SHD ] G:RECYCLER
    [10/10/2013 – 10:25:12 | SH | 730463] G:Manuel intervenant-1.pdf
    [04/10/2013 – 09:36:12 | SHD ] G:Nouveau dossier
    [14/11/2013 – 16:08:30 | A | 1441] G:Fichededepistagedescontacts-personnel.lnk
    [14/11/2013 – 16:08:30 | A | 481] G:LaunchU3.lnk
    [14/11/2013 – 16:08:16 | A | 1379] G:281.lnk
    [02/05/2012 – 09:56:42 | SH | 464365] G:281.10.pdf
    [23/04/2013 – 11:42:42 | SH | 61883] G:LES_CONCEPTS__DE_LA_PSYCHOLOGIE_SOCIALE_2.docx
    [14/11/2013 – 16:08:30 | A | 1429] G:Gestion des problematiques.lnk
    [14/11/2013 – 16:08:30 | A | 1431] G:Annexe V-Grille d'évaluation.lnk
    [14/11/2013 – 16:08:30 | A | 1389] G:~$Classeur1.lnk
    [14/11/2013 – 16:08:30 | A | 1419] G:GestionRessourcesHumaines_5.lnk
    [14/11/2013 – 16:08:30 | A | 1467] G:art_malchaire_art.lnk
    [14/11/2013 – 16:08:32 | A | 1385] G:Classeur1.lnk
    [14/11/2013 – 16:08:32 | A | 1323] G:naomotiv3.lnk
    [14/11/2013 – 16:08:32 | A | 1391] G:CVNAOdoclast.lnk
    [14/11/2013 – 16:08:16 | A | 1411] G:Manuel intervenant-1.lnk
    [14/11/2013 – 16:08:16 | A | 1451] G:LES_CONCEPTS__DE_LA_PSYCHOLOGIE_SOCIALE_2.lnk
    [14/11/2013 – 16:08:16 | A | 1389] G:Janvier2013.lnk
    [14/11/2013 – 16:08:18 | A | 529] G:Documents.lnk
    [14/11/2013 – 16:08:18 | A | 523] G:System.lnk
    [14/11/2013 – 16:08:18 | A | 519] G:QSD2.lnk
    [14/11/2013 – 16:08:18 | A | 517] G:ppw.lnk
    [14/11/2013 – 16:08:18 | A | 517] G:QSD.lnk
    [14/11/2013 – 16:08:18 | A | 523] G:SECSOC.lnk
    [14/11/2013 – 16:08:18 | A | 533] G:.Trash-1000.lnk
    [14/11/2013 – 16:08:18 | A | 521] G:Stats.lnk
    [14/11/2013 – 16:08:18 | A | 527] G:tourisme.lnk
    [14/11/2013 – 16:08:18 | A | 527] G:Recycled.lnk
    [14/11/2013 – 16:08:18 | A | 527] G:RECYCLER.lnk
    [14/11/2013 – 16:08:18 | A | 545] G:Nouveau dossier.lnk
    [02/10/2013 – 12:08:04 | SH | 30265] G:Janvier2013.xlsx
    [14/11/2013 – 16:08:18 | A | 517] G:Jez.lnk
    [28/02/2013 – 13:09:56 | SHD ] G:Jez

    ################## | E.O.F |[/spoiler:3fpncxws]

  • kink06
    Nombre d'articles : 0

    Quant à malwarebite et usbfix je veux bien ENCORE essayer mais si ça planté les deux premières fois … de prime abord y a pas de raison que ca fonctionne maintenant

    avec malwarebite t’as fais un analyser complet ou rapide ?

    essais de faire analyser rapide pour voire 😉

    pour usbfix fais ceci => Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<) et refais le scan 😉

    @+

  • dorothea
    Participant
    Nombre d'articles : 13

    toujours rapide. ici je retente encore usbfix mais il bloque 51% a “comparaison md5” si cela signifie quelque chose de pertinent ^^

  • kink06
    Nombre d'articles : 0

    et malwarebite en mode sans échec ça planté aussi ?

  • dorothea
    Participant
    Nombre d'articles : 13

    ah ben ouioui sinon ce serait trop simple xD (et le fichier a7kgequn j’arrive pas a le virer de ma clé usb Oo)

    aieaieaie pourquoi faire simple quand on peut avoir compliqué siffle

  • kink06
    Nombre d'articles : 0

    Les risques sont gros la machine risque de devenir un pc zombie
    Un peu de lecture concernant les dangers et le risque
    http://forum.malekal.com/danger-des-cracks-t893.html” onclick=”window.open(this.href);return false; 🙁

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      A l’aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l’encadré ci-dessous

      Script ZHPFix =>
      ShortcutFix
      G2 - GCE: Preference [User DataDefault] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods v.2.1.4 (Activé) =>PUP.Funmoods
      G2 - GCE: Preference [User DataDefault] [cjpglkicenollcignonpgiafdgfeehoj] Nouvel onglet v.9.4.1.1 (Activé) =>Adware.SearchYa
      G2 - GCE: Preference [User DataDefault] [gaiilaahiahdejapggenmdmafpmbipje] DealPly v.3.5.3.0 (Activé) =>PUP.DealPly
      M2 - MFEP: prefs.js [Nayo - 47woh48s.default49ffxtbr-bs@UtilityChest_49.com] [] Utility Chest v1.2 (..) =>Adware.MyWebSearch
      P2 - FPN: [HKLM] [@UtilityChest_49.com/Plugin] - (...) -- C:Program FilesUtilityChest_49bar1.binNP49Stub.dll (.not file.) =>Adware.MyWebSearch
      O15 - Trusted Zone: [HKCU...Domains] *.chat-land.com =>Hijacker.ChercheUS
      O15 - Trusted Zone: [HKCU...Domains] *.chat-land.net =>Hijacker.ChercheUS
      O15 - Trusted Zone: [HKCU...Domains] *.search-web.net => Infection BT (Hijacker.ChercheUS)
      O23 - Service: Utility ChestService (UtilityChest_49Service) . (...) - C:Program FilesUTILIT~2bar1.bin49barsvc.exe (.not file.) =>Adware.MyWebSearch
      [MD5.00000000000000000000000000000000] [APT] [{BA39D9D6-A3FB-47BE-B950-C76E09D6837B}] (...) -- C:UsersNayoDownloadsMyWebFaceSetup2.3.50.49.GRfox000.exe (.not file.) [0] =>PUP.MyWebFace
      O45 - LFCP:[MD5.38C053F418D4E245604F1685DF58F66B] - 21/10/2013 - 11:39:44 ---A- - C:WindowsPrefetchFUNMOODSSRV.EXE-A96A5AC7.pf =>PUP.Funmoods
      O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Funmoods) - http://start.funmoods.com =>PUP.Funmoods
      O90 - PUC: "E0710AC8E9E65A34EAF1588A82028B74" . (.FreeCompressor.) -- C:WindowsInstaller{8CA0170E-6E9E-43A5-AE1F-85A82820B847}ARPPRODUCTICON.exe => Infection PUP (Adware.SPointer)
      [MD5.93D9EEBCFD18DFFBDB7F0724F313831C] [WIS][23/01/2010] (.Secure Digital Services - FreeCompressor.) -- C:WindowsInstaller2dcc058.msi [2442240] =>Adware.SPointer
      SS - | Auto 10/07/1658 0 | (UtilityChest_49Service) . (...) - C:Program FilesUTILIT~2bar1.bin49barsvc.exe =>Adware.MyWebSearch
      [HKLMSoftwareGoogleChromeExtensionsbbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^
      [HKLMSoftwareGoogleChromeExtensionscjpglkicenollcignonpgiafdgfeehoj] =>Adware.SearchYa^
      [HKLMSoftwareGoogleChromeExtensionsgaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly^
      [HKLMSYSTEMCurrentControlSetServicesUtilityChest_49Service] =>Adware.MyWebSearch^
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1B812BD0725DF36459D5BA985C9193C4] =>PUP.Kiwee
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2514EB7147619DA498D025C07B3421DD] =>PUP.Kiwee
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components73962F57F2FA32C43A431C9C05459330] =>PUP.OfferBox
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB63FC54A3B9D36449AD536B3C29D2A97] =>PUP.OfferBox
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsC512D8DDA7F6553429ACE05EC3197DAB] =>PUP.OfferBox
      [HKLMSoftwareClassesInstallerFeaturesE0710AC8E9E65A34EAF1588A82028B74] =>Adware.SPointer
      [HKLMSoftwareClassesInstallerProductsE0710AC8E9E65A34EAF1588A82028B74] =>Adware.SPointer
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsE0710AC8E9E65A34EAF1588A82028B74] =>Adware.SPointer
      [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components28EB4629F5E20FB449E3ED25A5D22E66] =>PUP.Offerbox^
      C:UsersNayoAppDataLocalGoogleChromeUser DataDefaultExtensionsbbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^
      C:UsersNayoAppDataLocalGoogleChromeUser DataDefaultExtensionscjpglkicenollcignonpgiafdgfeehoj =>Adware.SearchYa^
      C:UsersNayoAppDataLocalGoogleChromeUser DataDefaultExtensionsgaiilaahiahdejapggenmdmafpmbipje =>PUP.DealPly^
      C:UsersNayoAppDataRoamingMozillaFirefoxProfiles47woh48s.defaultextensions49ffxtbr-bs@UtilityChest_49.com =>Adware.MyWebSearch^
      C:WindowsInstaller2dcc058.msi =>Adware.SPointer^
      R5 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1 => Internet Explorer Allows Proxy Settings Remotely
      O24 - Desktop General: BackupWallPaper - .(...) - C:WindowsWebWallpaperimg2.jpg => Desktop General Personal WallPaper
      O24 - Desktop General: WallPaper - .(...) - C:WindowsWebWallpaperimg2.jpg => Desktop General Personal WallPaper
      O55 - MWPS:[HKLM...PoliciesSystem] - "FilterAdministratorToken"=0 => Le compte "Administrateur" n'est pas soumis aux approbations
      O55 - MWPS:[HKLM...PoliciesSystem] - "EnableUIADesktopToggle"=0 => Disable Vista UIAccess applications (UAC)
      O56 - MWPE:[HKCU...policiesExplorer] - "HonorAutoRunSetting"=0 => Microsoft ne contrôle pas le comportement de la mise à jour actuelle
      O56 - MWPE:[HKLM...policiesExplorer] - "HonorAutoRunSetting"=0 => Microsoft ne contrôle pas le comportement de la mise à jour actuelle
      [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiSpywareOverride: Modified => SECURITE : AntiSpyware Désactivé
      [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiVirusOverride: Modified => SECURITE : Antivirus désactivé
      O3 - ToolbarWebBrowser: (no name) - [HKCU]{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Clé orpheline => Conduit Softonic Toolbar
      [MD5.ED92900BF225E26A4E54C2C14FA1424F] [SPRF][9/09/2011] (.Ask.com - AskIC Dynamic Link Library.) -- C:UsersNayoAppDataLocalTempAskSLib.dll [246440]
      [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheVuze_Remote Toolbar] =>Toolbar.Conduit
      G2 - GCE: Preference [User DataDefault] [mamnihopcnbfnbfnnneplcohmnkkpipb] Illimitux v.1.0 (Désactivé) => CrackStreaming.Illimitux
      [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:Program FilesLavasoftAd-AwareAd-AwareAdmin.exe (.not file.) [0] => Lavasoft
      [MD5.00000000000000000000000000000000] [APT] [{113A9899-6CEC-4158-81ED-62A0D11E5D35}] (...) -- C:UsersNayoAppDataLocalTempPacSteamT_-_060708_+_MAJ_050209_FR_+_tutorielPacSteamT-060708.exe (.not file.) [0] => Fichier absent
      [MD5.00000000000000000000000000000000] [APT] [{119F5467-E0AC-402E-B33F-4DC6C3072A71}] (...) -- C:UsersNayoDownloadsNimbus.exe (.not file.) [0] => Fichier absent
      [MD5.00000000000000000000000000000000] [APT] [{3D7D85D7-ACCF-4F57-8650-FA7C4EEBA856}] (...) -- C:UsersNayoDownloadsmyboxscript.exe (.not file.) [0] => Fichier absent
      [MD5.00000000000000000000000000000000] [APT] [{43F0FBA4-2E7E-422C-9532-E8CFF1B3911A}] (...) -- C:Program FilesNoteWorthy Composer 2 ViewerUninstall.exe (.not file.) [0] => Fichier absent
      [MD5.00000000000000000000000000000000] [APT] [{449384B0-ED1F-4F87-8F41-0419AE858F0D}] (...) -- C:UsersNayoDownloadsxchat-2.8.7f.exe (.not file.) [0] => Fichier absent
      [MD5.00000000000000000000000000000000] [APT] [{4E6CEA81-59DC-45A6-965D-5A61D2FED488}] (...) -- C:UsersNayoDownloadsWolfET.exe (.not file.) [0] => Fichier absent
      O45 - LFCP:[MD5.8B79BB4C78E2C98760017CA2A99E1222] - 5/11/2013 - 15:33:57 ---A- - C:WindowsPrefetch30.0.1599.101_30.0.1599.69_CH-7E20DB33.pf => Fichier du dossier Prefetcher
      C:Autodesk.3ds.Max.2009.32bit.64bitAutodesk.3ds.Max.2009.32bit.64bit3dsMax2009.Keygen64bitXF-MAX2k9-64bit-KG.exe => Crack, KeyGen, Keymaker - Possible Malware
      C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATCrackmIRC.exe => Crack, KeyGen, Keymaker - Possible Malware
      C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATCrackmIRC.reg => Crack, KeyGen, Keymaker - Possible Malware
      C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATmirc717.exe => Crack, KeyGen, Keymaker - Possible Malware
      C:Autodesk.3ds.Max.2009.32bit.64bitAutodesk.3ds.Max.2009.32bit.64bit3dsMax2009.Keygen64bitXF-MAX2k9-64bit-KG.exe => Crack, KeyGen, Keymaker - Possible Malware
      C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATCrackmIRC.exe => Crack, KeyGen, Keymaker - Possible Malware
      C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATCrackmIRC.reg => Crack, KeyGen, Keymaker - Possible Malware
      C:UsersNayoDownloadsMIRC.v7.17.Cracked-EATmirc717.exe => Crack, KeyGen, Keymaker - Possible Malware
      O87 - FAEL: "TCP Query User{8C343241-0EFE-4BBE-B4C8-E81808FF2FD6}C:usersnayodownloadsalfascriptv258alfascriptv258mirc.exe" |In - Public - P6 - TRUE | .(...) -- C:usersnayodownloadsalfascriptv258alfascriptv258mirc.exe (.not file.) => Fichier absent
      O87 - FAEL: "UDP Query User{3E62566C-1EC4-4E07-8DD8-B843DFFF0C41}C:usersnayodownloadsalfascriptv258alfascriptv258mirc.exe" |In - Public - P17 - TRUE | .(...) -- C:usersnayodownloadsalfascriptv258alfascriptv258mirc.exe (.not file.) => Fichier absent
      O87 - FAEL: "TCP Query User{DEB4FBD0-668B-42F2-8189-EE14BFDE0C4F}C:program filesalfascriptv2.58mirc.exe" |In - Public - P6 - TRUE | .(...) -- C:program filesalfascriptv2.58mirc.exe (.not file.) => Fichier absent
      O51 - MPSK:{37b03eaa-f36c-11e1-97b6-806e6f6e6963}AutoRuncommand. (...) -- E:Autorun.exe (.not file.) => Microsoft Windows NT or Infection USB
      O87 - FAEL: "UDP Query User{F871B6EA-E53D-4FD6-8126-7BC6C03F85E4}C:program filesalfascriptv2.58mirc.exe" |In - Public - P17 - TRUE | .(...) -- C:program filesalfascriptv2.58mirc.exe (.not file.) => Fichier absent
      O87 - FAEL: "TCP Query User{E79A7883-2249-42A0-83F7-B3ED54F2E8FC}C:program filesalfascriptv2.58mirc.exe" |In - Private - P6 - TRUE | .(...) -- C:program filesalfascriptv2.58mirc.exe (.not file.) => Fichier absent
      O87 - FAEL: "UDP Query User{07DD1065-9860-4BEC-98BF-AB173CD011B4}C:program filesalfascriptv2.58mirc.exe" |In - Private - P17 - TRUE | .(...) -- C:program filesalfascriptv2.58mirc.exe (.not file.) => Fichier absent
      [MD5.00000000000000000000000000000000] [APT] [{59A42D4C-568E-412D-BC25-24CB07350016}] (...) -- C:UsersNayoDownloadsET_Ultimate_Installer_1.6_beta.exe (.not file.) [0] => Fichier absent
      [MD5.00000000000000000000000000000000] [APT] [{A9D78D33-D511-4B71-B9BE-0918D4CD4169}] (...) -- C:UsersNayoAppDataLocalTempTemp1_GeForce_3D_Vision_CD_v1.08_WinVista_int.zipGeForce_3D_Vision_CD_v1.08_intLaunch.exe (.not file.) [0] => Fichier absent
      [MD5.00000000000000000000000000000000] [APT] [{C95B71A5-FAFD-43B1-A96A-1E422D1FC475}] (...) -- C:UsersNayoDownloads15.49_nforce_winvista_win7_32bit_international_whql.exe (.not file.) [0] => Fichier absent
      O42 - Logiciel: BSmaxScript 7.2 - (...) [HKCU] -- BSmaxScript 7.2 => BSmaxScript
      O43 - CFD: 11/01/2013 - 20:32:57 - [50,287] ----D C:Program FilesBSmaxScript[7.2] => BSmaxScript
      O43 - CFD: 6/06/2009 - 20:03:53 - [0] ----D C:ProgramDataGameScanner => Empty Folder not necessary
      O45 - LFCP:[MD5.16FB822DD0328B7D51F4871301E28136] - 21/10/2013 - 10:51:23 ---A- - C:WindowsPrefetchSETUPFREEVOIPDEAL.TMP-AEDDF0D5.pf => Unnecessary Temporary File
      O45 - LFCP:[MD5.272BF680DB31D4522863CF4D0998366F] - 21/10/2013 - 10:51:26 ---A- - C:WindowsPrefetchSETUPFREEVOIPDEAL.TMP-231241BE.pf => Unnecessary Temporary File
      SysRestore
      EmptyFlash
      EmptyCLSID
      Firewallraz
      EmptyTemp

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
  • dorothea
    Participant
    Nombre d'articles : 13

    marci et voici 🙂 https://antimalware.top/log/SosUpload.285fa10f8c9b72b6a76b5f553bca31b8.txt” onclick=”window.open(this.href);return false;

    j’avais oublié de le faire avec la clé usb donc j’ai recommencé mais cette fois avec la clé usb insérée : https://antimalware.top/log/SosUpload.94d2f02a73453f1bbcd09bfa14bd8104.txt” onclick=”window.open(this.href);return false;

    ps: je peux effacer ce qu’il m’a mis en quarantaine ? 🙂

  • kink06
    Nombre d'articles : 0

    ok ve 😉 :super:

    je peux effacer ce qu’il m’a mis en quarantaine ?

    à la fin on vas utiliser un outils exprès pour ça pour tu nettoyer 😉

    pour contrôle refais un nouveau log ZHPDiag: stp
    regarde l’image ici =>
    http://cjoint.com/13oc/CJukFzALKYy.htm” onclick=”window.open(this.href);return false;
    Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> http://www.cjoint.com/” onclick=”window.open(this.href);return false;

  • dorothea
    Participant
    Nombre d'articles : 13

    marci à vous en tout cas pour vos réponses 😉

    voici le rapport zhpdiag : http://cjoint.com/data3/3Kpaw0QX87b.htm” onclick=”window.open(this.href);return false;

  • kink06
    Nombre d'articles : 0

    En attendant, que je regarde le rapport =>

    retente encore usbfix en suppression en mode sans échec avec prise en charge réseau et aussi malwarebite pour voire si ça marche 😉

  • kink06
    Nombre d'articles : 0

    ensuite fais ceci =>

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      A l’aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l’encadré ci-dessous

      Script ZHPFix =>
      ShortcutFix
      O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Funmoods) - http://start.funmoods.com =>PUP.Funmoods
      O4 - GSDesktop [Nayo]: BSmax Script [7.2].lnk . (...) -- C:Program FilesBSmaxScript[7.2]mirc.exe (.not file.) => Fichier absent
      [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiSpywareOverride: Modified => SECURITE : AntiSpyware Désactivé
      [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiVirusOverride: Modified => SECURITE : Antivirus désactivé
      [HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date => SYSTEM : Aucune mise à jour depuis 15 jours !
      R5 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1 => Internet Explorer Allows Proxy Settings Remotely
      [HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
      O4 - GSProgram [Nayo]: GameRanger.lnk . (...) -- C:UsersNayoAppDataRoamingGameRangerGameRangerGameRanger.exe (.not file.)
      O4 - GSProgram [Nayo]: Jouer (EasyBits GO).lnk . (.EasyBits Software AS - Game Organizer.) -- C:ProgramDataEasybits GOEasyBitsGO.exe
      O4 - GSDesktop [Nayo]: AnumanLive.lnk . (...) -- C:UsersNayoAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe (.not file.)
      O3 - ToolbarWebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
      O3 - ToolbarWebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
      O4 - GSDesktop [Nayo]: BSmax Script [7.2].lnk . (...) -- C:Program FilesBSmaxScript[7.2]mirc.exe (.not file.)
      O51 - MPSK:{c2315550-e35a-11de-978f-002511090558}AutoRuncommand. (...) -- E:USBAutoRun.exe (.not file.)
      [MD5.705FD70F8FF19A91F51F40D395C5FA05] [SPRF][2/10/2013] (.Java (TM) - Java (TM).) -- C:UsersNayoAppDataLocalIntel(TM)7z.exe [24675532]
      P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (...) -- C:Program FilesDivXDivX Plus Web Playernpdivx32.dll (.not file.)
      M3 - MFPP: Plugins - [Nayo] -- C:Program FilesMozilla FireFoxsearchpluginsMediaDICO-fr.xml
      O4 - GSDesktop [Nayo]: AnumanLive.lnk . (...) -- C:UsersNayoAppDataRoamingAnuman InteractiveAnumanLiveAnumanLive.exe (.not file.)
      O4 - GSDesktop [Nayo]: BSmax Script [7.2].lnk . (...) -- C:Program FilesBSmaxScript[7.2]mirc.exe (.not file.)O4 - HKLM..Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
      O4 - HKLM..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:Program FilesSamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
      O4 - HKLM..Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
      O4 - HKLM..Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:Program FilesLogMeIn Hamachihamachi-2-ui.exe
      O4 - HKLM..Run: [A7KGEquN] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:WindowsSystem32wscript.exe
      O4 - HKLM..Run: [Intel(TM)7z] . (.Java (TM) - Java (TM).) -- C:WindowsIntel(TM)7z.exe
      O4 - HKCU..Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:UsersNayoAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
      O4 - HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
      O4 - HKCU..Run: [KiesHelper] . (.Samsung - Kies.) -- C:Program FilesSamsungKiesKiesHelper.exe
      O4 - HKCU..Run: [KiesPDLR] . (.Pas de propriétaire - KiesPDLR.) -- C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
      O51 - MPSK:{1fb0b6f6-534c-11de-984f-002511090558}AutoRuncommand. (...) -- E:LaunchU3.exe
      O51 - MPSK:{c2315550-e35a-11de-978f-002511090558}AutoRuncommand. (...) -- E:USBAutoRun.exe (.not file.)
      O4 - HKCU..Run: [FreeVoipDeal] . (.FreeVoipDeal - Client to make VoIP calls..) -- C:Program FilesFreeVoipDeal.comFreeVoipDealFreeVoipDeal.exe
      O4 - HKCU..Run: [A7KGEquN] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:WindowsSystem32wscript.exe
      O4 - HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:UsersNayoAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
      O4 - HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
      O4 - HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [KiesHelper] . (.Samsung - Kies.) -- C:Program FilesSamsungKiesKiesHelper.exe
      O4 - HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [KiesPDLR] . (.Pas de propriétaire - KiesPDLR.) -- C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
      O4 - HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [FreeVoipDeal] . (.FreeVoipDeal - Client to make VoIP calls..) -- C:Program FilesFreeVoipDeal.comFreeVoipDealFreeVoipDeal.exe
      O4 - HKUSS-1-5-21-3924490768-600233659-1228559544-1000..Run: [A7KGEquN] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:WindowsSystem32wscript.exe
      [MD5.00000000000000000000000000000000] [APT] [{A27A83F8-1683-48C1-BF4F-81C47D474F8B}] (...) -- C:Program FilesAGIcore4.2.0.10753InstallerGUI.exe (.not file.) [0]
      O53 - SMSR:HKLM...startupregFreeCall [Key] . (...) -- C:Program FilesFreeCall.comFreeCallfreecall.exe (.not file.)
      O53 - SMSR:HKLM...startupregRaptr [Key] . (...) -- C:Program FilesRaptrraptrstub.exe (.not file.)
      SysRestore
      EmptyFlash
      EmptyCLSID
      ProxyFix
      Firewallraz
      EmptyTemp

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
  • dorothea
    Participant
    Nombre d'articles : 13

    ben ca plante encore (les deux logiciels) pourtant j’ai pas l’impression de me planter, y a juste decocher la version d’essai que je n’ai pas fait car je ne l’avais pas (voyait pas). sinon toujours malware avant de planter il a detecte un truc du coup j’ai relance et arrete le scab et fait comme dit dans un post plus haut l’effacer. Sinon rien d’autres afiou 🙂

    ps:ok je fais la suite demain matin marciii 🙂

  • kink06
    Nombre d'articles : 0

    Mozilla Firefox 8.0 pas a jour 🙁

    Mettre à jour Firefox vers la dernière version=>
    En haut de la fenêtre de Firefox, clique sur le point d’interrogation dans la barre des menus, et sélectionne “a propos de firefox”
    tuto ici => https://support.mozilla.org/fr/kb/mettre-jour-firefox-derniere-version” onclick=”window.open(this.href);return false;

    OK a demain 😉

  • dorothea
    Participant
    Nombre d'articles : 13

    Bien le bonjour très cher helper 🙂 :dodo10:

    voici le rapport zhpfix demandé hier : https://antimalware.top/log/SosUpload.e6673a404a892b495030904c958590e1.txt” onclick=”window.open(this.href);return false;

    plouchemouche

  • kink06
    Nombre d'articles : 0

    Re, :hello:

    ok ve 😉

    recherche Installer des mises à jour Windows Update 🙁

    puis =>

    pour contrôle refais un nouveau log ZHPDiag: stp
    regarde l’image ici =>
    http://cjoint.com/13oc/CJukFzALKYy.htm” onclick=”window.open(this.href);return false;
    Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> http://www.cjoint.com/” onclick=”window.open(this.href);return false;

  • dorothea
    Participant
    Nombre d'articles : 13

    sorry pour le timing mais je n’arrive pas a faire la maj xD

    http://www.cjoint.com/confirm.php?cjoint=0KrbfOCpLaT” onclick=”window.open(this.href);return false;

  • kink06
    Nombre d'articles : 0

    Re, 😉

    => SYSTEM : Aucune mise à jour depuis 15 jours ! recherche Installer des mises à jour Windows Update

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      A l’aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l’encadré ci-dessous

      Script ZHPFix =>
      ShortcutFix
      G1 - GCS: Preference [User DataDefault] http://start.funmoods.com =>PUP.Funmoods
      O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (Funmoods) - http://start.funmoods.com =>PUP.Funmoods
      R5 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1 => Internet Explorer Allows Proxy Settings Remotely
      [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiSpywareOverride: Modified => SECURITE : AntiSpyware Désactivé
      [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiVirusOverride: Modified => SECURITE : Antivirus désactivé
      O4 - GSDesktop [Nayo]: FreeVoipDeal.lnk . (...) -- C:Program FilesFreeVoipDeal.comFreeVoipDealFreeVoipDeal.exe (.not file.)
      O87 - FAEL: "TCP Query User{78C999DA-37E0-4103-9446-16B98DC2F575}C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe" |In - Public - P6 - TRUE | .(...) -- C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe (.not file.)
      O87 - FAEL: "UDP Query User{527C9450-B21A-41F8-BEEC-64BA290D9BE7}C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe" |In - Public - P17 - TRUE | .(...) -- C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe (.not file.)
      [MD5.277A317C4B5F4ABDBDED2594C957122E] [SPRF][9/05/2010] (...) -- C:ProgramDataezsid.dat [32]
      [MD5.E86A99342EE8EE479AF972F7BBB94CBA] [SPRF][30/04/2010] (...) -- C:ProgramDataqGF5Un4w.dat [112]
      [MD5.125E207E0272498ED027DA756738958E] [SPRF][7/06/2013] (...) -- C:UsersNayoAppDataLocald3d9caps.dat [1356]
      [MD5.985798A255262E4AC1B0F663EFCC32A1] [SPRF][5/02/2010] (...) -- C:UsersNayoAppDataRoamingwklnhst.dat [1092]
      [MD5.142B6367A1086C43767AD366E9498387] [SPRF][7/06/2009] (...) -- C:UsersNayoDesktopETMinimizer.exe [13824]
      O4 - GSDesktop [Nayo]: FreeVoipDeal.lnk . (...) -- C:Program FilesFreeVoipDeal.comFreeVoipDealFreeVoipDeal.exe (.not file.) => Fichier absent
      O87 - FAEL: "TCP Query User{78C999DA-37E0-4103-9446-16B98DC2F575}C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe" |In - Public - P6 - TRUE | .(...) -- C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe (.not file.) => Fichier absent
      O87 - FAEL: "UDP Query User{527C9450-B21A-41F8-BEEC-64BA290D9BE7}C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe" |In - Public - P17 - TRUE | .(...) -- C:program filesfreevoipdeal.comfreevoipdealfreevoipdeal.exe (.not file.) => Fichier absent
      SysRestore
      EmptyFlash
      EmptyCLSID
      Firewallraz
      EmptyTemp

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
  • dorothea
    Participant
    Nombre d'articles : 13

    non non en fait le update ne fonctionne plus :D(pourquoi faire simple hein)

    je ne sais pas si c’est depuis que j’ai un dualboot mais quoiqu’il en soit il ne fonctionne plus… (y a t’il un autre moyen de mettre a jour ? ou pas?).

    sinon voici pour le rapport demandé 🙂 https://antimalware.top/log/SosUpload.4484fb4be7cc2c8221397ab8b7343284.txt” onclick=”window.open(this.href);return false;

    marci 🙂

  • kink06
    Nombre d'articles : 0

    @dorothea wrote:

    non non en fait le update ne fonctionne plus :D(pourquoi faire simple hein)

    je ne sais pas si c’est depuis que j’ai un dualboot mais quoiqu’il en soit il ne fonctionne plus… (y a t’il un autre moyen de mettre a jour ? ou pas?).

    fais ceci => http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/11-winupdatefix” onclick=”window.open(this.href);return false; 😉

    ensuite dit-moi si tu encore des soucis? – sinon on passe phase finale “Désinstallation des outils de désinfection” ! 🙂

    @+ :bye:

  • dorothea
    Participant
    Nombre d'articles : 13

    hellow marci il a fini par bien vouloir se mettre à jour 😉

  • Anonyme
    Nombre d'articles : 0

    🙂

    • Pour supprimer les outils de désinfections utilisés :
    • Télécharges Delfix sur ton Bureau.
    • Lance Delfix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche la case suivantes :
      • Supprimer les outils de désinfection
      • Purger la restauration système

    [hr:9qoemybt]

    [fin2desinf:9qoemybt][/fin2desinf:9qoemybt]

  • dorothea
    Participant
    Nombre d'articles : 13

    Hellow marci beaucoup de ton/votre aide,

    j’ai une dernière question concernant antimalware et usbfix … pourquoi le pc ne répondait plus qu’ils bloquaient a mi parcours?

    marci encore et bonne soirée 🙂

  • Anonyme
    Nombre d'articles : 0

    j’ai une dernière question concernant antimalware et usbfix … pourquoi le pc ne répondait plus qu’ils bloquaient a mi parcours?

    Car ils font appel à beaucoup de ressources, les pcs ont parfois du mal à suivre.

    Bonne fin de semaine 🙂

  • dorothea
    Participant
    Nombre d'articles : 13

    oh oki “super” merci 😉

    bonne semaine à vous

Le sujet ‘A7KGEquN.vbs’ est fermé à de nouvelles réponses.