berzerk.vbe 2014-05-04T09:49:28+00:00
  • Auteur
    Messages
  • bravoryo
    Participant
    Post count: 5

    Bonjour à tous

    Je viens d’utiliser usbfix qui m’a permis de nettoyer mon ordi de berzerk.Vbe j’ai suivi toutes les instructions que j’ai trouvé sur le forum.
    Merci pour ces infos

    Le dernier rapport indique : Supprimé! H:Berzerk.vbe
    Supprimé! H:RestoreU3.exe
    j’ai ensuite désinstallé
    USBfix comme indiqué dans les forums

    Il y a t il quelquechose de plus à fort

    merci pour votre aide
    Cordialement
    Bruno

  • lilidurhone
    Post count: 0

    :welcome:

    Je vais te prendre en charge ;)

    Peux tu poster le dernier rapport d’Usbfix?

    A te lire ;)

  • bravoryo
    Participant
    Post count: 5

    Bonjour

    Voici le dernier rapport

    ############################## | UsbFix V 7.169 | [Suppression]

    Utilisateur: saint martin (Administrateur) # MAISON-PC
    Mis à jour le 31/03/2014 par El Desaparecido – Team SosVirus
    Lancé à 11:07:17 | 04/05/2014

    Site Web : http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/” onclick=”window.open(this.href);return false;
    Support : forum-virus-securite.html
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Packard Bell (imedia S1850)
    CPU: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz
    RAM -> [Total : 4095 Mo| Free : 2124 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Windows Internet Explorer : 11.0.9600.16661
    WB: Google Chrome : 34.0.1847.131

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender [Enabled | Updated]
    AS: avast! Antivirus [Enabled | Updated]
    FW: avast! Antivirus [Enabled]
    FW: Windows FireWall [Enabled]

    C: (%systemdrive%) -> Disque fixe # 920 Go (712 Go libre(s) – 77%) [Packard Bell] # NTFS
    D: -> Disque fixe # 920 Go (920 Go libre(s) – 100%) [DATA] # NTFS
    E: -> CD-ROM
    H: -> Disque amovible # 4 Go (1 Go libre(s) – 38%) [] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 476 |ParentID: 468)
    C:Windowssystem32csrss.exe (ID: 536 |ParentID: 528)
    C:Windowssystem32wininit.exe (ID: 544 |ParentID: 468)
    C:Windowssystem32winlogon.exe (ID: 592 |ParentID: 528)
    C:Windowssystem32services.exe (ID: 640 |ParentID: 544)
    C:Windowssystem32lsass.exe (ID: 648 |ParentID: 544)
    C:Windowssystem32lsm.exe (ID: 656 |ParentID: 544)
    C:Windowssystem32svchost.exe (ID: 756 |ParentID: 640)
    C:Windowssystem32nvvsvc.exe (ID: 840 |ParentID: 640)
    C:Windowssystem32svchost.exe (ID: 880 |ParentID: 640)
    C:WindowsSystem32svchost.exe (ID: 976 |ParentID: 640)
    C:WindowsSystem32svchost.exe (ID: 1008 |ParentID: 640)
    C:Windowssystem32svchost.exe (ID: 272 |ParentID: 640)
    C:Windowssystem32svchost.exe (ID: 428 |ParentID: 640)
    C:Windowssystem32svchost.exe (ID: 628 |ParentID: 640)
    C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID: 1132 |ParentID: 840)
    C:Windowssystem32svchost.exe (ID: 1156 |ParentID: 640)
    C:Windowssystem32nvvsvc.exe (ID: 1188 |ParentID: 840)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1380 |ParentID: 640)
    C:WindowsSystem32spoolsv.exe (ID: 1596 |ParentID: 640)
    C:Windowssystem32svchost.exe (ID: 1624 |ParentID: 640)
    C:Program FilesAVAST SoftwareAvastafwServ.exe (ID: 1672 |ParentID: 640)
    C:Program Files (x86)Common FilesEPSONEBAPIeEBSVC.exe (ID: 1824 |ParentID: 640)
    C:Program Files (x86)Common FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe (ID: 2036 |ParentID: 640)
    C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe (ID: 1488 |ParentID: 640)
    C:Program Files (x86)Common FilesArcSoftesinterBineservutil.exe (ID: 1644 |ParentID: 640)
    c:Program Files (x86)AdobeElements 9 OrganizerPhotoshopElementsFileAgent.exe (ID: 1692 |ParentID: 640)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID: 2216 |ParentID: 640)
    C:Program Files (x86)AskPartnerNetworkToolbarapnmcp.exe (ID: 2268 |ParentID: 640)
    C:Program Files (x86)BonjourmDNSResponder.exe (ID: 2296 |ParentID: 640)
    C:Program Files (x86)Common FilesPortrait DisplaysShareddtsrvc.exe (ID: 2344 |ParentID: 640)
    C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RPB.EXE (ID: 2384 |ParentID: 640)
    C:Windowssystem32svchost.exe (ID: 2428 |ParentID: 640)
    C:Program Files (x86)Packard BellRegistrationGREGsvc.exe (ID: 2464 |ParentID: 640)
    C:Program FilesPackard BellPackard Bell UpdaterUpdaterService.exe (ID: 2508 |ParentID: 640)
    C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe (ID: 2608 |ParentID: 640)
    C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe (ID: 2704 |ParentID: 640)
    C:Program Files (x86)Common FilesPortrait DisplaysDriverspdisrvc.exe (ID: 2792 |ParentID: 640)
    C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (ID: 2856 |ParentID: 640)
    C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe (ID: 2916 |ParentID: 640)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2980 |ParentID: 640)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 2100 |ParentID: 2980)
    C:Windowssystem32svchost.exe (ID: 4032 |ParentID: 640)
    C:WindowsSystem32WUDFHost.exe (ID: 3664 |ParentID: 1008)
    C:Program Files (x86)NeroUpdateNASvc.exe (ID: 3444 |ParentID: 640)
    C:WindowsSystem32svchost.exe (ID: 3732 |ParentID: 640)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 876 |ParentID: 640)
    C:Windowssystem32SearchIndexer.exe (ID: 3852 |ParentID: 640)
    C:Windowssystem32taskeng.exe (ID: 436 |ParentID: 428)
    C:Windowssystem32rundll32.exe (ID: 2308 |ParentID: 436)
    C:Windowssystem32svchost.exe (ID: 3304 |ParentID: 640)
    C:Windowssystem32vssvc.exe (ID: 3912 |ParentID: 640)
    C:WindowsSystem32svchost.exe (ID: 908 |ParentID: 640)
    C:Windowssystem32taskhost.exe (ID: 3136 |ParentID: 640)
    C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe (ID: 3084 |ParentID: 2704)
    C:Windowssystem32Dwm.exe (ID: 2248 |ParentID: 1008)
    C:WindowsExplorer.EXE (ID: 2836 |ParentID: 2504)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 3520 |ParentID: 2836)
    C:Program FilesCanonMyPrinterBJMYPRT.EXE (ID: 4508 |ParentID: 2836)
    C:Program FilesWindows Sidebarsidebar.exe (ID: 4660 |ParentID: 2836)
    C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe (ID: 4912 |ParentID: 2836)
    C:Program Files (x86)Microsoft OfficeOfficeOSA.EXE (ID: 4208 |ParentID: 2836)
    C:Program Files (x86)Packard BellHotkey UtilityHotkeyUtility.exe (ID: 4784 |ParentID: 4992)
    C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe (ID: 4984 |ParentID: 4992)
    C:Program Files (x86)Common FilesArcSoftConnection ServiceBinArcCon.ac (ID: 4252 |ParentID: 4984)
    C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe (ID: 4396 |ParentID: 4992)
    C:Program Files (x86)Acer DisplayeDisplay ManagementDTHtml.exe (ID: 3884 |ParentID: 4924)
    C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe (ID: 4616 |ParentID: 4992)
    C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 4600 |ParentID: 4992)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 4840 |ParentID: 4992)
    C:Program Files (x86)Common FilesPortrait DisplaysSharedHookManager.exe (ID: 4296 |ParentID: 3884)
    C:Program Files (x86)Common FilesResearch In MotionUSB DriversBbDevMgr.exe (ID: 4260 |ParentID: 640)
    C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe (ID: 4548 |ParentID: 4992)
    C:WindowsSystem32svchost.exe (ID: 4168 |ParentID: 640)
    C:Windowssystem32svchost.exe (ID: 5108 |ParentID: 640)
    C:Program Files (x86)Portrait DisplaysPivot Pro Pluginwpctrl.exe (ID: 5560 |ParentID: 4244)
    C:Program Files (x86)Portrait DisplaysPivot Pro Pluginfloater.exe (ID: 5636 |ParentID: 5560)
    C:Windowssystem32DllHost.exe (ID: 5652 |ParentID: 756)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4184 |ParentID: 2836)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 4496 |ParentID: 4184)
    C:Program Files (x86)GoogleChromeApplicationchrome.exe (ID: 2896 |ParentID: 4184)
    C:Windowssystem32wbemwmiprvse.exe (ID: 5736 |ParentID: 756)
    C:WindowsSystem32svchost.exe (ID: 5400 |ParentID: 640)
    C:Windowssystem32rundll32.exe (ID: 4100 |ParentID: 3488)
    C:Windowssystem32wbemwmiprvse.exe (ID: 6100 |ParentID: 756)
    C:Windowssystem32SearchProtocolHost.exe (ID: 4460 |ParentID: 3852)
    C:Windowssystem32DllHost.exe (ID: 4704 |ParentID: 756)
    C:Windowssystem32SearchFilterHost.exe (ID: 3796 |ParentID: 3852)
    C:Windowssystem32DllHost.exe (ID: 6112 |ParentID: 756)

    ################## | Recherche générique |

    Supprimé! H:Berzerk.vbe
    Supprimé! H:RestoreU3.exe

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe,
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [E09FXLRD_652302] “C:Program Files (x86)Microsoft EncartaMicrosoft Encarta 2009 – Collection DVDEDICT.EXE” -m
    04 – HKCU..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKCU..Run : [TomTomHOME.exe] “C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe”
    04 – HKCU..RunOnce : [Uninstall C:Userssaint martinAppDataLocalMicrosoftSkyDrive16.4.6013.0910amd64] C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:Userssaint martinAppDataLocalMicrosoftSkyDrive16.4.6013.0910amd64”
    04 – HKLM..Run : [Hotkey Utility] C:Program Files (x86)Packard BellHotkey UtilityHotkeyUtility.exe
    04 – HKLM..Run : [NWEReboot]
    04 – HKLM..Run : [ArcSoft Connection Service] C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    04 – HKLM..Run : [Adobe ARM] “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLM..Run : [PivotSoftware] “C:Program Files (x86)Portrait DisplaysPivot Pro PluginPivot_startup.exe” -delay=10
    04 – HKLM..Run : [DT ACR] C:Program Files (x86)Common FilesPortrait DisplaysSharedDT_startup.exe -ACR
    04 – HKLM..Run : [EEventManager] “C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe”
    04 – HKLM..Run : [RIMBBLaunchAgent.exe] C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
    04 – HKLM..Run : [Nikon Message Center 2] C:Program Files (x86)NikonNikon Message Center 2NkMC2.exe -s
    04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLM..Run : [ApnTBMon] “C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe”
    04 – HKLM..RunOnce : []
    04 – [x64] HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
    04 – [x64] HKLM..Run : [AdobeAAMUpdater-1.0] “C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe”
    04 – [x64] HKLM..Run : [Easy-PrintToolBox] C:Program Files (x86)CanonEasy-PrintToolBoxBJPSMAIN.EXE /logon
    04 – [x64] HKLM..Run : [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-2237735633-2641064963-615179137-1001..Run : [E09FXLRD_652302] “C:Program Files (x86)Microsoft EncartaMicrosoft Encarta 2009 – Collection DVDEDICT.EXE” -m
    04 – HKUS-1-5-21-2237735633-2641064963-615179137-1001..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-2237735633-2641064963-615179137-1001..Run : [TomTomHOME.exe] “C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe”
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-21-2237735633-2641064963-615179137-1001..RunOnce : [Uninstall C:Userssaint martinAppDataLocalMicrosoftSkyDrive16.4.6013.0910amd64] C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:Userssaint martinAppDataLocalMicrosoftSkyDrive16.4.6013.0910amd64”

    ################## | Listing |

    [25/12/2012 – 16:08:52 | SHD] – C:$Recycle.Bin
    [14/03/2011 – 16:19:39 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
    [22/03/2014 – 15:10:05 | D] – C:Données Ciel
    [13/10/2011 – 19:42:41 | D] – C:EPSON
    [04/05/2014 – 09:35:08 | ASH | 3145144 Ko] – C:hiberfil.sys
    [14/03/2011 – 15:29:11 | D] – C:Intel
    [02/12/2006 – 08:37:14 | N | 884 Ko | 800B746FDC4D80469AFC7E5E9B510C9C] – C:msdia80.dll
    [28/09/2011 – 19:42:14 | RHD] – C:MSOCache
    [28/09/2011 – 19:23:03 | D] – C:OEM
    [04/05/2014 – 09:35:08 | ASH | 4193528 Ko] – C:pagefile.sys
    [05/05/2011 – 15:44:18 | | 7 Ko] – C:pdiports.cat
    [05/05/2011 – 15:43:12 | | 3 Ko] – C:pdiports64.inf
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [05/01/2014 – 19:31:49 | D] – C:Program Files
    [03/05/2014 – 18:31:11 | D] – C:Program Files (x86)
    [26/04/2014 – 16:55:30 | HD] – C:ProgramData
    [28/09/2011 – 19:20:45 | SHD] – C:Recovery
    [25/07/2013 – 22:19:55 | D] – C:sfzone_profile
    [04/05/2014 – 09:46:10 | SHD] – C:System Volume Information
    [09/04/2014 – 09:59:22 | D] – C:TRAVAIL
    [04/05/2014 – 11:05:45 | D] – C:UsbFix
    [03/05/2014 – 18:13:38 | N | 14 Ko | 0AC728ABA499320DA31C4A7BBABACB0B] – C:UsbFix [Clean 2] MAISON-PC.txt
    [03/05/2014 – 18:36:26 | N | 13 Ko | 717363E69E95CB46DECD953C96B0ECF8] – C:UsbFix [Clean 4] MAISON-PC.txt
    [03/05/2014 – 18:51:59 | N | 16 Ko | B94FAC8EAD965A2BDE93C107E98D01EB] – C:UsbFix [Clean 6] MAISON-PC.txt
    [04/05/2014 – 11:13:21 | A | 13 Ko | BB1F8408E0DB704760C216707F679D62] – C:UsbFix [Clean 8] MAISON-PC.txt
    [13/04/2012 – 19:34:52 | N | 0 Ko] – C:user.js
    [07/10/2011 – 08:45:21 | D] – C:Users
    [01/05/2014 – 14:35:08 | D] – C:Windows
    [28/09/2011 – 19:23:10 | SHD] – D:$RECYCLE.BIN
    [05/09/2012 – 15:01:31 | N | 4 Ko] – D:ffastun.ffa
    [05/09/2012 – 15:01:30 | N | 24 Ko] – D:ffastun.ffl
    [05/09/2012 – 15:01:31 | N | 16 Ko] – D:ffastun.ffo
    [05/09/2012 – 15:01:31 | N | 8 Ko] – D:ffastun0.ffx
    [23/09/2005 – 00:39:38 | N | 874 Ko | FE5A0B29A5EA757E6891DC7B70E7B112] – D:msdia80.dll
    [17/02/2012 – 11:08:07 | D] – D:photos Delphine 2012 – stage
    [05/02/2012 – 19:29:11 | N | 12851 Ko] – D:raport de stage(brouillon)1 (Enregistré automatiquement).doc
    [04/05/2014 – 09:46:04 | SHD] – D:System Volume Information
    [12/05/2008 – 13:15:46 | D] – H:Documents
    [12/05/2008 – 13:15:46 | SHD] – H:System
    [23/10/2007 – 10:45:40 | N | 1305 Ko | 2C875B03541FFA970679986B48DCA943] – H:LaunchU3.exe
    [29/09/2013 – 16:13:38 | SH | 4 Ko] – H:._.Trashes
    [29/09/2013 – 16:13:38 | SHD] – H:.Trashes
    [29/09/2013 – 16:13:38 | SHD] – H:.Spotlight-V100
    [23/03/2014 – 14:36:04 | SHD] – H:.fseventsd
    [28/09/2013 – 17:02:52 | N | 83 Ko] – H:photoidentité-BSM.jpg
    [14/12/2013 – 18:57:36 | SHD] – H:.TemporaryItems
    [14/12/2013 – 18:57:36 | SH | 4 Ko] – H:._.TemporaryItems
    [25/03/2014 – 19:26:02 | N | 0 Ko] – H:Satisfait du syndic ? témoignages.pdf
    [25/03/2014 – 19:52:42 | N | 182 Ko] – H:Capture d’écran 2014-03-25 à 19.52.30 2.png
    [25/03/2014 – 19:54:18 | N | 4 Ko] – H:._Capture d’écran 2014-03-25 à 19.52.30 2.png
    [14/03/2011 – 10:49:56 | D] – H:DOCBSM
    [21/03/2011 – 16:10:04 | D] – H:MES DOCUMENTS
    [23/03/2011 – 15:38:32 | D] – H:mardis de FI-AA
    [06/06/2011 – 17:40:08 | D] – H:DC13272
    [30/01/2013 – 17:21:48 | D] – H:presentation
    [17/10/2013 – 15:31:16 | N | 12 Ko] – H:telephone.xlsx
    [09/12/2013 – 09:07:32 | N | 762 Ko] – H:Guide EADP-Collaborateur[1].pdf
    [02/04/2014 – 22:25:04 | D] – H:DELPHINE
    [12/04/2014 – 19:25:42 | D] – H:immo
    [12/04/2014 – 19:26:42 | D] – H:new gl
    [12/04/2014 – 19:28:48 | D] – H:formations

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net/” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |
    merci

    j’ai désinstallé ensuite usbfix comme indiqué dans le forum
    Mes clés n’ont plus de raccourci et ne semblent plus infectées.

    Cordialement

    Bruno

  • lilidurhone
    Post count: 0

    Bonjour

    je suis nouveau sur le forum
    Ou dois je insérer le fichier texte usbfix

    merci

    Pas de souci ;)

    Soit avec la balise [spoil:e5osny5k]ton rapport[/spoil:e5osny5k] soit avec https://antimalware.top/” onclick=”window.open(this.href);return false;

  • lilidurhone
    Post count: 0

    Ok on va quand même vérifier si ton pc n’a pas d’autres infections ;)

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur Complet

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
  • bravoryo
    Participant
    Post count: 5

    bonjour

    Un grand merci pour cette aide précieuse.
    Je viens de suivre tes indications . j’ai posté le rapport suite au scan complet de l’ordi par zhpdiag.
    merci pour tes infos et espere qu’il n y a rien de grave .
    je n’ai pas remis les clés usb qui avaient attrapé le virus faut il que je reccommence l’opération en mettant les clés ?

    merci
    A te lire

    Bruno

  • lilidurhone
    Post count: 0

    Un grand merci pour cette aide précieuse.

    De rien

    Je viens de suivre tes indications . j’ai posté le rapport suite au scan complet de l’ordi par zhpdiag.
    merci pour tes infos et espere qu’il n y a rien de grave .

    Il me faudrait le rapport ;)

    je n’ai pas remis les clés usb qui avaient attrapé le virus faut il que je reccommence l’opération en mettant les clés ?

    Non usbfix a fait son boulot ;)

    A te lire ;)

  • bravoryo
    Participant
    Post count: 5

    Bonjour

    voici le rapport de zhpdiag :

    ~ Rapport de ZHPDiag v2014.5.3.52 – Nicolas Coolman (03/05/2014)
    ~ Lancé par saint martin (04/05/2014 15:11:17)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16661
    GCIE: Google Chrome v34.0.1847.131 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK

    —\ Logiciels de protection du système
    avast! Internet Security v9.0.2018
    Malwarebytes Anti-Malware version 2.0.1.1004
    Windows Defender W7

    —\ Logiciels d’optimisation du système
    CCleaner v4.02

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 13 Plugin
    Adobe Reader X
    Java 7 Update 55

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 4095 MB (30% free)
    System Restore: Activé (Enable)
    System drive C: has 712 GB (77%) free of 920 GB

    —\ Mode de connexion au système
    ~ Computer Name: MAISON-PC
    ~ User Name: saint martin
    ~ All Users Names: saint martin, HomeGroupUser$, DELPHINE, Administrateur,
    ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:Userssaint martinAppDataRoamingZHP
    ~ %AppData% : C:Userssaint martinAppDataRoaming
    ~ %Desktop% : C:Userssaint martinDesktop
    ~ %Favorites% : C:Userssaint martinFavorites
    ~ %LocalAppData% : C:Userssaint martinAppDataLocal
    ~ %StartMenu% : C:Userssaint martinAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 712 Go of 920 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 920 Go of 920 Go)
    E: CD-ROM drive (Not Inserted)
    G: Floppy drive, Flash card reader, USB Key (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.DF79CE9B950C62677D232154E93A81C7] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.01/03/2014 – 04:10:28.) — C:WindowsSystem32wininet.dll [2334208]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/2272
    ~ Mes musiques (My Musics) : 1/5
    ~ Mes Videos (My Videos) : 2/58
    ~ Mes Favoris (My Favorites) : 1/276
    ~ Mes Documents (My Documents) : 2/596
    ~ Mon Bureau (My Desktop) : 1/38
    ~ Menu demarrer (Programs) : 1/31
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.41AD6110110A2E89957F831DCBFAF892] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6963512] [PID.3084]
    [MD5.3E364978E4C74D3BCEA29FB41743CB5A] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3873704] [PID.4600]
    [MD5.3A3BEA53F039CE2E997A918E26E30B1D] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [808152] [PID.5024]
    [MD5.542459D16B416D054161007FC9B1246E] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [841032] [PID.4360]
    [MD5.D2A18C9922075A88204A39A4D19F5028] – (.Microsoft Corporation – Windows Live Mail.) — C:Program Files (x86)Windows LiveMailwlmail.exe [102080] [PID.2840]
    [MD5.E948B39B496BE1302E974DEBB3ED51D2] – (.Nicolas Coolman – ZHPDiag.) — C:Userssaint martinDesktopZHPDiagZHPDiag.exe [7869440] [PID.6960]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

    —\ Liste des dossiers d’extension Google Chrome
    ~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    M3 – MFPP: Plugins – [saint martin] — C:Program Files (x86)Mozilla FireFoxsearchpluginsSearch_Results.xml =>PUP.SearchResults
    ~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R3 – URLSearchHook: SearchHook Class [64Bits] – {D8278076-BC68-4484-9233-6E7F1628B56C} . (.APN LLC. – Search Hook.) (21.5.0.2560) — C:Program Files (x86)AskPartnerNetworkToolbarsearchhook.dll =>Toolbar.Ask
    ~ IE Browser: 20 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: avast! Online Security – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (…) — (.not file.)
    O3 – Toolbar: Easy Photo Print – [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION – Epson Easy Photo Print (TBL x64).) — C:Program Files (x86)Epson SoftwareEasy Photo PrintEPTBL.dll
    O3 – Toolbar: (no name) – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll =>Toolbar.Google
    O3 – Toolbar: Ask Toolbar – [HKLM]{4F524A2D-5637-4300-76A7-7A786E7484D7} . (.APN LLC. – Passport.) — C:Program Files (x86)AskPartnerNetworkToolbarORJ-V7CPassport_x64.dll =>Toolbar.Ask
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [saint martin]: Lollipop.lnk . (…) — C:Userssaint martinAppDataLocalLollipoplollipop_06281841.exe (.not file.) =>Adware.Lollipop
    ~ Global Startup: 2 Legitimates Filtered in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – GSStartup [saint martin]: lollipop_06281841.lnk . (…) — C:Userssaint martinAppDataLocalLollipoplollipop_06281841.exe (.not file.) =>Adware.Lollipop
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [Easy-PrintToolBox] . (.CANON INC. – BJPSMAIN.) — C:Program Files (x86)CanonEasy-PrintToolBoxBJPSMAIN.exe
    O4 – HKLM..Run: [CanonMyPrinter] . (.CANON INC. – Canon My Printer.) — C:Program FilesCanonMyPrinterBJMyPrt.exe
    O4 – HKCU..Run: [E09FXLRD_652302] C:Program Files (x86)Microsoft EncartaMicrosoft Encarta 2009 – Collection DVDEDICT.exe (.not file.)
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [TomTomHOME.exe] . (.TomTom – System Tray application for TomTom HOME.) — C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe
    O4 – HKCU..RunOnce: [Uninstall C:Userssaint martinAppDataLocalMicrosoftSkyDrive16.4.6013.0910amd64] . (.Microsoft Corporation – Interpréteur de commandes Windows.) — C:Windowssystem32cmd.exe =>.Microsoft Corporation
    O4 – HKLM..Wow6432NodeRun: [Hotkey Utility] . (.Pas de propriétaire – Hotkey Utility.) — C:Program Files (x86)Packard BellHotkey UtilityHotkeyUtility.exe
    O4 – HKLM..Wow6432NodeRun: [NWEReboot] Clé orpheline
    O4 – HKLM..Wow6432NodeRun: [ArcSoft Connection Service] . (.ArcSoft Inc. – ArcSoft Connect Daemon.) — C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [PivotSoftware] . (…) — C:Program Files (x86)Portrait DisplaysPivot Pro PluginPivot_startup.exe
    O4 – HKLM..Wow6432NodeRun: [DT ACR] . (.Portrait Displays, Inc. – DT_Startup.) — C:Program Files (x86)Common FilesPortrait DisplaysSharedDT_startup.exe
    O4 – HKLM..Wow6432NodeRun: [EEventManager] . (.SEIKO EPSON CORPORATION – EEventManager Application.) — C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe
    O4 – HKLM..Wow6432NodeRun: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited – Launch Agent Service.) — C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
    O4 – HKLM..Wow6432NodeRun: [Nikon Message Center 2] . (.Nikon Corporation – Nikon Message Center 2.) — C:Program Files (x86)NikonNikon Message Center 2NkMC2.exe
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Wow6432NodeRun: [ApnTBMon] . (.APN – Ask Toolbar Notifier.) — C:Program Files (x86)AskPartnerNetworkToolbarUpdaterTBNotifier.exe =>Toolbar.Ask
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2237735633-2641064963-615179137-1001..Run: [E09FXLRD_652302] C:Program Files (x86)Microsoft EncartaMicrosoft Encarta 2009 – Collection DVDEDICT.exe (.not file.)
    O4 – HKUSS-1-5-21-2237735633-2641064963-615179137-1001..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2237735633-2641064963-615179137-1001..Run: [TomTomHOME.exe] . (.TomTom – System Tray application for TomTom HOME.) — C:Program Files (x86)TomTom HOME 2TomTomHOMERunner.exe
    O4 – HKUSS-1-5-21-2237735633-2641064963-615179137-1001..RunOnce: [Uninstall C:Userssaint martinAppDataLocalMicrosoftSkyDrive16.4.6013.0910amd64] . (.Microsoft Corporation – Interpréteur de commandes Windows.) — C:Windowssystem32cmd.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: Barre de recherche Encarta [64Bits] – {B205A35E-1FC4-4CE3-818B-899DBBB3388C} — Clé orpheline
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) – http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab” onclick=”window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{C4486AD5-0E1B-453B-A21B-8D4215B637CB}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCS1ServicesTcpip..{C4486AD5-0E1B-453B-A21B-8D4215B637CB}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCS2ServicesTcpip..{C4486AD5-0E1B-453B-A21B-8D4215B637CB}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 212.27.40.241 212.27.40.240
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. – APN Updater.) – C:Program Files (x86)AskPartnerNetworkToolbarapnmcp.exe =>Toolbar.Ask
    ~ Services: 23 Legitimates Filtered in 00mn 12s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [EPUpdater] (…) — C:Userssaint martinAppDataRoamingBABSOL~1SharedBabMaint.exe (.not file.) [0] =>Hijacker.BabSolution
    [MD5.00000000000000000000000000000000] [APT] [FGRun] (…) — C:Userssaint martinAppDataRoamingpack.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [SoftwareUpdateTaskMachineUA] (…) — C:Program Files (x86)SoftwareUpdateSoftwareUpdate.exe (.not file.) [0] =>Adware.Boxore
    [MD5.00000000000000000000000000000000] [APT] [{02CA44EC-4CC7-4EDE-A058-671C8FB55AE0}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{0B833C51-4EF9-4284-A560-0DD3045E947B}] (…) — C:Nouveau dossieraomwin200ea24.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{30F3B39B-B42D-420F-9067-519B14265830}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{3A217E2B-C115-4917-AE00-4B5111613210}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{44CD500C-6E7D-4667-83C6-7955752974EA}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{46E45BFD-B12F-4878-B8D6-30281D2256AE}] (…) — E:TWAINFRENCHSetup.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{49925E6A-4177-4370-84D6-46B29838A034}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{5DA9791F-098C-4934-B288-3EE74D73E787}] (…) — E:Install.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{5E221895-816E-4037-8807-09CE7E8FC7EE}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{64C60372-F84E-48C5-A837-BEBBDECD0286}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{822A3598-4BA2-4A97-9698-F61835F6C3A3}] (…) — E:TWAINFRENCHSetup.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{85E7F3E4-9342-4AB6-8523-E902CAE1CD3D}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{86CFA734-DE9F-4AC7-BAEE-13ED5AF1E526}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{8D6F2129-F308-4104-8CB9-80DAC4E5B464}] (…) — E:Setupx.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{938920FA-E1CF-4DFE-A494-E2FB9B225807}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{99D9FFD7-2BE9-4E90-819D-EEDB2FBA8992}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{9E4512CE-7598-4CCB-8ED5-544BE711EFFE}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{A3324CCB-56C4-416F-B939-A11B41153A09}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{A38E697E-F4A3-4697-B5C8-2DF64C1DDECC}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{AFA9B950-4E94-485B-92BB-598D26DDD609}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{C06A52B4-61AB-4A1B-A86B-FF9759CCD944}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{D1AF2C91-FF22-4B65-9DF0-CA694A113FC6}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{D6DE51AB-5281-492E-8985-B81AB1C2E0E1}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{E12F53B4-EB1B-4663-B673-FE50B37F90FF}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{E612E369-A844-491B-A498-A58043C98D71}] (…) — C:EPSONepson12242_twain5_driver_571asetup.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{E8DC2188-E0C5-4430-B2F2-47D039DC3618}] (…) — E:SETUP.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{E948F8F7-28ED-4B24-8EEF-309E5E1D4B5B}] (…) — E:SETUP.exe (.not file.) [0]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1076]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1080]
    O39 – APT: SoftwareUpdateTaskMachineUA – (…) — C:WindowsTasksSoftwareUpdateTaskMachineUA.job [930]
    O39 – APT: SoftwareUpdateTaskMachineUA – (…) — C:WindowsSystem32TasksSoftwareUpdateTaskMachineUA [930]
    ~ Scheduled Task: 47 Legitimates Filtered in 00mn 03s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Ask Toolbar – (.APN, LLC.) [HKLM][64Bits] — {4F524A2D-5637-4300-76A7-A758B70C0A06} =>Adware.Bandoo
    O42 – Logiciel: Boxore Client – (.Boxore OU.) [HKLM][64Bits] — {0E25BB07-62EB-476F-87FC-6AF426AB059E} =>Adware.Boxore
    ~ Logic: 44 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftware59ed78bb43bbe48] =>Hijacker.Eazel
    [HKCUSoftwareAskPartnerNetwork]
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution
    [HKCUSoftwareIncrediMail]
    [HKCUSoftwareiLivid] =>Adware.Bandoo
    [HKCUSoftwarelollipop] =>Adware.Lollipop
    [HKLMSoftwareAskPartnerNetwork]
    [HKLMSoftwareWow6432Node59ed78bb43bbe48] =>Hijacker.Eazel
    [HKLMSoftwareWow6432NodeAskPartnerNetwork]
    [HKLMSoftwareWow6432NodeBabylon] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeDatamngr] =>PUP.Datamngr
    [HKLMSoftwareWow6432NodeGuides]
    [HKLMSoftwareWow6432NodeHAL]
    [HKLMSoftwareWow6432NodeiLividSRTB] =>Adware.Bandoo
    ~ Key Software: 424 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 26/04/2014 – 16:55:30 – [] —-D C:Program Files (x86)AskPartnerNetwork
    O43 – CFD: 02/07/2013 – 08:59:40 – [0] —-D C:Program Files (x86)Boxore =>Adware.Boxore
    O43 – CFD: 10/09/2013 – 19:24:26 – [] —-D C:ProgramDataAPN
    O43 – CFD: 11/02/2012 – 09:05:04 – [] —-D C:ProgramDataAsk
    O43 – CFD: 26/04/2014 – 16:55:30 – [] —-D C:ProgramDataAskPartnerNetwork
    O43 – CFD: 13/04/2012 – 19:34:42 – [0] —-D C:ProgramDataBabylon =>PUP.Babylon
    O43 – CFD: 11/11/2011 – 11:34:55 – [] —-D C:ProgramDataboost_interprocess
    ~ 1125 Dossier CLSID vide (CLSID Empty Folder)
    ~ Program Folder: 1371 Legitimates Filtered in 00mn 13s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.340B0467E98A8C92697D73034DB4BCB7] – 01/05/2014 – 13:34:54 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [29208]
    O44 – LFC:[MD5.BD248BB67D0E4861570487774B1A8F0C] – 02/05/2014 – 18:37:36 —A- . (…) — C:Windowswininit.ini [479]
    ~ Files: 29 Legitimates Filtered in 00mn 01s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:01/05/2014 – 13:34:54 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [29208] =>.ALWIL Software
    O58 – SDL:01/05/2014 – 13:34:55 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776] =>.ALWIL Software
    O58 – SDL:01/05/2014 – 13:34:56 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [208416] =>.ALWIL Software
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:10/11/2009 – 11:02:50 —A- . (.eMPIA Technology, Inc. – USB 28xx WDM Driver.) — C:WindowsSystem32DriversemDevice64.sys [222016]
    O58 – SDL:10/11/2009 – 11:02:50 —A- . (.eMPIA Technology, Inc. – USB 28xx WDM Lower filter.) — C:WindowsSystem32DriversemFilter64.sys [12608]
    O58 – SDL:10/11/2009 – 11:02:50 —A- . (.eMPIA Technology, Inc. – USB 28xx WDM Upper Filter.) — C:WindowsSystem32Driversemscan64.sys [12352]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:30/04/2013 – 09:51:09 —A- . (.The OpenVPN Project – TAP-Windows Virtual Network Driver.) — C:WindowsSystem32Driverstap0901.sys [40616]
    O58 – SDL:25/10/2007 – 16:26:10 —A- . (…) — C:WindowsSysWOW64driversStarOpen.sys [5632]
    O58 – SDL:31/03/2009 – 08:39:36 —A- . (.Teruten Inc – File System Mini Filter Drvier.) — C:WindowsSysWOW64driversTFsExDisk.Sys [16392]
    O58 – SDL:04/04/2007 – 09:30:12 —A- . (…) — C:WindowsSysWOW64Machnm32.sys [7432]
    ~ Drivers: 85 Legitimates Filtered in 00mn 00s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 01/05/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    ~ Legacy: 90 Legitimates Filtered in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} – (Delta Search) – http://www.delta-search.com” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    O69 – SBI: SearchScopes [HKCU] {70CE3298-0C22-4180-A979-D1E0646DB158} – (Ask Search) – http://www.search.ask.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “70BB52E0BE26F67478CFA64F62BA50E9” . (.Boxore Client.) — C:WindowsInstaller{0E25BB07-62EB-476F-87FC-6AF426AB059E}boxore.ico =>Adware.Boxore
    O90 – PUC: “7FD91B0E7C1B7394284CE0B4E1439656” . (.eBay Worldwide.) — c:WindowsInstaller{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}_6FEFF9B68218417F98F549.exe =>Toolbar.eBay
    O90 – PUC: “A81E737A17150D040843D72D34240018” . (.Software Updater.) — C:WindowsInstaller{A737E18A-5171-40D0-8034-7DD243420081}icon.ico =>PUP.Eorezo
    O90 – PUC: “D2A425F473650034677A7A857BC0A060” . (.Ask Toolbar.) — C:WindowsInstaller{4F524A2D-5637-4300-76A7-A758B70C0A06}ToolbarIcon.exe =>Toolbar.Ask
    ~ Update Products: 4 Legitimates Filtered in 00mn 00s

    —\ Export de clés de registre aléatoires (O91)
    [HKCUSoftware59ed78bb43bbe482.6.1519.190upd]:=”upd=1″ =>Hijacker.Eazel
    [HKCUSoftware59ed78bb43bbe48history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName=”BrowserDefender.dll” =>Hijacker.Eazel
    [HKCUSoftware59ed78bb43bbe48history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:exeName=”BrowserDefender.exe” =>Hijacker.Eazel
    [HKCUSoftware59ed78bb43bbe48history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:folderName=”BrowserDefender” =>Hijacker.Eazel
    [HKCUSoftware59ed78bb43bbe48history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel
    [HKCUSoftware59ed78bb43bbe48history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:serviceName=”BrowserDefendert” =>PUA.BrowserDefendert
    [HKCUSoftware59ed78bb43bbe48history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version=”2.6.1339.144″ =>Hijacker.Eazel
    [HKLMSoftwareWow6432Node59ed78bb43bbe48] => Clé orpheline => Clé orpheline => Clé orpheline => Clé orpheline
    ~ Export Key Software: Scanned in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.243F07CA5C356CDE711E3893E3849801] [WIS][26/03/2014] (.APN, LLC – Ask Toolbar.) — C:WindowsInstaller8ec277.msi [464384] =>Adware.Bandoo
    [MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][04/02/2012] (.Google Inc. – Google Toolbar for Internet Explorer.) — C:WindowsInstallerb9cb16.msi [28160] =>Toolbar.Google
    ~ WIS: 2 Legitimates Filtered in 00mn 01s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREWow6432NodeMicrosoftTracingGoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
    HKLMSOFTWAREWow6432NodeMicrosoftTracingGoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
    HKLMSOFTWAREWow6432NodeMicrosoftTracingGoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
    HKLMSOFTWAREWow6432NodeMicrosoftTracingGoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
    HKLMSOFTWAREWow6432NodeMicrosoftTracingGoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
    HKLMSOFTWAREWow6432NodeMicrosoftTracingGoogleToolbarNotifier_RASMANCS =>Toolbar.Google
    HKLMSOFTWAREWow6432NodeMicrosoftTracingiLividMediaBar_RASAPI32 =>Adware.Bandoo
    HKLMSOFTWAREWow6432NodeMicrosoftTracingiLividMediaBar_RASMANCS =>Adware.Bandoo
    HKLMSOFTWAREWow6432NodeMicrosoftTracingiLividSetup_RASAPI32 =>Adware.Bandoo
    HKLMSOFTWAREWow6432NodeMicrosoftTracingiLividSetup_RASMANCS =>Adware.Bandoo
    HKLMSOFTWAREWow6432NodeMicrosoftTracingIminentSetup_RASAPI32 =>Adware.IMBooster
    HKLMSOFTWAREWow6432NodeMicrosoftTracingIminentSetup_RASMANCS =>Adware.IMBooster
    HKLMSOFTWAREWow6432NodeMicrosoftTracingMyBabylonTB_RASAPI32 =>PUP.Babylon
    HKLMSOFTWAREWow6432NodeMicrosoftTracingMyBabylonTB_RASMANCS =>PUP.Babylon
    HKLMSOFTWAREWow6432NodeMicrosoftTracingSpybot – Search & Destroy distribue par GetNow_RASAPI32 =>PUP.GetNow
    HKLMSOFTWAREWow6432NodeMicrosoftTracingSpybot – Search & Destroy distribue par GetNow_RASMANCS =>PUP.GetNow
    ~ BTK: 287 Legitimates Filtered in 00mn 00s

    —\ Recherche de clés de registre CLSID (O101)
    [HKCRCLSID{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
    [HKCRCLSID{4F524A2D-5637-4300-76A7-7A786E7484D7}] (Ask Toolbar) =>Toolbar.Ask
    [HKCRCLSID{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
    ~ BCK: 4440 Legitimates Filtered in 00mn 05s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 18/01/2013 577536 | (Blackberry Device Manager) . (.Research In Motion Limited.) – C:Program Files (x86)Common FilesResearch In MotionUSB DriversBbDevMgr.exe
    SS – | Auto 12/12/2011 135824 | (EpsonScanSvc) . (.Seiko Epson Corporation.) – C:Windowssystem32EscSvc64.exe
    SS – | Demand 09/11/2013 227936 | (GamesAppIntegrationService) . (.WildTangent.) – C:Program Files (x86)WildTangent GamesAppGamesAppIntegrationService.exe
    SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
    SS – | Auto 04/02/2012 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 04/02/2012 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 27/08/2012 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
    SR – | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) – C:Program Files (x86)Common FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe
    SR – | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
    SR – | Auto 16/09/2011 39528 | (ADExchange) . (.ArcSoft Inc..) – C:Program Files (x86)Common FilesArcSoftesinterBineservutil.exe
    SR – | Auto 30/09/2010 169408 | (AdobeActiveFileMonitor9.0) . (.Adobe Systems Incorporated.) – c:Program Files (x86)AdobeElements 9 OrganizerPhotoshopElementsFileAgent.exe
    SR – | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 26/03/2014 166352 | (APNMCP) . (.APN LLC..) – C:Program Files (x86)AskPartnerNetworkToolbarapnmcp.exe =>Toolbar.Ask
    SR – | Auto 01/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 01/05/2014 109048 | (avast! Firewall) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastafwServ.exe
    SR – | Auto 07/10/2010 345376 | (Bonjour Service) . (.Apple Inc..) – C:Program Files (x86)BonjourmDNSResponder.exe
    SR – | Auto 26/05/2011 129648 | (DTSRVC) . (.Portrait Displays, Inc..) – C:Program Files (x86)Common FilesPortrait DisplaysShareddtsrvc.exe
    SR – | Auto 19/12/2006 94208 | (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION.) – C:Program Files (x86)Common FilesEPSONEBAPIeEBSVC.exe
    SR – | Auto 21/02/2012 151648 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) – C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RPB.exe
    SR – | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) – C:Program Files (x86)Packard BellRegistrationGREGsvc.exe
    SR – | Auto 31/01/2011 244624 | (Live Updater Service) . (.Acer Incorporated.) – C:Program FilesPackard BellPackard Bell UpdaterUpdaterService.exe
    SR – | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 04/05/2010 503080 | (NAUpdate) . (.Nero AG.) – C:Program Files (x86)NeroUpdateNASvc.exe
    SR – | Auto 08/03/2011 1002904 | (NVSvc) . (.NVIDIA Corporation.) – C:WindowsSystem32nvvsvc.exe
    SR – | Auto 05/05/2011 113264 | (PdiService) . (.Portrait Displays, Inc..) – C:Program Files (x86)Common FilesPortrait DisplaysDriverspdisrvc.exe
    SR – | Auto 08/03/2011 378472 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
    SR – | Auto 27/08/2013 93072 | (TomTomHOMEService) . (.TomTom.) – C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 05s

    —\ Scan Additionnel (O88)
    Database Version : 13045 – (03/05/2014)
    Clés trouvées (Keys found) : 29
    Valeurs trouvées (Values found) : 4
    Dossiers trouvés (Folders found) : 9
    Fichiers trouvés (Files found) : 10

    [HKLMSYSTEMCurrentControlSetServicesAPNMCP] =>Toolbar.Ask^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{4F524A2D-5637-4300-76A7-A758B70C0A06}] =>Adware.Bandoo^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{0E25BB07-62EB-476F-87FC-6AF426AB059E}] =>Adware.Boxore^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
    [HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
    [HKLMSoftwareClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
    [HKLMSoftwareWow6432NodeClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
    [HKLMSoftwareWow6432NodeDataMngr] =>Adware.Bandoo
    [HKCUSoftwarelollipop] =>Adware.Lollipop
    [HKLMSoftwareWow6432NodeiLividSRTB] =>Adware.Bandoo
    [HKCUSoftwareilivid] =>Adware.Bandoo
    [HKLMSoftwareWow6432NodeMicrosoftTracingMyBabylontb_RASAPI32] =>PUP.Babylon
    [HKLMSoftwareWow6432NodeMicrosoftTracingMyBabylontb_RASMANCS] =>PUP.Babylon
    [HKLMSoftwareClassesProd.cap] =>PUP.Babylon
    [HKCUSoftwareAskPartnerNetwork] =>Toolbar.Ask
    [HKLMSoftwareAskPartnerNetwork] =>Toolbar.Ask
    [HKLMSoftwareWow6432NodeAskPartnerNetwork] =>Toolbar.Ask
    [HKLMSoftwareWow6432NodeMicrosoftTracingapnstub_RASAPI32] =>Toolbar.Ask
    [HKLMSoftwareWow6432NodeMicrosoftTracingapnstub_RASMANCS] =>Toolbar.Ask
    [HKLMSoftwareWow6432NodeMicrosoftTracingaskpartnercobrandingtool_rasapi32] =>Toolbar.Ask
    [HKLMSoftwareWow6432NodeMicrosoftTracingaskpartnercobrandingtool_rasmancs] =>Toolbar.Ask
    [HKLMSoftwareClassesprotector_dll.protectorbho] =>PUP.BProtector
    [HKLMSoftwareClassesprotector_dll.protectorbho.1] =>PUP.BProtector
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKLMSOFTWAREMicrosoftInternet ExplorerURLSearchHooks]:{D8278076-BC68-4484-9233-6E7F1628B56C} =>Toolbar.Ask^
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:ApnTBMon =>Toolbar.Ask^
    [HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
    C:Program Files (x86)Boxore =>Adware.Boxore^
    C:ProgramDataBabylon =>PUP.Babylon^
    C:Program Files (x86)Software =>Adware.Boxore
    C:Program Files (x86)AskPartnerNetwork =>Toolbar.Ask
    C:ProgramDataAskPartnerNetwork =>Toolbar.Ask
    C:Userssaint martinAppDataLocalSoftware =>Adware.Boxore
    C:Userssaint martinAppDataLocalLowBabylonToolbar =>PUP.Babylon
    C:Userssaint martinAppDataLocalTempAskSearch =>Toolbar.AskBarDis
    C:Userssaint martinAppDataLocalTempBabylonToolbar =>PUP.Babylon
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution^
    [HKCUSoftwareiLivid] =>Adware.Bandoo^
    [HKLMSoftwareWow6432NodeBabylon] =>PUP.Babylon^
    [HKLMSoftwareWow6432NodeDatamngr] =>PUP.Datamngr^
    [HKCUSoftware59ed78bb43bbe48history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName=”BrowserDefender.dll” =>Hijacker.Eazel^
    C:WindowsInstaller8ec277.msi =>Adware.Bandoo^
    C:WindowsInstallerb9cb16.msi =>Toolbar.Google^
    [HKCRCLSID{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
    [HKCRCLSID{4F524A2D-5637-4300-76A7-7A786E7484D7}] (Ask Toolbar) =>Toolbar.Ask^
    [HKCRCLSID{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
    ~ Additionnel Scan: 377831 Items scanned in 00mn 48s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults” onclick=”window.open(this.href);return false; =>PUP.SearchResults
    http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop” onclick=”window.open(this.href);return false; =>Adware.Lollipop
    http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution” onclick=”window.open(this.href);return false; =>Hijacker.BabSolution
    http://nicolascoolman.byethost7.com/wordpress/adware-boxore/” onclick=”window.open(this.href);return false; =>Adware.Boxore
    http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
    http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel” onclick=”window.open(this.href);return false; =>Hijacker.Eazel
    http://nicolascoolman.byethost7.com/wordpress/pup-babylon/” onclick=”window.open(this.href);return false; =>PUP.Babylon
    http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
    http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    http://nicolascoolman.byethost7.com/wordpress/pup-eorezo/” onclick=”window.open(this.href);return false; =>PUP.Eorezo
    http://nicolascoolman.webs.com/apps/blog/show/35127313-pua-browserdefendert” onclick=”window.open(this.href);return false; =>PUA.BrowserDefendert
    http://nicolascoolman.byethost7.com/wordpress/adware-imbooster/” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    http://nicolascoolman.byethost7.com/wordpress/pup-getnow/” onclick=”window.open(this.href);return false; =>PUP.GetNow
    http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
    http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector” onclick=”window.open(this.href);return false; =>PUP.BProtector
    ~ MSI: 16 link(s) detected in 00mn 00s

    ~ 2093 Legitimates filtered by white list
    End of the scan (592 lines in 01mn 46s)(0)

    Merci pour ton aide

    Bruno

  • lilidurhone
    Post count: 0

    :super:

    On va faire par étapes ;)

    1) Adwcleaner va s’occuper des adwares ;)

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista,sinon double-clique pour XP
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

    2)JRT étant complémentaire on le passe aussi ;)

    • Télécharge Junkware Removal Tool (de thisisu) sur ton bureau.
    • Lance Junkware Removal Tool, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Appuie sur n’importe quelle touche.

    • Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à été créé.
    • Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    3)Ensuite mets à jour Mbam(tu le possèdes déjà ;) et lances un examen “menaces”

    A te lire avec les 3 rapports ;)

  • bravoryo
    Participant
    Post count: 5

    bonjour

    je viens de scanner le pc avec adwcleaner mais j ai desactiver antimalware celui ci considerant adwcleaner comme un malware.

    voici le rapport du scan :

    # AdwCleaner v1.606 – Rapport créé le 04/05/2014 à 16:12:41
    # Mis à jour le 10/05/2012 par Xplode
    # Système d’exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d’utilisateur : saint martin – MAISON-PC
    # Exécuté depuis : C:Userssaint martinDesktopadwcleaner-1.606-en.exe
    # Option [Recherche]

    ***** [Services] *****

    ***** [Fichiers / Dossiers] *****

    Dossier Présent : C:UsersSAINTM~1AppDataLocalTempAPN
    Dossier Présent : C:UsersSAINTM~1AppDataLocalTempAskSearch
    Dossier Présent : C:UsersSAINTM~1AppDataLocalTempBabylonToolbar
    Dossier Présent : C:UsersSAINTM~1AppDataLocalTempIminent
    Dossier Présent : C:UsersSAINTM~1AppDataLocalTempTempDir
    Dossier Présent : C:Userssaint martinAppDataLocalLowBabylonToolbar
    Dossier Présent : C:Userssaint martinAppDataRoamingNosibay
    Dossier Présent : C:ProgramDataAPN
    Dossier Présent : C:ProgramDataAsk
    Dossier Présent : C:ProgramDataBabylon
    Dossier Présent : C:Program Files (x86)Boxore
    Dossier Présent : C:Program Files (x86)Iminent
    Dossier Présent : C:Program Files (x86)Nosibay
    Fichier Présent : C:Program Files (x86)Mozilla FireFoxsearchpluginsSearch_Results.xml

    ***** [Registre] *****

    Clé Présente : HKCUSoftwareilivid
    Clé Présente : HKCUSoftwareIminent
    Clé Présente : HKCUSoftwareNosibay
    Clé Présente : HKLMSOFTWAREBabylon
    Clé Présente : HKLMSOFTWAREDataMngr
    Clé Présente : HKLMSOFTWAREIminent
    Clé Présente : HKLMSOFTWARESoftware
    Clé Présente : HKLMSOFTWAREClassesIminent
    Clé Présente : HKLMSOFTWAREClassesIminentWebBooster.BrowserHelperObject
    Clé Présente : HKLMSOFTWAREClassesIminentWebBooster.BrowserHelperObject.1
    Clé Présente : HKLMSOFTWAREClassesIminentWebBooster.ScriptExtender
    Clé Présente : HKLMSOFTWAREClassesIminentWebBooster.ScriptExtender.1
    Clé Présente : HKLMSOFTWAREClassesSoftwareUpdate.CoreClass
    Clé Présente : HKLMSOFTWAREClassesSoftwareUpdate.CoreClass.1
    Clé Présente : HKLMSOFTWAREClassesSoftwareUpdate.OnDemandCOMClassMachine
    Clé Présente : HKLMSOFTWAREClassesSoftwareUpdate.OnDemandCOMClassMachine.1.0
    Clé Présente : HKLMSOFTWAREClassesAppIDescort.DLL
    Clé Présente : HKLMSOFTWAREClassesAppIDescortApp.DLL
    Clé Présente : HKLMSOFTWAREClassesAppIDescortEng.DLL
    Clé Présente : HKLMSOFTWAREClassesAppIDescorTlbr.DLL
    Clé Présente : HKLMSOFTWAREClassesAppIDesrv.EXE
    Clé Présente : HKLMSOFTWAREClassesAppIDIminent.WebBooster.InternetExplorer.DLL
    Clé Présente : HKLMSOFTWAREClassesInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160
    Clé Présente : HKLMSOFTWAREMicrosoftSystemCertificatesAuthRootCertificates563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
    Clé Présente : HKLMSOFTWAREGoogleChromeExtensionsigdhbblpcellaljokkpfhcjlagemhgjl
    Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallIMBoosterARP
    Valeur Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionRun [Bubble Dock]
    [x64] Clé Présente : HKCUSoftwareilivid
    [x64] Clé Présente : HKCUSoftwareIminent
    [x64] Clé Présente : HKCUSoftwareNosibay
    [x64] Clé Présente : HKLMSOFTWAREIminent
    [x64] Clé Présente : HKLMSOFTWAREClassesIminent
    [x64] Clé Présente : HKLMSOFTWAREClassesIminentWebBooster.BrowserHelperObject
    [x64] Clé Présente : HKLMSOFTWAREClassesIminentWebBooster.BrowserHelperObject.1
    [x64] Clé Présente : HKLMSOFTWAREClassesIminentWebBooster.ScriptExtender
    [x64] Clé Présente : HKLMSOFTWAREClassesIminentWebBooster.ScriptExtender.1
    [x64] Clé Présente : HKLMSOFTWAREClassesSoftwareUpdate.CoreClass
    [x64] Clé Présente : HKLMSOFTWAREClassesSoftwareUpdate.CoreClass.1
    [x64] Clé Présente : HKLMSOFTWAREClassesSoftwareUpdate.OnDemandCOMClassMachine
    [x64] Clé Présente : HKLMSOFTWAREClassesSoftwareUpdate.OnDemandCOMClassMachine.1.0
    [x64] Clé Présente : HKLMSOFTWAREClassesAppIDescort.DLL
    [x64] Clé Présente : HKLMSOFTWAREClassesAppIDescortApp.DLL
    [x64] Clé Présente : HKLMSOFTWAREClassesAppIDescortEng.DLL
    [x64] Clé Présente : HKLMSOFTWAREClassesAppIDescorTlbr.DLL
    [x64] Clé Présente : HKLMSOFTWAREClassesAppIDesrv.EXE
    [x64] Clé Présente : HKLMSOFTWAREClassesAppIDIminent.WebBooster.InternetExplorer.DLL
    [x64] Clé Présente : HKLMSOFTWAREClassesInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160
    [x64] Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160
    [x64] Clé Présente : HKLMSOFTWAREMicrosoftSystemCertificatesAuthRootCertificates563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
    [x64] Valeur Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionRun [Bubble Dock]

    ***** [Registre – GUID] *****

    Clé Présente : HKLMSOFTWAREClassesAppID{01994268-3C10-4044-A1EA-7A9C1B739A11}
    Clé Présente : HKLMSOFTWAREClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}
    Clé Présente : HKLMSOFTWAREClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Clé Présente : HKLMSOFTWAREClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Clé Présente : HKLMSOFTWAREClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Clé Présente : HKLMSOFTWAREClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Clé Présente : HKLMSOFTWAREClassesCLSID{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    Clé Présente : HKLMSOFTWAREClassesCLSID{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Clé Présente : HKLMSOFTWAREClassesInterface{C58D664A-3DBC-4925-AE74-0382007DF113}
    Clé Présente : HKLMSOFTWAREClassesInterface{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Clé Présente : HKLMSOFTWAREClassesTypeLib{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
    Clé Présente : HKLMSOFTWAREClassesTypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Clé Présente : HKLMSOFTWAREClassesTypeLib{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    Clé Présente : HKLMSOFTWAREClassesTypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Clé Présente : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Clé Présente : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Clé Présente : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Présente : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Clé Présente : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Clé Présente : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
    Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
    Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{00000000-6E41-4FD3-8538-502F5495E5FC}
    Valeur Présente : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valeur Présente : HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
    [x64] Clé Présente : HKLMSOFTWAREClassesAppID{01994268-3C10-4044-A1EA-7A9C1B739A11}
    [x64] Clé Présente : HKLMSOFTWAREClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}
    [x64] Clé Présente : HKLMSOFTWAREClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    [x64] Clé Présente : HKLMSOFTWAREClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    [x64] Clé Présente : HKLMSOFTWAREClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    [x64] Clé Présente : HKLMSOFTWAREClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    [x64] Clé Présente : HKLMSOFTWAREClassesCLSID{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    [x64] Clé Présente : HKLMSOFTWAREClassesCLSID{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    [x64] Clé Présente : HKLMSOFTWAREClassesInterface{C58D664A-3DBC-4925-AE74-0382007DF113}
    [x64] Clé Présente : HKLMSOFTWAREClassesInterface{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    [x64] Clé Présente : HKLMSOFTWAREClassesTypeLib{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
    [x64] Clé Présente : HKLMSOFTWAREClassesTypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    [x64] Clé Présente : HKLMSOFTWAREClassesTypeLib{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    [x64] Clé Présente : HKLMSOFTWAREClassesTypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    [x64] Clé Présente : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    [x64] Clé Présente : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    [x64] Clé Présente : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    [x64] Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    [x64] Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{00000000-6E41-4FD3-8538-502F5495E5FC}
    [x64] Valeur Présente : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [x64] Valeur Présente : HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]

    ***** [Navigateurs] *****

    -\ Internet Explorer v9.11.9600.16521

    [OK] Le registre ne contient aucune entrée illégitime.

    -\ Mozilla Firefox v [Impossible d’obtenir la version]

    -\ Google Chrome v34.0.1847.131

    Fichier : C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultPreferences

    [OK] Le fichier ne contient aucune entrée illégitime.

    *************************

    AdwCleaner[R1].txt – [9809 octets] – [04/05/2014 16:12:41]

    ########## EOF – C:AdwCleaner[R1].txt – [9937 octets] ##########

    je n ai pas fait de suppression , faut il la faire est ce necessaire ?
    je continue avec le junkware
    merci pour ton aide
    Bruno

  • lilidurhone
    Post count: 0

    # AdwCleaner v1.606 – Rapport créé le 04/05/2014 à 16:12:41
    # Mis à jour le 10/05/2012 par Xplode

    C’est quoi cette version obsolète ^^

    Relance let cliques sur désinstaller puis retélécharge le avec le lien fourni donné au point 1 ;)

    je n ai pas fait de suppression , faut il la faire est ce necessaire ?

    Oui ;)

  • bravoryo
    Participant
    Post count: 5

    Bonsoir

    Voici le dernier raport antimalware :Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Date de l’examen: 04/05/2014
    Heure de l’examen: 18:03:05
    Fichier journal: ANTIMALWARE.txt
    Administrateur: Oui

    Version: 2.00.1.1004
    Base de données Malveillants: v2014.05.04.04
    Base de données Rootkits: v2014.03.27.01
    Licence: Essai
    Protection contre les malveillants: Activé(e)
    Protection contre les sites Web malveillants: Activé(e)
    Chameleon: Activé(e)

    Système d’exploitation: Windows 7 Service Pack 1
    Processeur: x64
    Système de fichiers: NTFS
    Utilisateur: saint martin

    Type d’examen: Examen “Menaces”
    Résultat: Terminé
    Objets analysés: 265181
    Temps écoulé: 20 min, 32 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Activé(e)
    Shuriken: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Clés du Registre: 73
    PUP.Optional.Loffinam.A, HKLMSYSTEMCURRENTCONTROLSETSERVICESUpdate loffinam, , [9f618a76de22d8284a8fa6bfc0418080],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESAPPID{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, , [0ff1956bb74903fd864ed84899696a96],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESAPPID{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, , [0ff1956bb74903fd864ed84899696a96],
    PUP.Optional.BrowseFox.A, HKLMSOFTWARECLASSESCLSID{4AA46D49-459F-4358-B4D1-169048547C23}, , [ae5278883dc31ee2c25162f3b54d857b],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESCLSID{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESCLSID{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESTYPELIB{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESINTERFACE{C58D664A-3DBC-4925-AE74-0382007DF113}, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESINTERFACE{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESINTERFACE{C58D664A-3DBC-4925-AE74-0382007DF113}, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESINTERFACE{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESTYPELIB{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESCLSID{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESCLSID{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXPLORERBROWSER HELPER OBJECTS{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESCLSID{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}INPROCSERVER32, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESCLSID{112BA211-334C-4A90-90EC-2AD1CDAB287C}, , [60a010f0c7392dd3f1de81d33fc3fb05],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESiminent.iminentHlpr.1, , [60a010f0c7392dd3f1de81d33fc3fb05],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESiminent.iminentHlpr, , [60a010f0c7392dd3f1de81d33fc3fb05],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESiminent.iminentHlpr, , [60a010f0c7392dd3f1de81d33fc3fb05],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODEMICROSOFTWINDOWSCURRENTVERSIONEXPLORERBROWSER HELPER OBJECTS{112BA211-334C-4A90-90EC-2AD1CDAB287C}, , [60a010f0c7392dd3f1de81d33fc3fb05],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESiminent.iminentHlpr.1, , [60a010f0c7392dd3f1de81d33fc3fb05],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESCLSID{1FAFD711-ABF9-4F6A-8130-5166C7371427}, , [51af47b9e917aa562da3b59fd42e1ae6],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESiminent.iminentdskBnd.1, , [51af47b9e917aa562da3b59fd42e1ae6],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESiminent.iminentdskBnd, , [51af47b9e917aa562da3b59fd42e1ae6],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESiminent.iminentdskBnd, , [51af47b9e917aa562da3b59fd42e1ae6],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESiminent.iminentdskBnd.1, , [51af47b9e917aa562da3b59fd42e1ae6],
    PUP.Optional.BubbleDock.A, HKLMSOFTWAREWOW6432NODECLASSESCLSID{23AF19F7-1D5B-442c-B14C-3D1081953C94}, , [4db3ba464cb4738d61a7ce5112f02ad6],
    PUP.Optional.BubbleDock.A, HKLMSOFTWARECLASSESTYPELIB{17734227-EAAA-4c5e-9AA3-036AD981B3A6}, , [4db3ba464cb4738d61a7ce5112f02ad6],
    PUP.Optional.BubbleDock.A, HKLMSOFTWARECLASSESINTERFACE{8C973B84-E6DA-49D8-B786-9C93C2E587F5}, , [4db3ba464cb4738d61a7ce5112f02ad6],
    PUP.Optional.BubbleDock.A, HKLMSOFTWAREWOW6432NODECLASSESINTERFACE{8C973B84-E6DA-49D8-B786-9C93C2E587F5}, , [4db3ba464cb4738d61a7ce5112f02ad6],
    PUP.Optional.BubbleDock.A, HKLMSOFTWAREWOW6432NODECLASSESTYPELIB{17734227-EAAA-4c5e-9AA3-036AD981B3A6}, , [4db3ba464cb4738d61a7ce5112f02ad6],
    PUP.Optional.BubbleDock.A, HKLMSOFTWARECLASSESNosibay.SurfMatch.1, , [4db3ba464cb4738d61a7ce5112f02ad6],
    PUP.Optional.BubbleDock.A, HKLMSOFTWARECLASSESNosibay.SurfMatch, , [4db3ba464cb4738d61a7ce5112f02ad6],
    PUP.Optional.BubbleDock.A, HKLMSOFTWAREWOW6432NODECLASSESNosibay.SurfMatch, , [4db3ba464cb4738d61a7ce5112f02ad6],
    PUP.Optional.BubbleDock.A, HKLMSOFTWAREWOW6432NODEMICROSOFTWINDOWSCURRENTVERSIONEXPLORERBROWSER HELPER OBJECTS{23AF19F7-1D5B-442C-B14C-3D1081953C94}, , [4db3ba464cb4738d61a7ce5112f02ad6],
    PUP.Optional.BubbleDock.A, HKLMSOFTWAREWOW6432NODECLASSESNosibay.SurfMatch.1, , [4db3ba464cb4738d61a7ce5112f02ad6],
    PUP.Optional.Loffinam.A, HKLMSOFTWAREWOW6432NODECLASSESCLSID{5c3e2969-ce7a-4ff3-8eeb-c93edbc9d66b}, , [3cc41ee2cb35629e0e66e96eaf53728e],
    PUP.Optional.Loffinam.A, HKLMSOFTWARECLASSESTYPELIB{8D9D0B04-2794-47D1-96AC-12FFF5EAFD5A}, , [3cc41ee2cb35629e0e66e96eaf53728e],
    PUP.Optional.Loffinam.A, HKLMSOFTWARECLASSESINTERFACE{0ED16458-2CBE-472A-B294-E096DBEA012B}, , [3cc41ee2cb35629e0e66e96eaf53728e],
    PUP.Optional.Loffinam.A, HKLMSOFTWAREWOW6432NODECLASSESINTERFACE{0ED16458-2CBE-472A-B294-E096DBEA012B}, , [3cc41ee2cb35629e0e66e96eaf53728e],
    PUP.Optional.Loffinam.A, HKLMSOFTWAREWOW6432NODECLASSESTYPELIB{8D9D0B04-2794-47D1-96AC-12FFF5EAFD5A}, , [3cc41ee2cb35629e0e66e96eaf53728e],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODEMICROSOFTINTERNET EXPLORERLOW RIGHTSELEVATIONPOLICY{68B81CCD-A80C-4060-8947-5AE69ED01199}, , [03fde21eee12be4202373b1aaa585fa1],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODEMICROSOFTINTERNET EXPLORERLOW RIGHTSELEVATIONPOLICY{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, , [24dca8580ff1d7298baf6ce9cf338d73],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODEMICROSOFTWINDOWSCURRENTVERSIONEXPLORERBROWSER HELPER OBJECTS{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [fe02897725db6997309e51037e8423dd],
    PUP.Optional.Iminent.A, HKLMSOFTWAREIminent, , [20e017e9c63aa9575ba7ade131d107f9],
    PUP.Optional.SupraSavings.A, HKLMSOFTWAREsuprasavings, , [ac547e82c13f7d839ddabfbf3dc5e61a],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESesrv.iminentESrvc, , [e41ce719fb0536caaf07850828da40c0],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESesrv.iminentESrvc.1, , [f40c946cd32d3ec2dbdbd3baa35f2bd5],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESiminent.iminentappCore, , [32ce5ca4b24e6f911a9d038a2cd6946c],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESiminent.iminentappCore.1, , [52ae19e7d9270af6cceb226bbc462cd4],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODEIminentToolbar, , [d42c6b95f709d030cc2dc4caba4803fd],
    PUP.Optional.Loffinam.A, HKLMSOFTWAREWOW6432NODEloffinam, , [e41c44bc19e712ee7dc6e4ce649f768a],
    PUP.Optional.Qone8.A, HKLMSOFTWAREWOW6432NODEqone8Software, , [c838a06026dae11f079f4e5f47bc4eb2],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESesrv.iminentESrvc, , [60a06e92817f5ba5f3c3d0bda16137c9],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESesrv.iminentESrvc.1, , [c040718fa55be61a575f27663dc544bc],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESiminent.iminentappCore, , [48b8867af10fee12cee92b624db5ed13],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESiminent.iminentappCore.1, , [0ff1c04051af33cd219609845fa36a96],
    PUP.Optional.BuenoSearch.A, HKLMSOFTWAREWOW6432NODEGOOGLECHROMEEXTENSIONSacfoobbgoakpihljnfedbcfaipcdlfhk, , [16ea40c0728e7a869efd822a23e04db3],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODEGOOGLECHROMEEXTENSIONSigdhbblpcellaljokkpfhcjlagemhgjl, , [7a867b85c43cc9373cc5aae4da28cc34],
    PUP.Optional.Qone8, HKLMSOFTWAREWOW6432NODEMICROSOFTINTERNET EXPLORERSEARCHSCOPES{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [6997738d39c72cd425d64866f310ee12],
    PUP.Optional.AdPeak.A, HKLMSYSTEMCURRENTCONTROLSETSERVICESxmkysecqun64, , [28d8f30d13edbd431ef7fa7fac5622de],
    PUP.Optional.PlusHD.A, HKUS-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREAPPDATALOWSOFTWAREPlus-HD-9.5, , [15eb1de312ee669ad0033946bd4558a8],
    PUP.Optional.Iminent.A, HKUS-1-5-21-2237735633-2641064963-615179137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREIminentToolbar, , [619f4cb406fa52aec53517777c869769],
    PUP.Optional.Loffinam.A, HKUS-1-5-21-2237735633-2641064963-615179137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREloffinam, , [a75907f989778779d47092203bc87b85],
    PUP.Optional.SupraSavings.A, HKUS-1-5-21-2237735633-2641064963-615179137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREAPPDATALOWSOFTWARESupra Savings, , [53adfb05d22e14ec5d05215c7989a35d],
    PUP.Optional.Iminent.A, HKUS-1-5-21-2237735633-2641064963-615179137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTINTERNET EXPLORERLOWREGISTRYIminent, , [4db397698d73d7297909da9d5aa86997],
    PUP.Optional.BubbleDock.A, HKUS-1-5-21-2237735633-2641064963-615179137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWARENOSIBAYBubble Dock, , [8b75a759c93722de9a25593544be669a],
    PUP.Optional.BubbleDock.A, HKUS-1-5-21-2237735633-2641064963-615179137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWARENOSIBAYBubble Dock Tag, , [1ee2a15fa858f60aa21eff8ff0121be5],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESCLSID{A2CC3C46-143B-4142-9D5A-B8543F0A6F55}, , [14eceb15c937738d1fc577f08b77eb15],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESCLSID{9FD0C1D9-180B-4834-B80B-4B7325AF90E1}, , [14eceb15c937738d1fc577f08b77eb15],
    PUP.Optional.Iminent.A, HKLMSOFTWARECLASSESTYPELIB{8E9F2D02-6B06-4EBA-92C2-68438EADED28}, , [14eceb15c937738d1fc577f08b77eb15],
    PUP.Optional.Iminent.A, HKLMSOFTWAREWOW6432NODECLASSESTYPELIB{8E9F2D02-6B06-4EBA-92C2-68438EADED28}, , [14eceb15c937738d1fc577f08b77eb15],

    Valeurs du Registre: 5
    PUP.Optional.Iminent.A, HKUS-1-5-21-2237735633-2641064963-615179137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTINTERNET EXPLORERURLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [fe02897725db6997309e51037e8423dd],
    PUP.Optional.Iminent.A, HKUS-1-5-21-2237735633-2641064963-615179137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTINTERNET EXPLORERURLSEARCHHOOKS{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [f0100bf55da35ba5478769eb659dbc44],
    PUP.Optional.BubbleDock.A, HKLMSOFTWAREWOW6432NODEMOZILLAFIREFOXEXTENSIONS|bubbledock@nosibay.com, C:Program Files (x86)NosibayBubble DockextensionsFFSurfMatch, , [31cfa759728ec53bbe98077a19e9c43c]
    PUP.Optional.BubbleDock.A, HKUS-1-5-21-2237735633-2641064963-615179137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN|Bubble Dock, “C:Userssaint martinAppDataRoamingNosibayBubble DockLBubble Dock.exe” /winstartup, , [f907a65a8a7603fd16900d937291dc24]
    PUP.Optional.BubbleDock.A, HKUS-1-5-21-2237735633-2641064963-615179137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUNONCE|Uninstall C:Userssaint martinAppDataLocalMicrosoftSkyDrive16.4.6013.0910amd64, C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:Userssaint martinAppDataLocalMicrosoftSkyDrive16.4.6013.0910amd64”, , [f907a65a8a7603fd16900d937291dc24]

    Données du Registre: 7
    Hijack.StartPage, HKLMSOFTWAREMICROSOFTINTERNET EXPLORERMAIN|Default_Page_URL, http://start.qone8.com/?type=hp&ts=1399212028&from=profr&uid=WDCXWD20EARS-22MVWB0_WD-WCAZA811650316503” onclick=”window.open(this.href);return false;, Bon: (http://www.google.com” onclick=”window.open(this.href);return false;), Mauvais: (http://start.qone8.com/?type=hp&ts=1399212028&from=profr&uid=WDCXWD20EARS-22MVWB0_WD-WCAZA811650316503” onclick=”window.open(this.href);return false;),,[5da31ce44fb1ab558479f33cd92b23dd]
    Hijack.StartPage, HKLMSOFTWAREMICROSOFTINTERNET EXPLORERMAIN|Start Page, http://start.qone8.com/?type=hp&ts=1399212028&from=profr&uid=WDCXWD20EARS-22MVWB0_WD-WCAZA811650316503” onclick=”window.open(this.href);return false;, Bon: (http://www.google.com” onclick=”window.open(this.href);return false;), Mauvais: (http://start.qone8.com/?type=hp&ts=1399212028&from=profr&uid=WDCXWD20EARS-22MVWB0_WD-WCAZA811650316503” onclick=”window.open(this.href);return false;),,[a85805fb8b752dd311eaba75ab592fd1]
    PUP.Optional.Qone8, HKLMSOFTWAREMICROSOFTINTERNET EXPLORERSEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[03fda759ff0109f73c5cf544bc48de22]
    Hijack.StartPage, HKLMSOFTWAREWOW6432NODEMICROSOFTINTERNET EXPLORERMAIN|Default_Page_URL, http://start.qone8.com/?type=hp&ts=1399212028&from=profr&uid=WDCXWD20EARS-22MVWB0_WD-WCAZA811650316503” onclick=”window.open(this.href);return false;, Bon: (http://www.google.com” onclick=”window.open(this.href);return false;), Mauvais: (http://start.qone8.com/?type=hp&ts=1399212028&from=profr&uid=WDCXWD20EARS-22MVWB0_WD-WCAZA811650316503” onclick=”window.open(this.href);return false;),,[619faa56689825db639abe71f70d50b0]
    Hijack.StartPage, HKLMSOFTWAREWOW6432NODEMICROSOFTINTERNET EXPLORERMAIN|Start Page, http://start.qone8.com/?type=hp&ts=1399212028&from=profr&uid=WDCXWD20EARS-22MVWB0_WD-WCAZA811650316503” onclick=”window.open(this.href);return false;, Bon: (http://www.google.com” onclick=”window.open(this.href);return false;), Mauvais: (http://start.qone8.com/?type=hp&ts=1399212028&from=profr&uid=WDCXWD20EARS-22MVWB0_WD-WCAZA811650316503” onclick=”window.open(this.href);return false;),,[da264ab6e31d90707d7e4be412f21ae6]
    PUP.Optional.Qone8, HKLMSOFTWAREWOW6432NODEMICROSOFTINTERNET EXPLORERSEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[3fc1a55b5ca4c838adeb72c736ce9868]
    Hijack.StartPage, HKUS-1-5-21-2237735633-2641064963-615179137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTINTERNET EXPLORERMAIN|Default_Page_URL, http://start.qone8.com/?type=hp&ts=1399212028&from=profr&uid=WDCXWD20EARS-22MVWB0_WD-WCAZA811650316503” onclick=”window.open(this.href);return false;, Bon: (http://www.google.com” onclick=”window.open(this.href);return false;), Mauvais: (http://start.qone8.com/?type=hp&ts=1399212028&from=profr&uid=WDCXWD20EARS-22MVWB0_WD-WCAZA811650316503” onclick=”window.open(this.href);return false;),,[d52b38c816eafc043ec0e14ed72dda26]

    Dossiers: 17
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone8, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone8images, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.BubbleDock.A, C:Userssaint martinAppDataRoamingNosibayBubble Dock, , [f20e7987e91711ef08b486e146bcf010],
    PUP.Optional.BubbleDock.A, C:Userssaint martinAppDataRoamingNosibayBubble Dockmodules, , [f20e7987e91711ef08b486e146bcf010],
    PUP.Optional.BubbleDock.A, C:Userssaint martinAppDataRoamingNosibayBubble Dockmodulesnosibox, , [f20e7987e91711ef08b486e146bcf010],
    PUP.Optional.BubbleDock.A, C:Userssaint martinAppDataRoamingNosibayBubble Dockmodulesnosiboxlib, , [f20e7987e91711ef08b486e146bcf010],
    PUP.Optional.BubbleDock.A, C:Userssaint martinAppDataRoamingNosibayBubble Dockmodulesnosiboxliblibjs, , [f20e7987e91711ef08b486e146bcf010],
    PUP.Optional.BubbleDock.A, C:Userssaint martinAppDataRoamingNosibayBubble Dockmodulesnosiboxlibwindowssticker, , [f20e7987e91711ef08b486e146bcf010],
    PUP.Optional.BubbleDock.A, C:Userssaint martinAppDataRoamingNosibayBubble Dockmodulesstickers, , [f20e7987e91711ef08b486e146bcf010],
    PUP.Optional.BubbleDock.A, C:Userssaint martinAppDataRoamingNosibayBubble Dockmodulesstickersid1ddf7b1cac1e40629779830b21909cb5, , [f20e7987e91711ef08b486e146bcf010],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentToolbar, , [14eceb15c937738d1fc577f08b77eb15],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentToolbar1.8.28.3, , [14eceb15c937738d1fc577f08b77eb15],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentToolbar1.8.28.3bh, , [14eceb15c937738d1fc577f08b77eb15],
    PUP.Optional.Iminent.A, C:Userssaint martinAppDataLocalTempIminent, , [748c58a8e7197e827492dd8b3ec47f81],
    PUP.Optional.Iminent.A, C:Userssaint martinAppDataRoamingIminentToolbar, , [758b4eb2f20eae5216a647220ef427d9],
    PUP.Optional.BuenoSearch.A, C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultExtensionsacfoobbgoakpihljnfedbcfaipcdlfhk, , [7d83c937d7296e9213964d2106fc40c0],
    PUP.Optional.BuenoSearch.A, C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultExtensionsacfoobbgoakpihljnfedbcfaipcdlfhk1.6.2_0, , [7d83c937d7296e9213964d2106fc40c0],

    Fichiers: 52
    PUP.Optional.Loffinam.A, C:Program Files (x86)loffinamupdateloffinam.exe, , [9f618a76de22d8284a8fa6bfc0418080],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentMinibar.InternetExplorer.BHOx64.dll, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentMinibar.InternetExplorer.BHOx86.dll, , [be4219e72fd1ff011c4462f25ba7cd33],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentToolbar1.8.28.3bhiminent.dll, , [60a010f0c7392dd3f1de81d33fc3fb05],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentToolbar1.8.28.3iminentTlbr.dll, , [51af47b9e917aa562da3b59fd42e1ae6],
    PUP.Optional.Loffinam.A, C:Program Files (x86)loffinamloffinamBHO.dll, , [3cc41ee2cb35629e0e66e96eaf53728e],
    PUP.Optional.AdPeak.A, C:tempInstallFilter64.msi, , [2dd309f7f10fef116e084cf128d87987],
    PUP.Optional.SupraSavings.A, C:tempt.msi, , [ad53bd43c0408878843e8f9cd82cac54],
    PUP.Optional.SkyTech.A, C:Userssaint martinAppDataLocalTemp760f754e-c36f-43ec-aa0c-96f3ab53894b, , [eb15c73958a8a060c7b6213254ad9070],
    PUP.Optional.BubbleDock.A, C:Userssaint martinAppDataLocalTempOfertaBubbledockInstaller_FR.exe, , [f20e629ef30d35cbe6ddac8bfc05a15f],
    Adware.Linkular, C:Userssaint martinAppDataLocalTempOfertaColoors_SaveClicker.exe, , [0bf549b70af61ae662a5393e9f6215eb],
    PUP.Optional.Amonetize.A, C:Userssaint martinAppDataLocalTempOfertaLauncher.exe, , [97690af618e8d927ebafab9607f9946c],
    PUP.Optional.SkyTech.A, C:Userssaint martinAppDataLocalTempOfertaprofr_qone8.exe, , [c0403bc5718f26da720bde7511f08c74],
    Adware.Linkular, C:Userssaint martinAppDataLocalTemp1f0314eb-a9d2-4e1f-bf71-8af66b81d13e, , [8f712bd50000e91705025d1ab24f857b],
    PUP.Optional.Amonetize.A, C:Userssaint martinAppDataLocalTemp4d98d4c3-7b89-4c18-ba85-0f47e904699c, , [c63a50b09a6645bb1c7e5be68a760af6],
    PUP.Optional.BubbleDock.A, C:Userssaint martinAppDataLocalTemp40611bcb-a1d9-49d6-ac9d-f7b40174e9fc, , [ae52619fb54b07f94e75ce697f82bd43],
    PUP.Optional.GenericExt.A, C:Userssaint martinAppDataLocalTempigdhbblpcellaljokkpfhcjlagemhgjl289a8minibarchrome.exe, , [d927d52b758bb54b2216b9840bf5619f],
    PUP.Optional.Iminent.A, C:Userssaint martinAppDataLocalTempn3545Iminent_1712-b2fcad5e.exe, , [d72932ce639d629ebe88b88990714bb5],
    PUP.Optional.BundleInstaller.A, C:Userssaint martinAppDataLocalTempn3545s3545.exe, , [aa565fa1c83854ac4d8a043daf5126da],
    PUP.Optional.ToolBarInstaller.A, C:Userssaint martinAppDataLocalTempn5295BuenoSearchTB_1501-c5fe4e08.exe, , [25db7090c0408c74cef0020d9173dd23],
    PUP.Optional.CrossRider.A, C:Userssaint martinAppDataLocalTempn5295plushd_FR_2304-4b4c5cd0.exe, , [748cb24ea06027d93cc5053c8f717e82],
    PUP.Optional.BundleInstaller.A, C:Userssaint martinAppDataLocalTempn5295s5295.exe, , [639d19e7a957de22a334c97837c9966a],
    PUP.Optional.BundleInstaller.A, C:Userssaint martinAppDataLocalTempn7133s7133.exe, , [60a033cd6f91b947d70058e959a7ab55],
    PUP.Optional.BundleInstaller.A, C:Userssaint martinAppDataLocalTempn7459s7459.exe, , [b64ae21e4eb2946cd502c57ce31d3dc3],
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone8uninstallDlg.xml, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone885.json, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone8UninstallManager.exe, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone8imagesbg1.png, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone8imagesbutton1.png, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone8imageschecked.png, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone8imagesclose.png, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone8imagesmin.png, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone8imagesThumbs.db, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.Qone8.A, C:Userssaint martinAppDataRoamingqone8imagesunchecked.png, , [619fa858dd231fe1f48880f70101768a],
    PUP.Optional.Iminent.A, C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultLocal Storagechrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, , [cf318d7390708080ddc9d2aaa85ad32d],
    PUP.Optional.Iminent.A, C:Program Files (x86)Common FilesUmbrellaUmbrella221.exe, , [cf3116eae61a847c0687047bf30fd12f],
    PUP.Optional.PCPerformer.A, C:WindowsSystem32roboot64.exe, , [ed13a45c619f9d6350743a4c9270b64a],
    PUP.Optional.Bubbledock.A, C:Userssaint martinAppDataRoamingBubble Dock.boostrap.log, , [38c88e728c74649c6f034d3f52b07888],
    PUP.Optional.BubbleDock.A, C:Userssaint, , [f907a65a8a7603fd16900d937291dc24],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentToolbar1.8.28.3iminentApp.dll, , [14eceb15c937738d1fc577f08b77eb15],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentToolbar1.8.28.3iminentEng.dll, , [14eceb15c937738d1fc577f08b77eb15],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentToolbar1.8.28.3iminentsrv.exe, , [14eceb15c937738d1fc577f08b77eb15],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentToolbar1.8.28.3sqlite3.dll, , [14eceb15c937738d1fc577f08b77eb15],
    PUP.Optional.Iminent.A, C:Program Files (x86)IminentToolbar1.8.28.3uninstall.exe, , [14eceb15c937738d1fc577f08b77eb15],
    PUP.Optional.Iminent.A, C:Userssaint martinAppDataRoamingIminentToolbarsqlite3.dll, , [758b4eb2f20eae5216a647220ef427d9],
    PUP.Optional.BuenoSearch.A, C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultExtensionsacfoobbgoakpihljnfedbcfaipcdlfhk1.6.2_0128.png, , [7d83c937d7296e9213964d2106fc40c0],
    PUP.Optional.BuenoSearch.A, C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultExtensionsacfoobbgoakpihljnfedbcfaipcdlfhk1.6.2_048.png, , [7d83c937d7296e9213964d2106fc40c0],
    PUP.Optional.BuenoSearch.A, C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultExtensionsacfoobbgoakpihljnfedbcfaipcdlfhk1.6.2_0background.js, , [7d83c937d7296e9213964d2106fc40c0],
    PUP.Optional.BuenoSearch.A, C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultExtensionsacfoobbgoakpihljnfedbcfaipcdlfhk1.6.2_0manifest.json, , [7d83c937d7296e9213964d2106fc40c0],
    PUP.Optional.BuenoSearch.A, C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultExtensionsacfoobbgoakpihljnfedbcfaipcdlfhk1.6.2_0redirect.html, , [7d83c937d7296e9213964d2106fc40c0],
    PUP.Optional.BuenoSearch.A, C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultExtensionsacfoobbgoakpihljnfedbcfaipcdlfhk1.6.2_0redirect.js, , [7d83c937d7296e9213964d2106fc40c0],
    PUP.Optional.BuenoSearch.A, C:Userssaint martinAppDataLocalGoogleChromeUser DataDefaultExtensionsacfoobbgoakpihljnfedbcfaipcdlfhk1.6.2_0Thumbs.db, , [7d83c937d7296e9213964d2106fc40c0],

    Secteurs physiques: 0
    (No malicious items detected)

    (end)

    rien de grave ?

    un grand merci

    cordialement

    Bruno

  • lilidurhone
    Post count: 0

    rien de grave ?

    Non ;) tu as bien tout mis en quarantaine?

    1)Manque Adwcleaner ;)

    2)Manque aussi JRT.txt ;)

    Il faudra que tu refasses zhpdiag en mode complet ;) après avoir fourni les 2 rapports manquants ;)

    A te lire

Le sujet ‘berzerk.vbe’ est fermé à de nouvelles réponses.