Fenêtres publicitaires incessantes 2014-09-08T08:46:39+00:00
  • Auteur
    Messages
  • Photo du profil de Tiggy83Tiggy83
    Participant
    Post count: 18

    Bonjour,
    depuis hier j’ai des fenêtres publicitaires qui s’ouvrent sans arrêt, redirections vers des sites, messages de mises à jour, etc… :E
    Les rapportd ADW Cleaner – Malwarebytes et ZHPdiag sont prêts
    Merci de votre aide

  • Anonyme
    Post count: 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome:

    Les rapportd ADW Cleaner – Malwarebytes et ZHPdiag sont prêts

    Alors transmet les moi pour analyse stp :)

  • Photo du profil de Tiggy83Tiggy83
    Participant
    Post count: 18

    Merci de ton aide, [spoiler:3hg0032z]~ Report of ZHPDiag v2014.9.7.131 – Nicolas Coolman (07/09/2014)

    ~ Launched by herve (08/09/2014 10:24:58)
    ~ Web site address : http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Web forum address : http://forum.nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Translated by
    ~ Version State : Updated version.
    ~ White List : Activate by program
    ~ Elevation of privilege : OK
    ~ User Account Control : Deactivate by user

    —\ Internet browsers
    MSIE: Internet Explorer v11.0.9600.17239

    —\ Windows product information
    ~ Langage: Anglais
    Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : HYRR2
    Windows License : OK
    ~ Windows Remaining Initializations Number : 4
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ System protection software
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft Security Client v4.5.0216.0
    McAfee Security Scan Plus v3.8.150.1
    Windows Defender W7 (Deactivate)

    —\ System optimization software
    CCleaner v4.17

    —\ Sharing software PeerToPeer

    —\ Surveillance software
    Adobe Flash Player 14 ActiveX
    Adobe Reader XI

    —\ Information on the system
    ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 6050 MB (57% free)
    System Restore: Activé (Enable)
    System drive C: has 277 GB (59%) free of 466 GB

    —\ Connection to the system mode
    ~ Computer Name: JEANMARC-PC
    ~ User Name: herve
    ~ All Users Names: UpdatusUser, LoïsPark, HomeGroupUser$, herve, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Environment variables
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersherveAppDataRoamingZHP
    ~ %AppData% : C:UsersherveAppDataRoaming
    ~ %Desktop% : C:UsersherveDesktop
    ~ %Favorites% : C:UsersherveFavorites
    ~ %LocalAppData% : C:UsersherveAppDataLocal
    ~ %StartMenu% : C:UsersherveAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumeration of the disk units
    C: Hard drive, Flash drive, Thumb drive (Free 277 Go of 466 Go)
    D: CD-ROM drive (Not Inserted)

    —\ State of the Windows Security Center
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Search Generic System Files
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.8E71A5CB5312B8392D4DA4CA37BB5868] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.25/07/2014 – 11:52:06.) — C:WindowsSystem32wininet.dll [2266624]
    [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.04/03/2014 – 10:43:50.) — C:WindowsSystem32Winlogon.exe [455168]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.FA886682CFC5D36718D3E436AACF10B9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:45:52.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 12:06:41.) — C:Windowssystem32Driversrdpdr.sys [165888]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Hidden files state (Hidden/Total)
    ~ Mes images (My Pictures) : 2/131
    ~ Mes musiques (My Musics) : 4/387
    ~ Mes Videos (My Videos) : 2/4
    ~ Mes Favoris (My Favorites) : 1/29
    ~ Mes Documents (My Documents) : 1/786
    ~ Mon Bureau (My Desktop) : 2/33
    ~ Menu demarrer (Programs) : 1/37
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Process running
    [MD5.BC3DA234CDA880578526DAB028F40268] – (.ASUS – SmartLogon Application.) — C:Program Files (x86)ASUSSmartLogonsensorsrv.exe [305792] [PID.3632]
    [MD5.F05FC2C0FECF55B05351AA760166F18F] – (.ASUS – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [5716608] [PID.3724]
    [MD5.CC78200C3ECFFA178E78308A0E160D80] – (.Akamai Technologies, Inc. – Akamai NetSession Client.) — C:UsersherveAppDataLocalAkamainetsession_win.exe [4672920] [PID.3832]
    [MD5.CD061DDA01887868A5F44EE7BEBCCFDF] – (.BitTorrent Inc. – µTorrent.) — C:UsersherveDownloadsuTorrent.exe [1936208] [PID.3816] =>P2P.BitTorrent
    [MD5.EAA666E9DD8DCDA6E075087091CB85EE] – (.Hewlett-Packard Co. – HP Digital Imaging Monitor.) — C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe [275072] [PID.3736]
    [MD5.C180E890FFE0FDED8306427D3C836AF2] – (.Hewlett-Packard Co. – HP CUE Status Root.) — C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe [174952] [PID.4956]
    [MD5.B29A08A0CB56CD5A4B9C53A011819657] – (.Hewlett-Packard Co. – HP CUE Alert Popup Window Objects.) — C:Program Files (x86)HPDigital Imagingbinhpqbam08.exe [565096] [PID.5016]
    [MD5.66BB5B07696219FA334452D6F51FD648] – (.Hewlett-Packard – GPCore COM object.) — C:Program Files (x86)HPDigital Imagingbinhpqgpc01.exe [366720] [PID.5068]
    [MD5.0706DDBD4EA0D122CA069FF2552E20FD] – (.Google Inc. – Google Chrome.) — C:UsersherveAppDataLocalGoogleChromeApplicationchrome.exe [852808] [PID.3032]
    [MD5.1C28DFD14BB7F0C55F0FD409AF6824C8] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8101888] [PID.3744]
    [MD5.18E5C2F937F9DEB8C282DF66A3761925] – (.ASUS – ASLDR Service.) — C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe [84536] [PID.1620]
    [MD5.B33CF4DE909A5B30F526D82053A63C8E] – (.ABBYY – ABBYY network license server.) — C:Program Files (x86)Common FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe [759048] [PID.2020]
    [MD5.B362181ED3771DC03B4141927C80F801] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65432] [PID.1836]
    [MD5.221564CC7BE37611FE15EACF443E1BF6] – (.Apple Inc. – YSLoader.exe.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [43336] [PID.572]
    [MD5.5DC2F453E0A89515096CF0EA8E46C10D] – (.ASUS – HControl.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe [166528] [PID.3896]
    [MD5.149126216A694E6BA84E92ECA77AAE3B] – (.ASUS – ATKOSD.) — C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe [2488888] [PID.3944]
    [MD5.4A7C441D99D86704D194E7678873B95D] – (.ASUS – WDC.) — C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe [174648] [PID.2828]
    [MD5.1F35EFEC56CD1BF62435EAF97EABC3B3] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13632] [PID.1928]
    [MD5.E70FD0D2C95F559A17321D831875593D] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [277824] [PID.5752]
    [MD5.C485FB802F6C4A306B8F89BA087E5CA2] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [365376] [PID.3036]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
    C:UsersherveAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [bepbmhgboaologfdajaanbcjmnhjmhfn] Google Voice Search Hotword (Beta) v.0.1.1.5023, (Désactivé)
    G2 – GCE: Preference [User DataDefault] [dnhpdliibojhegemfjheidglijccjfmc] hotword helper v.0.0.2.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [keoppklbljbnecjcpehjlmdcdibpdclf] ThunderQQDownload FlashGet Files Downloader Pro v.222 (Activé)
    G2 – GCE: Preference [User DataDefault] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

    —\ Google Chrome Extension Folder
    ~ Google Lines Browser: 20 Legitimates Filtered in 00mn 23s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride =
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Line Analysis F0, F1, F2, F3 – IniFiles, Auto loading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    O1 – Hosts: 74.113.152.32 istockphoto.com
    O1 – Hosts: 208.94.0.38 yfrog.com
    O1 – Hosts: 123.125.50.22 126.com
    O1 – Hosts: 174.36.28.11 SlideShare.com
    O1 – Hosts: 213.238.60.190 xing.com
    O1 – Hosts: 59.106.98.139 seesaa.net
    O1 – Hosts: 184.72.253.170 hootsuite.com
    O1 – Hosts: 211.151.146.16 soku.com
    O1 – Hosts: 72.32.120.222 metacafe.com
    O1 – Hosts: 204.11.109.133 tribalfusion.com
    O1 – Hosts: 207.154.14.31tripadvisor.com
    O1 – Hosts: 216.52.240.133 ustream.tv
    O1 – Hosts: 174.36.244.132 linkwithin.com
    O1 – Hosts: 121.67.203.61 scan.novirusthanks.org
    O1 – Hosts: 209.172.34.139 imagevenue.com
    O1 – Hosts: 91.206.232.220 booking.com
    O1 – Hosts: 118.69.251.6 vnexpress.net
    O1 – Hosts: 208.85.40.80 pandora.com
    O1 – Hosts: 194.116.241.57 softonic.com =>Toolbar.Conduit
    O1 – Hosts: 208.83.243.15 match.com
    O1 – Hosts: 202.57.69.84 nwt.com
    O1 – Hosts: 65.11.53.80 nttnavi.com
    O1 – Hosts: 72.51.41.235 nrk.no
    O1 – Hosts: 110.16.19.157 nozonedata.com
    O1 – Hosts: 76.106.43.251 nachtagenten.com
    O1 – Hosts: 195.82.124.124 musicmatch.com
    O1 – Hosts: 70.52.56.163 moscowtimes.com
    O1 – Hosts: 124.217.235.76 gsn.com
    O1 – Hosts: 61.178.63.198 mgd.com
    O1 – Hosts: 174.142.24.205 mediastorm.hu
    […]
    ~ Nombre lignes détournées 62/86 (Hosts file redirected)
    ~ Hosts File: Scanned in 00mn 00s

    —\ Auto loading programs from Registry and folders (O4)
    O4 – HKCU..Run: [Google Update] C:UsersherveAppDataLocalGoogleUpdateGoogleUpdate.exe (.not file.)
    O4 – HKCU..Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. – Akamai NetSession Client.) — C:UsersherveAppDataLocalAkamainetsession_win.exe
    O4 – HKCU..Run: [OfficeSyncProcess] C:Program Files (x86)Microsoft OfficeOffice14MSOSYNC.exe (.not file.)
    O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [uTorrent] . (.BitTorrent Inc. – µTorrent.) — C:UsersherveDownloadsuTorrent.exe =>P2P.BitTorrent
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1745071681-4156302664-3035693787-1000..Run: [Google Update] C:UsersherveAppDataLocalGoogleUpdateGoogleUpdate.exe (.not file.)
    O4 – HKUSS-1-5-21-1745071681-4156302664-3035693787-1000..Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. – Akamai NetSession Client.) — C:UsersherveAppDataLocalAkamainetsession_win.exe
    O4 – HKUSS-1-5-21-1745071681-4156302664-3035693787-1000..Run: [OfficeSyncProcess] C:Program Files (x86)Microsoft OfficeOffice14MSOSYNC.exe (.not file.)
    O4 – HKUSS-1-5-21-1745071681-4156302664-3035693787-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1745071681-4156302664-3035693787-1000..Run: [uTorrent] . (.BitTorrent Inc. – µTorrent.) — C:UsersherveDownloadsuTorrent.exe =>P2P.BitTorrent
    ~ Application: Scanned in 00mn 00s

    —\ Lop.com/Domain Hijackers (O17)
    O17 – HKLMSystemCCSServicesTcpip..{50930270-F4AB-47D0-AD77-559A6DE1ED32}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{50930270-F4AB-47D0-AD77-559A6DE1ED32}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{50930270-F4AB-47D0-AD77-559A6DE1ED32}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Extra protocols (O18)
    O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ AppInit_DLLs Registry value Autorun (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ SharedTaskScheduler (O22)
    O22 – SharedTaskScheduler: (no name) [64Bits] – {E31004D1-A431-41B8-826F-E902F9D95C81} – (.not file.)
    ~ STS/SSO: Scanned in 00mn 00s

    —\ Task Planned Automatically (039)
    [MD5.C78234DCAFDA1C5D4440977DF9A39F51] [APT] [ROC_REG_JAN_DELETE] (…) — C:ProgramDataAVG January 2013 CampaignROC.exe [1234000]
    [MD5.00000000000000000000000000000000] [APT] [{7076D8E0-A954-403F-98D0-150200FA1B0A}] (…) — C:UsersherveAppDataRoamingwebssearchesUninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
    [MD5.00000000000000000000000000000000] [APT] [{F648EA41-290D-422E-8B0F-7C0CC609F4F0}] (…) — C:Program Files (x86)InstallShield Installation Information{BE4BA698-8533-4F77-9559-C7F3F78C0B05}setup.exe (.not file.) [0]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-1745071681-4156302664-3035693787-1000Core [1026]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-1745071681-4156302664-3035693787-1000UA [1078]
    O39 – APT: ROC_REG_JAN_DELETE – (…) — C:WindowsTasksROC_REG_JAN_DELETE.job [300]
    O39 – APT: ROC_REG_JAN_DELETE – (…) — C:WindowsSystem32TasksROC_REG_JAN_DELETE [300]
    ~ Scheduled Task: 16 Legitimates Filtered in 00mn 03s

    —\ Software installed (O42)
    O42 – Logiciel: MPEG2 Codec(libmpeg2/mad) – (…) [HKLM][64Bits] — MPEG2 Codec(libmpeg2/mad)
    ~ Logic: 10 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKLMSoftwareWow6432NodeMaxPower]
    [HKLMSoftwareWow6432NodeR.G. Beautiful Thieves]
    [HKLMSoftwareWow6432NodeShortcut_Module]
    ~ Key Software: 296 Legitimates Filtered in 00mn 00s

    —\ Contents of the Common Files folders (O43)
    O43 – CFD: 07/09/2014 – 18:27:46 – [0] —-D C:Program Files (x86)Elex-tech
    O43 – CFD: 21/04/2014 – 11:22:30 – [] —-D C:ProgramDataADI
    O43 – CFD: 05/09/2014 – 11:17:15 – [] —-D C:ProgramDatab542b37a827f068c
    O43 – CFD: 21/05/2014 – 22:48:18 – [] —-D C:UsersherveAppDataLocalcom
    ~ Program Folder: 241 Legitimates Filtered in 00mn 01s

    —\ Last modified or created files under Windows and System32 (O44)
    O44 – LFC:[MD5.EC94FEC365B45EE1A96B6B054B16E6B8] – 03/09/2014 – 13:11:39 —A- . (…) — C:Windowswin.ini [513]
    O44 – LFC:[MD5.495F529953C3CD5344DEC42A62DD56B9] – 03/09/2014 – 13:14:27 —A- . (…) — C:Windowshpoins47.dat [208186]
    ~ Files: 19 Legitimates Filtered in 00mn 49s

    —\ Microsoft Windows Policies System (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Microsoft Windows Policies Explorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ System Drivers List (SDL) (O58)
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:13/12/2012 – 13:50:36 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
    ~ Drivers: 61 Legitimates Filtered in 00mn 01s

    —\ Last modified or created user files (O61)
    O61 – LFC: 02/09/2014 – 10:26:49 —A- . (…) — C:UsersherveAppDataLocalGoogleUpdate Download{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}37.0.2062.10337.0.2062.103_36.0.1985.143_chrome_updater.exe [7235664]
    O61 – LFC: 05/09/2014 – 10:26:48 —A- . (…) — C:UsersherveAppDataLocalGoogleChromeUser DataWidevineCDM1.4.5.671_platform_specificwin_x86widevinecdm.dll [7489352]
    O61 – LFC: 05/09/2014 – 10:27:12 —A- . (…) — C:UsersherveDownloadsadwcleaner_3.309.exe [1370467]
    O61 – LFC: 08/09/2014 – 10:26:47 —A- . (…) — C:UsersherveAppDataLocalGoogleChromeUser Datanacl_validation_cache.bin [416]
    ~ 70 Fichiers temporaires (Temporary files)
    ~ 31 Fichiers cookies (Cookies files)
    ~ Files: 12 Legitimates Filtered in 00mn 47s

    —\ List all tools cleaner (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ File Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Start Menu Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program Files (x86)GoogleChromeApplicationchrome.exe (.not file.)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:UsersherveAppDataLocalGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Search Browser Infection (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {8028B484-50DE-4810-A80F-BC94C3810D03} – (Mysearchdial) – http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    ~ Keys: Scanned in 00mn 00s

    —\ Search Particular Root Folder (SPRF) (O84)
    [MD5.9149E19DB451DF6C7735942DC71451C8] [SPRF][21/12/2009] (.No owner – asusTek_sys_ctrl Module.) — C:WindowsDownloaded Program FilesasusTek_sys_ctrl.dll [139776]
    ~ Files: 5 Legitimates Filtered in 00mn 00s

    —\ Firewall Active Exception List (FirewallRules) (O87)
    O87 – FAEL: “{2C1E877A-74E1-42AD-BF63-A4D7E6BFAD3F}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersherveDownloadsuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{B295FDE1-A0A1-4312-99D2-2AB7FBB34A18}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersherveDownloadsuTorrent.exe =>P2P.BitTorrent
    ~ Firewall: 2 Legitimates Filtered in 00mn 02s

    —\ Search Tracing Registry Key (O100)
    HKLMSOFTWAREMicrosoftTracingNewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
    HKLMSOFTWAREMicrosoftTracingNewPlayerUpdater_RASMANCS =>Adware.NewPlayer
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBitTorrent_RASAPI32 =>P2P.BitTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBitTorrent_RASMANCS =>P2P.BitTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBrowserSafeguard_RASAPI32 =>PUP.BrowserSafeguard
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBrowserSafeguard_RASMANCS =>PUP.BrowserSafeguard
    HKLMSOFTWAREWow6432NodeMicrosoftTracingEnhanceTronic_RASAPI32 =>PUP.EnhanceTronic
    HKLMSOFTWAREWow6432NodeMicrosoftTracingEnhanceTronic_RASMANCS =>PUP.EnhanceTronic
    HKLMSOFTWAREWow6432NodeMicrosoftTracingupdateEnhanceTronic_RASAPI32 =>PUP.EnhanceTronic
    HKLMSOFTWAREWow6432NodeMicrosoftTracingupdateEnhanceTronic_RASMANCS =>PUP.EnhanceTronic
    HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent (1)_RASAPI32 =>P2P.µTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent (1)_RASMANCS =>P2P.µTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASAPI32 =>P2P.µTorrent
    HKLMSOFTWAREWow6432NodeMicrosoftTracinguTorrent_RASMANCS =>P2P.µTorrent
    ~ BTK: 236 Legitimates Filtered in 00mn 00s

    —\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Auto 15/12/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SS – | Demand 11/07/2012 276288 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
    SS – | Demand 26/05/2014 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SS – | Demand 03/08/2012 427672 | (maconfservice) . (.CybelSoft.) – C:Program Filesma-config.comx64maconfservice.exe
    SS – | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) – C:Program FilesMcAfee Security Scan3.8.150McCHSvc.exe
    SS – | Demand 02/05/2011 340240 | (MyWiFiDHCPDNS) . (…) – C:Program FilesIntelWiFibinPanDhcpDns.exe
    SS – | Auto 29/06/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
    SS – | Demand 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) – C:Program Files (x86)Common FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe
    SR – | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 03/03/2011 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) – C:Windowssystem32FBAgent.exe
    SR – | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 15/06/2009 84536 | (ASLDRService) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 02/05/2011 1517328 | (EvtEng) . (.Intel(R) Corporation.) – C:Program FilesIntelWiFibinEvtEng.exe
    SR – | Demand 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 30/05/2012 13632 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 19/06/2012 634632 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Auto 19/07/2012 277824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) – c:Program FilesMicrosoft Security ClientMsMpEng.exe
    SR – | Auto 14/07/2009 27136 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Auto 29/06/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 14/07/2009 27136 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Auto 02/05/2011 844560 | (RegSrvc) . (.Intel(R) Corporation.) – C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
    SR – | Auto 14/05/2010 249136 | (SeaPort) . (.Microsoft Corporation.) – C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe
    SR – | Auto 19/07/2012 365376 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 11s

    —\ Search Master Boot Record Infection (MBR)(O80)
    Run by herve at 08/09/2014 10:28:39
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Search Master Boot Record Infection (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by herve at 08/09/2014 10:28:41
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (07/09/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 3
    Fichiers trouvés (Files found) : 1

    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:uTorrent =>P2P.BitTorrent^
    C:Program Files (x86)YouTube Downloader =>PUP.Dealio
    C:ProgramDataYouTube Downloader =>PUP.Dealio
    C:ProgramDataAVG January 2013 Campaign =>Toolbar.AVGSearch
    C:UsersherveDownloadsuTorrent.exe =>P2P.BitTorrent^
    ~ Additionnel Scan: 353329 Items scanned in 00mn 35s

    —\ Additional information about modules
    ~ http://nicolascoolman.fr/g2-google-chrome-extensions/” onclick=”window.open(this.href);return false; =>.Google Chrome, Start,Search,Extensions (G0,G1,G2)
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Auto loading programs from Registry and folders (O4)
    ~ AMI: 3 Legitimates Filtered in 00mn 00s

    —\ Summary of the detections found on your workstation
    http://nicolascoolman.fr/toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    http://nicolascoolman.fr/hijacker-webssearches” onclick=”window.open(this.href);return false; =>Hijacker.WebsSearches
    http://nicolascoolman.fr/adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    http://nicolascoolman.fr/pup-browsersafeguard” onclick=”window.open(this.href);return false; =>PUP.BrowserSafeguard
    http://nicolascoolman.fr/pup-enhancetronic” onclick=”window.open(this.href);return false; =>PUP.EnhanceTronic
    http://nicolascoolman.fr/pup-dealio” onclick=”window.open(this.href);return false; =>PUP.Dealio
    ~ MSI: 6 link(s) detected in 00mn 00s

    ~ 852 Legitimates filtered by white list
    End of the scan (491 lines in 04mn 19s)(0)[/spoiler:3hg0032z]

    [spoiler:3hg0032z]# AdwCleaner v3.309 – Rapport créé le 08/09/2014 à 09:44:35
    # Mis à jour le 02/09/2014 par Xplode
    # Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Nom d'utilisateur : herve – JEANMARC-PC
    # Exécuté depuis : C:UsersherveDownloadsadwcleaner_3.309.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Tâches planifiées ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.17239

    -\ Google Chrome v

    [ Fichier : C:UsersherveAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1409908674&from=wpc&uid=WDCXWD5000BPVT-80HXZT3_WD-WXV1CB1J0792J0792&q=” onclick=”window.open(this.href);return false;{searchTerms}

    *************************

    AdwCleaner[R0].txt – [4975 octets] – [10/12/2013 23:31:01]
    AdwCleaner[R10].txt – [2201 octets] – [07/09/2014 17:48:56]
    AdwCleaner[R11].txt – [2323 octets] – [07/09/2014 18:08:12]
    AdwCleaner[R12].txt – [2792 octets] – [07/09/2014 22:19:57]
    AdwCleaner[R13].txt – [2407 octets] – [08/09/2014 09:43:23]
    AdwCleaner[R1].txt – [2304 octets] – [08/02/2014 22:23:54]
    AdwCleaner[R2].txt – [2678 octets] – [13/02/2014 22:26:54]
    AdwCleaner[R3].txt – [1152 octets] – [13/02/2014 22:32:46]
    AdwCleaner[R4].txt – [1748 octets] – [05/03/2014 23:49:38]
    AdwCleaner[R5].txt – [15609 octets] – [21/05/2014 23:08:57]
    AdwCleaner[R6].txt – [1641 octets] – [29/05/2014 10:42:48]
    AdwCleaner[R7].txt – [12673 octets] – [19/08/2014 13:50:51]
    AdwCleaner[R8].txt – [14347 octets] – [05/09/2014 11:38:08]
    AdwCleaner[R9].txt – [2080 octets] – [07/09/2014 12:27:32]
    AdwCleaner[S0].txt – [4821 octets] – [10/12/2013 23:35:16]
    AdwCleaner[S10].txt – [2266 octets] – [07/09/2014 17:50:29]
    AdwCleaner[S11].txt – [2388 octets] – [07/09/2014 18:10:06]
    AdwCleaner[S12].txt – [2862 octets] – [07/09/2014 22:21:10]
    AdwCleaner[S13].txt – [1947 octets] – [08/09/2014 09:44:35]
    AdwCleaner[S1].txt – [2232 octets] – [08/02/2014 22:27:39]
    AdwCleaner[S2].txt – [1846 octets] – [13/02/2014 22:29:33]
    AdwCleaner[S3].txt – [1214 octets] – [13/02/2014 22:34:10]
    AdwCleaner[S4].txt – [1822 octets] – [05/03/2014 23:52:02]
    AdwCleaner[S5].txt – [13174 octets] – [21/05/2014 23:10:18]
    AdwCleaner[S6].txt – [1704 octets] – [29/05/2014 10:47:11]
    AdwCleaner[S7].txt – [12143 octets] – [19/08/2014 13:54:16]
    AdwCleaner[S8].txt – [13012 octets] – [05/09/2014 11:39:30]
    AdwCleaner[S9].txt – [2143 octets] – [07/09/2014 13:10:22]

    ########## EOF – C:AdwCleanerAdwCleaner[S13].txt – [2551 octets] ##########[/spoiler:3hg0032z]

    [spoiler:3hg0032z]Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Date de l'examen: 08/09/2014
    Heure de l'examen: 09:54:59
    Fichier journal: malware.txt
    Administrateur: Oui

    Version: 2.00.2.1012
    Base de données Malveillants: v2014.09.08.01
    Base de données Rootkits: v2014.08.21.01
    Licence: Gratuite
    Protection contre les malveillants: Désactivé(e)
    Protection contre les sites Web malveillants: Désactivé(e)
    Self-protection: Désactivé(e)

    Système d'exploitation: Windows 7 Service Pack 1
    Processeur: x64
    Système de fichiers: NTFS
    Utilisateur: herve

    Type d'examen: Examen “Menaces”
    Résultat: Terminé
    Objets analysés: 437793
    Temps écoulé: 15 min, 48 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Désactivé(e)
    Rootkits: Activé(e)
    Heuristics: Désactivé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Clés du Registre: 0
    (No malicious items detected)

    Valeurs du Registre: 0
    (No malicious items detected)

    Données du Registre: 0
    (No malicious items detected)

    Dossiers: 0
    (No malicious items detected)

    Fichiers: 1
    PUP.Optional.OptimunInstaller, C:UsersherveDownloadsNon confirmé 400273.crdownload, , [504923a67b009e985e7e252421df4db3],

    Secteurs physiques: 0
    (No malicious items detected)

    (end)[/spoiler:3hg0032z]

    Merci

  • Anonyme
    Post count: 0

    Désinstalle le(s) programme(s) suivant(s) :

    • Les produits McAfee

    [hr:3rhv27ss]

    • Télécharge RstHosts
    • Enregistre le fichier sur ton bureau.
    • Lance RstHosts et clic sur [Restaurer]

    [hr:3rhv27ss]

    • Séléctionne et copie le script suivant :

      Script ZHPFix
      C:Program Files (x86)YouTube Downloader =>PUP.Dealio
      C:ProgramDataYouTube Downloader =>PUP.Dealio
      C:ProgramDataAVG January 2013 Campaign =>Toolbar.AVGSearch
      [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
      [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
      [MD5.C78234DCAFDA1C5D4440977DF9A39F51] [APT] [ROC_REG_JAN_DELETE] (...) -- C:ProgramDataAVG January 2013 CampaignROC.exe [1234000]
      [MD5.00000000000000000000000000000000] [APT] [{7076D8E0-A954-403F-98D0-150200FA1B0A}] (...) -- C:UsersherveAppDataRoamingwebssearchesUninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
      [MD5.00000000000000000000000000000000] [APT] [{F648EA41-290D-422E-8B0F-7C0CC609F4F0}] (...) -- C:Program Files (x86)InstallShield Installation Information{BE4BA698-8533-4F77-9559-C7F3F78C0B05}setup.exe (.not file.) [0]
      O39 - APT: ROC_REG_JAN_DELETE - (...) -- C:WindowsTasksROC_REG_JAN_DELETE.job [300]
      O39 - APT: ROC_REG_JAN_DELETE - (...) -- C:WindowsSystem32TasksROC_REG_JAN_DELETE [300]
      [HKLMSoftwareWow6432NodeShortcut_Module]
      O43 - CFD: 05/09/2014 - 11:17:15 - [] ----D C:ProgramDatab542b37a827f068c
      O69 - SBI: SearchScopes [HKCU] {8028B484-50DE-4810-A80F-BC94C3810D03} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
      firewallraz
      emptyclsid
      emptyprefetch
      EmptyCLSID
      Emptytemp
      EmptyFlash
      ShortcutFix
    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Les lignes précedemment copiées doivent être collées dans le cadre
      3. Si c’est le cas, Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
  • Photo du profil de Tiggy83Tiggy83
    Participant
    Post count: 18

    ^^’ Voilà ! ;)
    https://antimalware.top/www/?a=d&i=qBBa1rQfrf” onclick=”window.open(this.href);return false;

  • Anonyme
    Post count: 0

    Nous allons éffectuer un diagnostic de ton ordinateur :

    • Télécharge OTL de Old_Timer et enregistre le sur le Bureau
    • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
    • Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu’adminsitrateur.
    • Vérifie que les cases Tous les utilisateurs, Recherche Lop et Recherche Purity soient cochées.
    • Dans le cadre Personnalisation, copie-colle l’intégralité de ce qui suit :
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%Application Data*.
    %ALLUSERSPROFILE%Application Data*.exe /s
    %APPDATA%*.
    %APPDATA%*.exe /s
    %temp%*.exe /s
    %SYSTEMDRIVE%*.exe
    %systemroot%*. /mp /s
    %systemroot%system32consrv.dll
    %systemroot%system32*.dll /lockedfiles
    %windir%Tasks*.job /lockedfiles
    %systemroot%system32drivers*.sys /lockedfiles
    %systemroot%System32config*.sav
    /md5start
    explorer.exe
    winlogon.exe
    services.exe
    wininit.exe
    /md5stop
    HKEY_CLASSES_ROOTCLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InprocServer32 /s
    HKEY_LOCAL_MACHINESYSTEMSYSTEMCurrentControlSetServiceslanmanserverparameters /s
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystems /s
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerAppCertDlls /s
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList /s
    HKEY_LOCAL_MACHINESoftwareMicrosoftCommand Processor /s
    HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor /s
    CREATERESTOREPOINT
    nslookup http://www.google.fr /c
    hklmsoftwareclientsstartmenuinternet|command /rs
    hklmsoftwareclientsstartmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    SAVEMBR:0

    • Clique sur Analyse

    • Une fois le scan terminé 1 ou 2 rapports vont s’ouvrir OTL.txt et Extras.txt.
    • Héberge les rapports OTL.txt et Extras.txt sur cjoint.com, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

      Note : Au cas où, tu peux les retrouver dans le dossier C:OTL ou sur ton bureau en fonction des cas rencontrés

  • Photo du profil de Tiggy83Tiggy83
    Participant
    Post count: 18

    Voici le lien, par contre je n’ai que celui-là ! :(

    http://cjoint.com/?DIimGBPzhiM” onclick=”window.open(this.href);return false;

    Je t’ai également copié ce qu’il y a dans la fenêtre Personnalisation:
    HKEY_LOCAL_MACHINESoftwareMicrosoftCommand Processor /s
    HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor /s
    nslookup http://www.google.fr” onclick=”window.open(this.href);return false; /c
    hklmsoftwareclientsstartmenuinternet|command /rs
    hklmsoftwareclientsstartmenuinternet|command /64 /rs

    Merci

  • Photo du profil de Tiggy83Tiggy83
    Participant
    Post count: 18

    Oups, sorry !
    voilà le 2ème !!!

    http://cjoint.com/?DIimMc9LFil” onclick=”window.open(this.href);return false;

    :( :( :( :( :( :(

  • Anonyme
    Post count: 0

    Ok,

    Comment va le PC, toujours des soucis ?

    • Pour supprimer les fichiers temporaires :
    • Télécharge SFTGC (de Pierre13) sur ton Bureau et pas ailleurs !.
    • Lance SFTGC, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur GO

      Note : A la fin un rapport va s’ouvrir

    • Une fois le scan terminé rends toi sur le bureau, le fichier SFTGC.txt à été créé.
    • Héberge le rapport SFTGC.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
  • Photo du profil de Tiggy83Tiggy83
    Participant
    Post count: 18

    Les fenêtres s’ouvrent toujours autant, mais plus espacées en temps :electriksock:

    Le lien: https://antimalware.top/www/?a=d&i=Vi3WbXUiMF” onclick=”window.open(this.href);return false;

    :merci2:

  • Anonyme
    Post count: 0

    Désinstalle : GOM Player

    • Relance OTL.
    • Sous Persfonnalisation (Custom Scan), copie-colle le contenu du cadre ci dessous (bien prendre :OTL en début).

      :OTL
      CHR – Extension: ThunderQQDownload FlashGet Files Downloader Pro = C:UsersherveAppDataLocalGoogleChromeUser DataDefaultExtensionskeoppklbljbnecjcpehjlmdcdibpdclf222
      O2:64bit: – BHO: (no name) – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – No CLSID value found.
      O2:64bit: – BHO: (no name) – {9030D464-4C02-4ABF-8ECC-5164760863C6} – No CLSID value found.
      O2:64bit: – BHO: (Java(tm) Plug-In 2 SSV Helper) – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:Program FilesJavajre6binjp2ssv.dll File not found
      O2 – BHO: (no name) – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – No CLSID value found.
      O2 – BHO: (no name) – {9030D464-4C02-4ABF-8ECC-5164760863C6} – No CLSID value found.
      O3:64bit: – HKLM..Toolbar: (no name) – 10 – No CLSID value found.
      O3 – HKLM..Toolbar: (no name) – 10 – No CLSID value found.
      O21:64bit: – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – No CLSID value found.

      :files
      C:UsersherveAppDataRoamingPinnacle Pixie Activation 500.exe
      C:ProgramDataTEMP:ECF3C50F
      C:UsersherveAppDataLocalLowSunJavajre1.7.0_67lzma.exe

      :Commands
      [emptytemp]
      [emptyflash]
      [reboot]

    • Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:
    • Redemarre le pc et poste le rapport dans ta prochaine réponse.
    • Le rapport est sauvegardé sous C:_OTLMovedFilesdate_heure.log
  • Photo du profil de Tiggy83Tiggy83
    Participant
    Post count: 18

    All processes killed
    ========== OTL ==========
    C:UsersherveAppDataLocalGoogleChromeUser DataDefaultExtensionskeoppklbljbnecjcpehjlmdcdibpdclf222 folder moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} not found.
    64bit-Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9030D464-4C02-4ABF-8ECC-5164760863C6} not found.
    64bit-Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully.
    Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} not found.
    Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9030D464-4C02-4ABF-8ECC-5164760863C6} not found.
    64bit-Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar\10 deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.
    ========== FILES ==========
    C:UsersherveAppDataRoamingPinnacle Pixie Activation 500.exe moved successfully.
    FileFolder C:ProgramDataTEMP:ECF3C50F not found.
    FileFolder C:UsersherveAppDataLocalLowSunJavajre1.7.0_67lzma.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur

    User: All Users

    User: Default
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57472 bytes

    User: Default User
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: herve
    ->Temp folder emptied: 108050 bytes
    ->Temporary Internet Files folder emptied: 129704 bytes
    ->Google Chrome cache emptied: 281597695 bytes
    ->Flash cache emptied: 58090 bytes

    User: HomeGroupUser$

    User: Invité
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57964 bytes

    User: LoïsPark
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 129603 bytes

    User: Public

    User: UpdatusUser
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%System32 .tmp files removed: 0 bytes
    %systemroot%System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%System32drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2176 bytes
    %systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 42345939 bytes
    %systemroot%sysnativeconfigsystemprofileAppDataLocalLowSunJavaDeployment folder emptied: 745 bytes
    RecycleBin emptied: 992541830 bytes

    Total Files Cleaned = 1 256,00 mb

    [EMPTYFLASH]

    User: Administrateur

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: herve
    ->Flash cache emptied: 0 bytes

    User: HomeGroupUser$

    User: Invité
    ->Flash cache emptied: 0 bytes

    User: LoïsPark
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0,00 mb

    OTL by OldTimer – Version 3.2.69.0 log created on 09082014_133858

    FilesFolders moved on Reboot…
    C:UsersherveAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.
    C:UsersherveAppDataLocalMicrosoftWindowsTemporary Internet Filescounters.dat moved successfully.

    PendingFileRenameOperations files…

    Registry entries deleted on Reboot…

  • Photo du profil de Tiggy83Tiggy83
    Participant
    Post count: 18

    https://antimalware.top/www/?a=d&i=tNEpn8B9WB” onclick=”window.open(this.href);return false;

  • Anonyme
    Post count: 0

    Oki,

    Il me faudrait un nouveau rapport ZHPDiag (nouveau scan complet) stp

  • Photo du profil de Tiggy83Tiggy83
    Participant
    Post count: 18

    Depuis ton dernier message, je n’ai plus de fenêtres intempestives qui s’ouvrent :happy:

    https://antimalware.top/www/?a=d&i=cQ31En2Owq” onclick=”window.open(this.href);return false;

  • Anonyme
    Post count: 0

    Ouep, ça venait du logiciel Gom Player

    • Séléctionne et copie le script suivant :

      Script ZHPFix
      HKLMSOFTWAREMicrosoftTracingNewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
      HKLMSOFTWAREMicrosoftTracingNewPlayerUpdater_RASMANCS =>Adware.NewPlayer
      HKLMSOFTWAREWow6432NodeMicrosoftTracingBrowserSafeguard_RASAPI32 =>PUP.BrowserSafeguard
      HKLMSOFTWAREWow6432NodeMicrosoftTracingBrowserSafeguard_RASMANCS =>PUP.BrowserSafeguard
      HKLMSOFTWAREWow6432NodeMicrosoftTracingEnhanceTronic_RASAPI32 =>PUP.EnhanceTronic
      HKLMSOFTWAREWow6432NodeMicrosoftTracingEnhanceTronic_RASMANCS =>PUP.EnhanceTronic
      HKLMSOFTWAREWow6432NodeMicrosoftTracingupdateEnhanceTronic_RASAPI32 =>PUP.EnhanceTronic
      HKLMSOFTWAREWow6432NodeMicrosoftTracingupdateEnhanceTronic_RASMANCS =>PUP.EnhanceTronic
      O4 - HKCU..Run: [Google Update] C:UsersherveAppDataLocalGoogleUpdateGoogleUpdate.exe (.not file.)
    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Les lignes précedemment copiées doivent être collées dans le cadre
      3. Si c’est le cas, Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

    [hr:31ghdrt4]

    • Pour supprimer les outils de désinfections utilisés :
    • Télécharges Delfix sur ton Bureau.
    • Lance Delfix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche les cases suivantes :
      • Supprimer les outils de désinfection
      • Purger la restauration système

  • Photo du profil de Tiggy83Tiggy83
    Participant
    Post count: 18

    https://antimalware.top/www/?a=d&i=BJ5q3t7O3k” onclick=”window.open(this.href);return false;

    Je retrouve le sourire ;-))

  • Anonyme
    Post count: 0

    Je retrouve le sourire ;-))

    Alors ne le perd pas :)

    Bonne semaine ;) :hello:

    [fin2desinf:15vx1df2][/fin2desinf:15vx1df2]

  • Photo du profil de Tiggy83Tiggy83
    Participant
    Post count: 18

    :merci2: :merci2: :merci2: :merci2: :merci2:

    Super Sympa :bravo1: :bravo1:

  • Anonyme
    Post count: 0

    ;)

    :hello:

Le sujet ‘Fenêtres publicitaires incessantes’ est fermé à de nouvelles réponses.