Ordinateur lent 2014-04-21T22:43:48+00:00
4 sujets de 1 à 4 (sur un total de 4)
  • Auteur
    Messages
  • pomm_94
    Participant
    Nombre d'articles : 2

    Bonsoir,

    Mon ordinateur doit être sacrément infesté de virus vu comment il rame et vu le nombre de pubs qui s’ouvrent toute seule.

    J’ai fait un scan adwcleaner, malware et zhp dont j’ai mis les rapports.

    Pouvez vous m’aider??

    Merci bcp :)

    Spoiler for 2liarr3z

    {# AdwCleaner v3.103 – Rapport créé le 21/04/2014 à 23:19:49
    # Mis à jour le 21/04/2014 par Xplode
    # Système d'exploitation : Windows 8.1 (64 bits)
    # Nom d'utilisateur : constance – POM
    # Exécuté depuis : C:UsersconstanceDownloadsadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    Service Supprimé : BackupStack
    Service Supprimé : IePluginService
    Service Supprimé : nuttkoqiez64
    [#] Service Supprimé : pricemeterliveUpdate
    [#] Service Supprimé : pricemeterliveUpdatem
    Service Supprimé : SECUREASSIST
    Service Supprimé : Wpm

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataIePluginService
    [!] Dossier Supprimé : C:ProgramDataPriceMeterLiveUpdate
    Dossier Supprimé : C:ProgramDataWPM
    Dossier Supprimé : C:Program Files (x86)Iminent
    Dossier Supprimé : C:Program Files (x86)IminentToolbar
    Dossier Supprimé : C:Program Files (x86)Mobogenie
    Dossier Supprimé : C:Program Files (x86)MyPC Backup
    Dossier Supprimé : C:Program Files (x86)Mysearchdial
    Dossier Supprimé : C:Program Files (x86)Nosibay
    [!] Dossier Supprimé : C:Program Files (x86)PriceMeterLiveUpdate
    Dossier Supprimé : C:Program Files (x86)RegClean Pro
    Dossier Supprimé : C:Program Files (x86)Re-markit
    Dossier Supprimé : C:Program Files (x86)SupraSavings
    Dossier Supprimé : C:Program Files (x86)SupTab
    Dossier Supprimé : C:Program Files (x86)Systweak Support Dock
    Dossier Supprimé : C:Program Files (x86)Wajam
    Dossier Supprimé : C:Program Files (x86)fst_fr_54
    Dossier Supprimé : C:Program Files03
    Dossier Supprimé : C:Program FilesSupraSavings
    Dossier Supprimé : C:Usersconstance.android
    Dossier Supprimé : C:UsersconstanceAppDataLocalcool_mirage
    Dossier Supprimé : C:UsersconstanceAppDataLocalCrashRpt
    Dossier Supprimé : C:UsersconstanceAppDataLocallollipop
    Dossier Supprimé : C:UsersconstanceAppDataLocalMobogenie
    Dossier Supprimé : C:UsersconstanceAppDataLocalPriceMeter
    Dossier Supprimé : C:UsersconstanceAppDataLocalPriceMeterLiveUpdate
    Dossier Supprimé : C:UsersconstanceAppDataLocalSwvUpdater
    Dossier Supprimé : C:UsersconstanceAppDataLocalWajam
    Dossier Supprimé : C:UsersconstanceAppDataLocalfst_fr_54
    Dossier Supprimé : C:UsersconstanceAppDataRoamingMysearchdial
    Dossier Supprimé : C:UsersconstanceAppDataRoamingnewnext.me
    Dossier Supprimé : C:UsersconstanceAppDataRoamingNosibay
    Dossier Supprimé : C:UsersconstanceAppDataRoamingSupTab
    Dossier Supprimé : C:UsersconstanceAppDataRoamingSystweak
    Dossier Supprimé : C:UsersconstanceAppDataRoamingMicrosoftWindowsStart MenuProgramsMyPC Backup
    Dossier Supprimé : C:UsersconstanceAppDataRoamingMicrosoftWindowsStart MenuProgramsPriceMeter
    Dossier Supprimé : C:UsersconstanceDocumentsMobogenie
    Fichier Supprimé : C:WINDOWSSysWOW64SecureAssist.ini
    Fichier Supprimé : C:WINDOWSSysWOW64SecureAssistOff.ini
    Fichier Supprimé : C:WINDOWSSystem32SecureAssist.ini
    Fichier Supprimé : C:WINDOWSSystem32SecureAssistOff.ini
    Fichier Supprimé : C:Usersconstancedaemonprocess.txt
    Fichier Supprimé : C:UsersconstanceAppDataLocalmysearchdial-speeddial.crx
    Fichier Supprimé : C:UsersconstanceAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMyPC Backup.lnk
    Fichier Supprimé : C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsnewtabv3.crx
    Fichier Supprimé : C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_www.wajam.com_0.localstorage
    Fichier Supprimé : C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_www.wajam.com_0.localstorage-journal
    Fichier Supprimé : C:WINDOWSSystem32Taskspricemeterdownloader
    Fichier Supprimé : C:WINDOWSTasksPriceMeterLiveUpdateUpdateTaskMachineUA.job
    Fichier Supprimé : C:WINDOWSSystem32TasksPriceMeterLiveUpdateUpdateTaskMachineUA
    Fichier Supprimé : C:WINDOWSTasksPriceMeterLiveUpdateUpdateTaskMachineCore.job
    Fichier Supprimé : C:WINDOWSSystem32TasksPriceMeterLiveUpdateUpdateTaskMachineCore
    Fichier Supprimé : C:WINDOWSSystem32Taskspricemetertask
    Fichier Supprimé : C:WINDOWSSystem32Taskspricemeterwatcher

    ***** [ Raccourcis ] *****

    Raccourci Désinfecté : C:UsersPublicDesktopGoogle Chrome.lnk
    Raccourci Désinfecté : C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle ChromeGoogle Chrome.lnk
    Raccourci Désinfecté : C:UsersconstanceAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk
    Raccourci Désinfecté : C:UsersconstanceAppDataRoamingMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk
    Raccourci Désinfecté : C:UsersconstanceAppDataRoamingMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk
    Raccourci Désinfecté : C:UsersconstanceAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarGoogle Chrome.lnk
    Raccourci Désinfecté : C:UsersconstanceAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarInternet Explorer.lnk

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionspelmeidfhdlhlbjimpabfcbnnojbboma
    Clé Supprimée : HKCUSoftwareClassesApplicationslollipop.exe
    Valeur Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionRun [PriceMeterW]
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp Pathsmypc backup
    Clé Supprimée : HKLMSOFTWAREMozillaPlugins@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
    Clé Supprimée : HKLMSOFTWAREMozillaPlugins@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
    Clé Supprimée : HKLMSOFTWAREClassesCrossriderApp0051382.BHO
    Clé Supprimée : HKLMSOFTWAREClassesCrossriderApp0051382.BHO.1
    Clé Supprimée : HKLMSOFTWAREClassesCrossriderApp0051382.Sandbox
    Clé Supprimée : HKLMSOFTWAREClassesCrossriderApp0051382.Sandbox.1
    Clé Supprimée : HKLMSOFTWAREClassesAppID{C007DADD-132A-624C-088E-59EE6CF0711F}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{10AD2C61-0898-4348-8600-14A342F22AC3}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{11111111-1111-1111-1111-110511131182}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{22222222-2222-2222-2222-220522132282}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{55555555-5555-5555-5555-550555135582}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{66666666-6666-6666-6666-660566136682}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{44444444-4444-4444-4444-440544134482}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{10AD2C61-0898-4348-8600-14A342F22AC3}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{11111111-1111-1111-1111-110511131182}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{533403E2-6E21-4615-9E28-43F4E97E977B}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{11111111-1111-1111-1111-110511131182}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{22222222-2222-2222-2222-220522132282}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{55555555-5555-5555-5555-550555135582}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{66666666-6666-6666-6666-660566136682}
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{11111111-1111-1111-1111-110511131182}
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Donnée Restaurée : HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand
    Clé Supprimée : HKCUSoftware1ClickDownload
    Clé Supprimée : HKCUSoftwareinstalledbrowserextensions
    Clé Supprimée : HKCUSoftwaresuprasavings
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareCrossrider
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareRr Savings
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwaresuprasavings
    Clé Supprimée : HKLMSoftwareDealPlyLive
    Clé Supprimée : HKLMSoftwareIePlugin
    Clé Supprimée : HKLMSoftwareinstalledbrowserextensions
    Clé Supprimée : HKLMSoftwareqone8Software
    Clé Supprimée : HKLMSoftwaresuprasavings
    Clé Supprimée : HKLMSoftwaresupTab
    Clé Supprimée : HKLMSoftwaresupWPM
    Clé Supprimée : HKLMSoftwareWpm
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall1ClickDownload
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallWpm
    Clé Supprimée : [x64] HKLMSOFTWAREinstalledbrowserextensions
    Clé Supprimée : [x64] HKLMSOFTWARELevelQualityWatcher
    Clé Supprimée : [x64] HKLMSOFTWARERr Savings
    Clé Supprimée : [x64] HKLMSOFTWAREsuprasavings
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallMyPC Backup
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallsuprasavings

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.16518

    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Default_Page_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Page_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Start Page]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Search Page]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Page_URL]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Start Page]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Search Page]

    -\ Google Chrome v34.0.1847.116

    [ Fichier : C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée : homepage

    *************************

    AdwCleaner[R0].txt – [12957 octets] – [21/04/2014 23:13:01]
    AdwCleaner[S0].txt – [10694 octets] – [21/04/2014 23:19:53]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [10755 octets] ##########}[/spoiler:2liarr3z]

    Spoiler for 2liarr3z

    {Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Date de l'examen: 22/04/2014
    Heure de l'examen: 00:11:11
    Fichier journal: malwarevytes.txt
    Administrateur: Oui

    Version: 2.00.1.1004
    Base de données Malveillants: v2014.03.04.09
    Base de données Rootkits: v2014.02.20.01
    Licence: Essai
    Protection contre les malveillants: Activé(e)
    Protection contre les sites Web malveillants: Activé(e)
    Chameleon: Désactivé(e)

    Système d'exploitation: Windows 8.1
    Processeur: x64
    Système de fichiers: NTFS
    Utilisateur: constance

    Type d'examen: Examen “Menaces”
    Résultat: Terminé
    Objets analysés: 284401
    Temps écoulé: 33 min, 56 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Désactivé(e)
    Shuriken: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Clés du Registre: 4
    PUP.Optional.1ClickMovieDownload.A, HKLMSOFTWAREWOW6432NODE1ClickMovie-Download V9.0, , [64e5ac538ded8ea86cf38d000df5639d],
    PUP.Optional.1ClickMovieDownload.A, HKUS-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREAPPDATALOWSOFTWARE1ClickMovie-Download V9.0, , [b49521de057510265b03404d34ceca36],
    PUP.Optional.1ClickMovieDownload.A, HKUS-1-5-21-4251379365-3564927970-2822429743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREAPPDATALOWSOFTWARE1ClickMovie-Download V9.0, , [be8bac53d7a342f43f1f385528daff01],
    PUP.Optional.1ClickMovieDownload.A, HKLMSOFTWAREWOW6432NODEMICROSOFTWINDOWSCURRENTVERSIONUNINSTALL1ClickMovie-Download V9.0, , [2a1f1ee1512959dd2ea58307f2109868],

    Valeurs du Registre: 0
    (No malicious items detected)

    Données du Registre: 1
    PUP.Optional.Qone8, HKLMSOFTWAREMICROSOFTINTERNET EXPLORERSEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[ff4a956a92e8fc3a4af9fb34cd37bd43]

    Dossiers: 13
    PUP.Optional.1ClickMovieDownloader.A, C:Program Files (x86)1clickmoviedownloader.com, , [84c5d827a4d6e74fc61fa0e7b15137c9],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.0, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionData, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDatauserCode, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0icons, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0iconsactions, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsapi, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslib, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibpopupResource, , [b19831ce21598caa0cc8f39740c2748c],

    Fichiers: 108
    PUP.Optional.SkyTech.A, C:UsersconstanceAppDataLocalTempfullpackage_temp1397075804alilog.dll, , [202946b997e32412d9250c73b848b848],
    PUP.Optional.SkyTech.A, C:UsersconstanceAppDataLocalTempfullpackage_temp1397075804package1.zip, , [e66307f82d4d4fe7877781fe847c649c],
    PUP.Optional.IePluginService.A, C:UsersconstanceAppDataLocalTempfullpackage_temp1397075804tmpSupTab.exe, , [fa4fc53a2b4fc86e6ecc0494d62b7f81],
    PUP.Optional.WpManager, C:UsersconstanceAppDataLocalTempfullpackage_temp1397075804tmpwpm.exe, , [0d3c1ce3d2a8e452c2a3aaf8926fd729],
    PUP.Optional.OneClickDownloader.A, C:UsersconstanceDownloadsGame.of.Thrones.S04E01.PROPER.VOSTFR.HDTV.XviD-ATeam-GameofThrones.vovf.eu (1).exe, , [b891d32c8befbe785e99aaa9fb06ed13],
    PUP.Optional.OneClickDownloader.A, C:UsersconstanceDownloadsGame.of.Thrones.S04E01.PROPER.VOSTFR.HDTV.XviD-ATeam-GameofThrones.vovf.eu.exe, , [71d87986166463d329ce1a3932cfde22],
    PUP.Optional.Bubbledock.A, C:UsersconstanceAppDataRoamingBubble Dock.boostrap.log, , [bf8a1be4bdbdd165eaf7dcb7748eae52],
    PUP.Optional.1ClickMovieDownloader.A, C:Program Files (x86)1clickmoviedownloader.comFreeTVDownloader.exe, , [84c5d827a4d6e74fc61fa0e7b15137c9],
    PUP.Optional.1ClickMovieDownloader.A, C:Program Files (x86)1clickmoviedownloader.comftvextsetup.exe, , [84c5d827a4d6e74fc61fa0e7b15137c9],
    PUP.Optional.1ClickMovieDownloader.A, C:Program Files (x86)1clickmoviedownloader.comuninst.exe, , [84c5d827a4d6e74fc61fa0e7b15137c9],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.01ClickMovie-Download V9.0-bg.exe, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.01ClickMovie-Download V9.0-bho.dll, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.01ClickMovie-Download V9.0-bho64.dll, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.01ClickMovie-Download V9.0-buttonutil.dll, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.01ClickMovie-Download V9.0-buttonutil.exe, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.01ClickMovie-Download V9.0-buttonutil64.dll, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.01ClickMovie-Download V9.0-buttonutil64.exe, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.01ClickMovie-Download V9.0-codedownloader.exe, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.01ClickMovie-Download V9.0.ico, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.051382.crx, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.051382.xpi, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.exe, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-3.exe, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-4.exe, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-5.exe, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.0background.html, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.0Uninstall.exe, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.1ClickMovieDownload.A, C:Program Files (x86)1ClickMovie-Download V9.0utils.exe, , [2a1f1ee1512959dd2ea58307f2109868],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0background.html, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0chromeCoreFilesIndex.txt, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0crossriderManifest.json, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0manifest.json, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0popup.html, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDatamanifest.xml, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins.json, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins1.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins1000020.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins1000025.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins1000030.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins102.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins103.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins104.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins123.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins13.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins14.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins155.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins17.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins175.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins177.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins180.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins182.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins183.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins19.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins190.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins193.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins195.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins207.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins21.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins22.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins220.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins223.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins246.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins28.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins4.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins47.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins64.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins7.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins72.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins78.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins80.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins9.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins91.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins93.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDataplugins97.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDatauserCodebackground.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0extensionDatauserCodeextension.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0iconsicon128.png, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0iconsicon16.png, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0iconsicon48.png, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0iconsactions1.png, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsbackground.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsmain.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsplatformVersion.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsapichrome.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsapicookie.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsapimessage.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsapimonitor.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsapipageAction.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsapipageActionBG.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibapp_api.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibbg_app_api.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibconsts.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibcookie_store.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibcrossriderAPI.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibdelegate.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibevents.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibextensionDataStore.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibinstaller.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsliblogFile.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jsliblogging.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibonBGDocumentLoad.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibreports.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibstorageWrapper.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibupdateManager.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibutil.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibxhr.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibpopupResourcenewPopup.js, , [b19831ce21598caa0cc8f39740c2748c],
    PUP.Optional.CrossRider.A, C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionsgphjehcgndcjccmghmjmeeabfecdiilm1.26.39_0jslibpopupResourcepopup.js, , [b19831ce21598caa0cc8f39740c2748c],

    Secteurs physiques: 0
    (No malicious items detected)

    (end)}[/spoiler:2liarr3z]

    pomm_94
    Participant
    Nombre d'articles : 2

    dernier rapport :merci2:

    Spoiler for srb100rr

    {~ Rapport de ZHPDiag v2014.4.21.36 – Nicolas Coolman (21/04/2014)
    ~ Lancé par constance (22/04/2014 00:18:56)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16659
    GCIE: Google Chrome v34.0.1847.116 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 8.1, 64-bit (Build 9600)
    Windows Server License Manager Script : OK
    ~ Windows(R) Operating System, OEM_DM channel
    Windows ID Activation : OK
    ~ Windows Partial Key : KD4D6
    Windows License : OK
    ~ Windows Remaining Initializations Number : 999
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Avira Free Antivirus v14.0.3.350
    Malwarebytes Anti-Malware version 2.0.1.1004
    Windows Defender W8

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Reader X MUI

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3981 MB (34% free)
    System Restore: Activé (Enable)
    System drive C: has 105 GB (56%) free of 186 GB

    —\ Mode de connexion au système
    ~ Computer Name: POM
    ~ User Name: constance
    ~ All Users Names: HomeGroupUser$, constance, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersconstanceAppDataRoamingZHP
    ~ %AppData% : C:UsersconstanceAppDataRoaming
    ~ %Desktop% : C:UsersconstanceDesktop
    ~ %Favorites% : C:UsersconstanceFavorites
    ~ %LocalAppData% : C:UsersconstanceAppDataLocal
    ~ %StartMenu% : C:UsersconstanceAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 105 Go of 186 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.63DC38C3E4564B2405D562855643ABA2] – (.Microsoft Corporation – Explorateur Windows.) (.14/11/2013 – 08:37:16.) — C:WindowsExplorer.exe [2328872]
    [MD5.48CFA7BE561A7BE144C29BB912055016] – (.Microsoft Corporation – Application de démarrage de Windows.) (.22/08/2013 – 10:58:29.) — C:WindowsSystem32Wininit.exe [144384]
    [MD5.DF79CE9B950C62677D232154E93A81C7] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.01/03/2014 – 04:10:28.) — C:WindowsSystem32wininet.dll [2334208]
    [MD5.7C94FDA3809015B8F2208D2E1C221F17] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.22/08/2013 – 10:55:08.) — C:WindowsSystem32Winlogon.exe [564736]
    [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/12/2013 – 09:54:07.) — C:WindowsSystem32sppcomapi.dll [447488]
    [MD5.239268BAB58EAE9A3FF4E08334C00451] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32DriversAFD.sys [567296]
    [MD5.74B14192CF79A72F7536B27CB8814FBD] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.22/08/2013 – 13:43:41.) — C:Windowssystem32Driversatapi.sys [26464]
    [MD5.2FA6510E33F7DEFEC03658B74101A9B9] – (.Microsoft Corporation – CD-ROM File System Driver.) (.22/08/2013 – 12:40:15.) — C:Windowssystem32DriversCdfs.sys [88576]
    [MD5.C6796EA22B513E3457514D92DCDB1A3D] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.22/08/2013 – 09:46:35.) — C:Windowssystem32DriversCdrom.sys [164352]
    [MD5.5DB26D7E0216D0BF364A81D3829AD7B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.22/08/2013 – 12:38:00.) — C:Windowssystem32DriversDfsC.sys [134656]
    [MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.22/08/2013 – 12:38:38.) — C:Windowssystem32DriversHDAudBus.sys [78336]
    [MD5.84CFC5EFA97D0C965EDE1D56F116A541] – (.Microsoft Corporation – Pilote de port i8042.) (.22/08/2013 – 12:39:15.) — C:Windowssystem32Driversi8042prt.sys [107520]
    [MD5.B7342B3C58E91107F6E946A93D9D4EFD] – (.Microsoft Corporation – IP Network Address Translator.) (.27/11/2013 – 13:02:29.) — C:Windowssystem32DriversIpNat.sys [142848]
    [MD5.79B6F3DF7CDFD12159871FF71464F0CE] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.23/11/2013 – 08:08:19.) — C:Windowssystem32DriversMRxSmb.sys [403456]
    [MD5.0217532E19A748F0E5D569307363D5FD] – (.Microsoft Corporation – MBT Transport driver.) (.22/08/2013 – 12:37:02.) — C:Windowssystem32DriversnetBT.sys [282624]
    [MD5.725EF69B2DBEB7B33280019A556201BC] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.10/03/2014 – 11:35:58.) — C:Windowssystem32Driversntfs.sys [2008408]
    [MD5.764B1121867B2D9B31C491668AC72B2B] – (.Microsoft Corporation – Pilote de port parallèle.) (.22/08/2013 – 12:40:02.) — C:Windowssystem32DriversParport.sys [94208]
    [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.22/08/2013 – 12:35:51.) — C:Windowssystem32DriversRasl2tp.sys [120832]
    [MD5.680C1DAE268B6FB67FA21B389A8B79EF] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 – 08:16:40.) — C:Windowssystem32Driversrdpdr.sys [195584]
    [MD5.FFF28F9F6823EB1756C60F1649560BBF] – (.Microsoft Corporation – TDI Translation Driver.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32Driverstdx.sys [107520]
    [MD5.C85C075DE5B6D0FE116043054DE8EE02] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.31/01/2014 – 17:15:23.) — C:Windowssystem32Driversvolsnap.sys [311640]
    ~ Generic Processes: Scanned in 00mn 06s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/4334
    ~ Mes musiques (My Musics) : 2/30
    Mes Videos (My Videos) : 2/2 (Modified)
    ~ Mes Favoris (My Favorites) : 1/7
    ~ Mes Documents (My Documents) : 6/30
    ~ Mon Bureau (My Desktop) : 2/226
    ~ Menu demarrer (Programs) : 1/27
    ~ Hidden Files: Scanned in 00mn 21s

    —\ Processus lancés
    [MD5.41AD6110110A2E89957F831DCBFAF892] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6963512] [PID.2596]
    [MD5.C570FD825751F7805CE226F68C4605DE] – (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe [54488] [PID.1392]
    [MD5.97432AB9F1B3B3E63E778C1E69E71E91] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1124032] [PID.2884]
    [MD5.C81E206D2DDBD18396506C2978F2C6BA] – (…) — C:Program Files (x86)ASUSSplendidColorUService.exe [171224] [PID.2932]
    [MD5.25A7E7174C622D3B8D0D2681EE87E4FA] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe [20792] [PID.3564]
    [MD5.2F03C763EE0DFB4DE56176737DEFB2E2] – (.Microsoft Corporation – Touch Keyboard and Handwriting Panel Helper.) — C:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exe [21184] [PID.3204]
    [MD5.DB0C938BC311B31CF90C13821AE682B3] – (.ASUSTeK Computer Inc. – ASUS Live Update.) — C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe [1559936] [PID.3232]
    [MD5.2EBBBFC120593C683796092F2DDA0EFC] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [841032] [PID.2196]
    [MD5.B9562F200149C64CC53D47F969CEA6C3] – (.Microsoft Corporation – Hôte Microsoft WWA.) — C:WINDOWSsyswow64wwahost.exe [518656] [PID.1316]
    [MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] – (.ASUSTek Computer Inc. – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [205184] [PID.5292]
    [MD5.2D32F0EF950AED6AD007D042676FD39E] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [328064] [PID.5396]
    [MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] – (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe [59720] [PID.4592]
    [MD5.799BCC829F48F19C5689478179060435] – (.Apple Inc. – Apple Photostreams Uploader Executable.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe [59720] [PID.5308]
    [MD5.343E19B2F141B65FA1723385C664F861] – (.Spotify Ltd – Spotify.) — C:UsersconstanceAppDataRoamingSpotifyspotify.exe [6087224] [PID.5972]
    [MD5.F6041A72058ADD22166C31B5FD5E919C] – (.Spotify Ltd – SpotifyWebHelper.) — C:UsersconstanceAppDataRoamingSpotifyDataSpotifyWebHelper.exe [1171000] [PID.3260]
    [MD5.C64E9B1C9EA057DCECDCB98F34377811] – (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe [228552] [PID.5728]
    [MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [932288] [PID.6176]
    [MD5.47833576F0BEE0AD7B45109982B769BD] – (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleInternet ServicesAPSDaemon.exe [59720] [PID.6896]
    [MD5.2362B857693DA580E04ECE28F7D67E7E] – (.ASUSTek Computer Inc. – ASUS Product Register Program.) — C:Program Files (x86)ASUSAPRPaprp.exe [3187360] [PID.6356]
    [MD5.241B07FF7F5943B9C1BF3235F49AC1E1] – (.Avira Operations GmbH & Co. KG – Antivirus System Tray Tool (Desktop).) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe [689744] [PID.3252]
    [MD5.BAF535F843A3E790E04A7613811B55BC] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.7124]
    [MD5.6368A4CF33B29665A504ABC2EA4D8385] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [7938048] [PID.6912]
    [MD5.5777523CDDD178ECFE1BBDB7A3F2D6CF] – (…) — C:UsersconstanceAppDataRoamingSpotifyDataSpotifyHelper.exe [602680] [PID.6776]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultPreferences
    G0 – GCSP: Preference [User DataDefault][HomePage] http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [gphjehcgndcjccmghmjmeeabfecdiilm] 1ClickMovie-Download V9.0 v.1.26.39, (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.2.3, (Désactivé) =>PUP.QuickStart

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 19 Legitimates Filtered in 00mn 21s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSDesktop [Public]: Waves MAXXAudio.lnk . (…) — C:Program Files (x86)RealtekAudioHDAMaxxAudioControl64.exe (.not file.)
    O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
    O4 – GSQuickLaunch [constance]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [constance]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [constance]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [constance]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSProgram [constance]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Global Startup: 48 Legitimates Filtered in 00mn 05s

    —\ Applications lancées au démarrage du système (O4)
    O4 – GSStartup [constance]: OneNote 2010 – Capture d’écran et lancement.lnk . (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe =>.Microsoft Corporation
    O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [RtHDVBg] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
    O4 – HKCU..Run: [iCloudServices] . (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
    O4 – HKCU..Run: [ApplePhotoStreams] . (.Apple Inc. – Apple Photostreams Uploader Executable.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
    O4 – HKCU..Run: [Facebook Update] . (.Facebook Inc. – Programme d'installation de Facebook.) — C:UsersconstanceAppDataLocalFacebookUpdateFacebookUpdate.exe
    O4 – HKCU..Run: [Spotify] . (.Spotify Ltd – Spotify.) — C:UsersconstanceAppDataRoamingSpotifySpotify.exe
    O4 – HKCU..Run: [Spotify Web Helper] . (.Spotify Ltd – SpotifyWebHelper.) — C:UsersconstanceAppDataRoamingSpotifyDataSpotifyWebHelper.exe
    O4 – HKCU..Run: [iTunesHelper] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKCU..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [ASUSPRP] . (.ASUSTek Computer Inc. – ASUS Product Register Program.) — C:Program Files (x86)ASUSAPRPAPRP.exe
    O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.10.123AsusWSPanel.exe
    O4 – HKLM..Wow6432NodeRun: [mcui_exe] C:Program FilesMcAfee.comAgentmcagent.exe (.not file.)
    O4 – HKLM..Wow6432NodeRun: [avgnt] . (.Avira Operations GmbH & Co. KG – Antivirus System Tray Tool (Desktop).) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [iCloudServices] . (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
    O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [ApplePhotoStreams] . (.Apple Inc. – Apple Photostreams Uploader Executable.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
    O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [Facebook Update] . (.Facebook Inc. – Programme d'installation de Facebook.) — C:UsersconstanceAppDataLocalFacebookUpdateFacebookUpdate.exe
    O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [Spotify] . (.Spotify Ltd – Spotify.) — C:UsersconstanceAppDataRoamingSpotifySpotify.exe
    O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [Spotify Web Helper] . (.Spotify Ltd – SpotifyWebHelper.) — C:UsersconstanceAppDataRoamingSpotifyDataSpotifyWebHelper.exe
    O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [iTunesHelper] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
    O4 – HKUSS-1-5-21-4251379365-3564927970-2822429743-1001..Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation – Pense-bête.) — C:WindowsSystem32StikyNot.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~2Office14ONBttnIE.dll (.not file.)
    O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~2Office14ONBTTN~1.dll (.not file.)
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{3ED5859F-5403-40FA-B189-FFCC84E842A0}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCCSServicesTcpip..{3F44732C-3A51-4DB7-9E50-CD0DA7035FC1}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCCSServicesTcpip..{DC146ECC-0B7E-41FA-B8D2-17281C324C06}: DhcpNameServer = 172.20.10.1
    O17 – HKLMSystemCS1ServicesTcpip..{3ED5859F-5403-40FA-B189-FFCC84E842A0}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCS1ServicesTcpip..{3F44732C-3A51-4DB7-9E50-CD0DA7035FC1}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS1ServicesTcpip..{DC146ECC-0B7E-41FA-B8D2-17281C324C06}: DhcpNameServer = 172.20.10.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.254
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1] (…) — C:Program Files (x86)1ClickMovie-Download V9.01ClickMovie-Download V9.0-codedownloader.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2] (…) — C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3] (…) — C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-3.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4] (…) — C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-4.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5] (…) — C:Program Files (x86)1ClickMovie-Download V9.07f1686b7-ae3f-42c2-8914-974b05eaaa0c-5.exe (.not file.) [0]
    [MD5.C81E206D2DDBD18396506C2978F2C6BA] [APT] [ASUS Splendid ColorU] (…) — C:Program Files (x86)ASUSSplendidColorUService.exe [171224]
    O39 – APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1 – (…) — C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1.job [1444] =>PUP.CrossRider
    O39 – APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2 – (…) — C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.job [1388] =>PUP.CrossRider
    O39 – APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3 – (…) — C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3.job [3162] =>PUP.CrossRider
    O39 – APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4 – (…) — C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4.job [2292] =>PUP.CrossRider
    O39 – APT: 7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5 – (…) — C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5.job [1496] =>PUP.CrossRider
    ~ Scheduled Task: 34 Legitimates Filtered in 00mn 23s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Price Meter (remove only) – (.Price Meter.) [HKCU][64Bits] — Price Meter =>PUP.PriceMeter
    O42 – Logiciel: SupraSavings – (.SupraSavings.) [HKLM][64Bits] — {E6B105B8-1F65-4428-9397-1DFD8A03B94D} =>PUP.SupraSavings
    ~ Logic: 27 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwarePriceMeter] =>PUP.PriceMeter
    ~ Key Software: 177 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 15/01/2014 – 21:00:19 – [] —-D C:Program Files (x86)PC Cleaner =>USP.PCCleaner
    O43 – CFD: 09/04/2014 – 22:31:00 – [] —-D C:UsersconstanceAppDataRoamingMicrosoftWindowsStart MenuPrograms1clickmoviedownloader.com =>PUP.SoftwareEngine
    ~ Program Folder: 116 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.0DE593914F0268FB2B4DE7B9C7B33057] – 09/04/2014 – 21:38:58 —A- . (.SecureAssist – WFP driver.) — C:WindowsSystem32DriversSAWFP64.sys [41768] =>PUP.SupraSavings
    ~ Files: 21 Legitimates Filtered in 02mn 09s

    —\ Derniers fichiers malwares créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.28F803FEE76BE09943D57D45DC4335D6] – 19/04/2014 – 09:48:49 —A- – C:WindowsPrefetchMYPC BACKUP.EXE-D2D9F9B9.pf =>PUP.MyPCBackup
    O45 – LFCP:[MD5.B56528312CA1ACFCC0496CEE2B292A81] – 21/04/2014 – 14:19:07 —A- – C:WindowsPrefetchPRICEMETER.EXE-E642B963.pf =>PUP.PriceMeter
    O45 – LFCP:[MD5.9AAAD0A827E0D43BCE970FEF441EC27A] – 21/04/2014 – 22:01:43 —A- – C:WindowsPrefetchPRICEMETERLIVEUPDATE.EXE-78B4F584.pf =>PUP.PriceMeter
    O45 – LFCP:[MD5.15DE84CAB22DED3F013C6EAD20A9E693] – 12/04/2014 – 22:45:08 —A- – C:WindowsPrefetchPRICEMETERLIVEUPDATEHANDLER.E-4B6DF71D.pf =>PUP.PriceMeter
    O45 – LFCP:[MD5.6CC6FB4883D7EF6BF6BB1B761756EAC6] – 11/04/2014 – 00:37:34 —A- – C:WindowsPrefetchPRICEMETERW.EXE-C650C11E.pf =>PUP.PriceMeter
    O45 – LFCP:[MD5.DA843415EC06A00EA1F93FBAB8104693] – 12/04/2014 – 10:49:28 —A- – C:WindowsPrefetchSUPTAB.EXE-948D75A7.pf =>PUP.SupTab
    ~ Prefetcher: 6 Legitimates Filtered in 00mn 03s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 17 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:13/08/2013 – 00:25:46 —A- . (.Windows (R) Win 7 DDK provider – BCM Function 2 Device Driver.) — C:WindowsSystem32Driversbcmfn2.sys [17624]
    O58 – SDL:02/08/2012 – 04:22:48 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [14992]
    O58 – SDL:18/03/2014 – 14:12:04 —A- . (.SecureAssist – WFP driver.) — C:WindowsSystem32DriversSAWFP64.sys [41768] =>PUP.SupraSavings
    O58 – SDL:22/08/2013 – 13:43:32 —A- . (.Promise Technology, Inc. – Promise SuperTrak EX Series Driver for Windows x64.) — C:WindowsSystem32Driversstexstor.sys [31072]
    O58 – SDL:13/12/2012 – 14:50:36 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
    ~ Drivers: 17 Legitimates Filtered in 00mn 04s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 19/04/2014 – 00:28:24 —A- . (…) — C:UsersconstanceDownloadstableau budget trésorerie .xlsx [10457]
    O61 – LFC: 21/04/2014 – 00:24:02 —A- . (…) — C:UsersconstanceAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [306100]
    O61 – LFC: 21/04/2014 – 00:24:09 —A- . (…) — C:UsersconstanceAppDataLocalGoogleChromeUser DataLocal State [69079]
    O61 – LFC: 21/04/2014 – 00:28:09 —A- . (…) — C:UsersconstanceAppDataRoamingsp_data.sys [62]
    O61 – LFC: 21/04/2014 – 00:28:12 —A- . (…) — C:UsersconstanceDownloads1339148784-50708.pdf [1197975]
    O61 – LFC: 21/04/2014 – 00:28:13 —A- . (…) — C:UsersconstanceDownloadsadwcleaner.exe [1324843]
    O61 – LFC: 21/04/2014 – 00:28:14 —A- . (…) — C:UsersconstanceDownloadsAIDE_MEMOIRE_EXCEL_2007_s1A_5.pdf [860630]
    O61 – LFC: 21/04/2014 – 00:28:16 —A- . (…) — C:UsersconstanceDownloadsLe cartel_des_palaces_parisiens (1).pdf [211822]
    O61 – LFC: 21/04/2014 – 00:28:16 —A- . (…) — C:UsersconstanceDownloadsLe cartel_des_palaces_parisiens.pdf [211822]
    O61 – LFC: 21/04/2014 – 00:28:17 —A- . (…) — C:UsersconstanceDownloadslivreblanc4.pdf [2857577]
    O61 – LFC: 21/04/2014 – 00:28:17 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (1).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:17 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (10).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (11).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (12).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (13).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (14).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (15).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (16).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (17).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (18).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (19).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (2).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (20).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (21).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (3).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (4).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (5).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (6).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (7).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (8).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04 (9).doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:18 —A- . (.Guillaume.) — C:UsersconstanceDownloadsMarketing_résumé_2e_03-04.doc [78336]
    O61 – LFC: 21/04/2014 – 00:28:24 —A- . (…) — C:UsersconstanceDownloadsTheme 4 Chapitre 1 – PRESENTATION DE LA NOTION DE CONTRAT.docx [28715]
    O61 – LFC: 21/04/2014 – 00:28:24 —A- . (…) — C:UsersconstanceDownloadsTheme 4 Chapitre 2 – LA FORMATION DU CONTRAT (1).docx [28759]
    O61 – LFC: 21/04/2014 – 00:28:24 —A- . (…) — C:UsersconstanceDownloadsTheme 4 Chapitre 2 – LA FORMATION DU CONTRAT.docx [166624]
    O61 – LFC: 21/04/2014 – 00:28:26 —A- . (…) — C:UsersconstanceLinksPhotos iCloud.lnk [160]
    ~ Files: 74 Legitimates Filtered in 04mn 37s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (…) — C:ProgramDataSetStretch.exe [24576]
    [MD5.72110F1F18C34AD782CE40ACD2644548] [SPRF][21/04/2014] (…) — C:UsersconstanceAppDataRoamingsp_data.sys [62]
    ~ Files: 2 Legitimates Filtered in 00mn 00s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “8B501B6E56F182443979D1DFA8309BD4” . (.SupraSavings.) — c:WINDOWSInstaller{E6B105B8-1F65-4428-9397-1DFD8A03B94D}icon64.ico =>PUP.SupraSavings
    O90 – PUC: “BD04C21DD7DC68D42958E5F22E63394E” . (.SupraSavings.) — c:WINDOWSInstaller{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}icon64.ico =>PUP.SupraSavings
    ~ Update Products: 2 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.9D0767859EE938C0C4FAC30693109843] [WIS][09/04/2014] (.SupraSavings – SupraSavings.) — C:WindowsInstaller3e66a6f0.msi [3162112] =>PUP.SupraSavings
    [MD5.9A5263D3C011F34BFA10C5458CF27197] [WIS][09/04/2014] (.SupraSavings – SupraSavings.) — C:WindowsInstaller3e66a6f5.msi [4997120] =>PUP.SupraSavings
    ~ WIS: 2 Legitimates Filtered in 00mn 08s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREMicrosoftTracingBackupStack_RASAPI32 =>PUP.MyPCBackup
    HKLMSOFTWAREMicrosoftTracingBackupStack_RASMANCS =>PUP.MyPCBackup
    ~ BTK: 24 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Disabled 14/03/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopavwebg7.exe
    SS – | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
    SS – | Auto 04/01/2014 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 04/01/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 22/08/2013 37768 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopsched.exe
    SR – | Auto 14/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopavguard.exe
    SR – | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 05/10/2012 110976 | (ASLDRService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe
    SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 01/10/2012 30080 | (DptfParticipantProcessorService) . (.Intel Corporation.) – C:WindowsSystem32DptfParticipantProcessorService.exe
    SR – | Auto 01/10/2012 31616 | (DptfPolicyConfigTDPService) . (.Intel Corporation.) – C:WindowsSystem32DptfPolicyConfigTDPService.exe
    SR – | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
    SR – | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 20/12/2012 45488 | (WakeupService) . (.ASUSTek Computer Inc..) – C:Program FilesASUSASUS VivoBookASUSWakeupService.exe
    SR – | Demand 10/07/1658 0 | (WdNisSvc) . (…) – C:Program Files (x86)Windows DefenderNisSrv.exe
    SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    ~ Services: Scanned in 00mn 25s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by constance at 22/04/2014 00:32:51
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by constance at 22/04/2014 00:32:53
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13044 – (21/04/2014)
    Clés trouvées (Keys found) : 3
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 3
    Fichiers trouvés (Files found) : 8

    [HKLMSoftwareGoogleChromeExtensionspelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallPrice Meter] =>PUP.PriceMeter^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{E6B105B8-1F65-4428-9397-1DFD8A03B94D}] =>PUP.SupraSavings^
    C:UsersconstanceAppDataLocalGoogleChromeUser DataDefaultExtensionspelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
    C:Program Files (x86)PC Cleaner =>USP.PCCleaner^
    C:UsersconstanceAppDataRoamingMicrosoftWindowsStart MenuPrograms1clickmoviedownloader.com =>PUP.SoftwareEngine^
    C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-1.job =>PUP.CrossRider^
    C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.job =>PUP.CrossRider^
    C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-3.job =>PUP.CrossRider^
    C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-4.job =>PUP.CrossRider^
    C:WindowsTasks7f1686b7-ae3f-42c2-8914-974b05eaaa0c-5.job =>PUP.CrossRider^
    [HKCUSoftwarePriceMeter] =>PUP.PriceMeter^
    C:WindowsInstaller3e66a6f0.msi =>PUP.SupraSavings^
    C:WindowsInstaller3e66a6f5.msi =>PUP.SupraSavings^
    ~ Additionnel Scan: 252458 Items scanned in 00mn 57s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    http://nicolascoolman.webs.com/apps/blog/show/41962558-pup-quickstart” onclick=”window.open(this.href);return false; =>PUP.QuickStart
    http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
    http://nicolascoolman.webs.com/apps/blog/show/41981105-pup-pricemeter” onclick=”window.open(this.href);return false; =>PUP.PriceMeter
    http://nicolascoolman.webs.com/apps/blog/show/42067481-pup-suprasavings” onclick=”window.open(this.href);return false; =>PUP.SupraSavings
    http://nicolascoolman.webs.com/apps/blog/show/29956939-usp-pccleaner” onclick=”window.open(this.href);return false; =>USP.PCCleaner
    http://nicolascoolman.webs.com/apps/blog/show/29758660-pup-softwareengine” onclick=”window.open(this.href);return false; =>PUP.SoftwareEngine
    http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup” onclick=”window.open(this.href);return false; =>PUP.MyPCBackup
    http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab” onclick=”window.open(this.href);return false; =>PUP.SupTab
    ~ MSI: 9 link(s) detected in 00mn 00s

    ~ 876 Legitimates filtered by white list
    End of the scan (514 lines in 14mn 57s)(0)}[/spoiler:srb100rr]

    kink06
    Nombre d'articles : 0

    Bonsoir, ;)

    Tu n’as pas supprimer ce que MalwareBytes a trouvé !

    A la fin du scan, clic sur “Mettre tout en quarantaine” en bas à gauche.
    Redémarre l’ordinateur si besoin.
    Après redémarrage, relance Malwarebytes.
    Vas chercher le rapport dans l’onglet Historique.
    A gauche Journal des examens.
    Doube-clic sur l’examen dans la liste.

    2)

    • Télécharge Junkware Removal Tool (de thisisu) sur ton bureau.
    • Lance Junkware Removal Tool, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Appuie sur n’importe quelle touche.

    • Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à été créé.
    • Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    3)

    • Désactive ton antivirus
    • Télécharge Shortcut_Module sur ton bureau.

      Note : Enregistrer votre travail avant de continuer !

    • Lance Shortcut_Module,
    • Clic sur Nettoyer

      Note : Patiente le temps du scan

    • Laisse travailler l’outil même s’il te parait bloqué
    • Si l’outil détecte un proxy que tu ne connais pas clic sur : “Supprimer le proxy
    • Héberge le rapport C:Shortcut_Module_date_heure.txt sur https://antimalware.top/” onclick=”window.open(this.href);return false; puis donne le lien obtenu

    puis:

    Nouveau scan ZHPDiag
    Refais un scan avec ZHPDiag poste ensuite son rapport en lien. => Poste le contenu de ce rapport en utilisant cet hébergeur de fichiers :Sosupload
    Aide: comment héberger un fichier sur Sosupload

    kink06
    Nombre d'articles : 0

    [norephelpe:2vz6kkmi][/norephelpe:2vz6kkmi]

4 sujets de 1 à 4 (sur un total de 4)
  • Vous devez être connecté pour répondre à ce sujet.