PC portable infesté 2015-04-15T15:57:09+00:00
  • Auteur
    Messages
  • g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8282

    salut

    • Désactive ton antivirus le temps du téléchargement et de l’utilisation, le mieux étant jusqu’au prochain redémarrage.
    • Télécharge AdsFix sur ton bureau.
      Note : Enregistrer votre travail avant de continuer !
    • Lance AdsFix ( clic droit “executer en tant qu’administrateur” pour Vista/7/8/8.1 )
    • Pour un pc assez infecté , il peut mettre plusieurs secondes à se charger
    • Inscrit ton pays
    • Clique sur Nettoyer , après l’avoir débloqué dans les options

      Note : Patiente le temps du scan
    • Laisse travailler l’outil même s’il te parait bloqué
    • Si l’outil détecte un proxy que tu ne connais pas clic sur : “Supprimer le proxy
    • Héberge le rapport C:AdsFix_date_heure.txt sur SOSUpload puis donne le lien obtenu.

    Aide:

  • Mourad & Morgane
    Post count: 0

    Bonjour et d’avance merci pour votre aide.

    J’ai un ordinateur portable infesté: publicités non bloquées par le bloqueur de publicités, redirections et mises en veille intempestifs…. j’ai suivi les premières étapes demandées (pas forcément exactement comme il faut :s). Voici les rapports dans l’ordre:

    – AdwCleaner: [spoiler:3gemwtff]# AdwCleaner v4.201 – Rapport créé le 15/04/2015 à 13:20:31
    # Mis à jour le 08/04/2015 par Xplode
    # Base de données : 2015-04-08.1 [Serveur]
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (x64)
    # Nom d'utilisateur : Bastien – BASTIEN-PC
    # Exécuté depuis : C:UsersBastienDownloadsAdwCleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    [#] Service Supprimé : torchcrashhandler
    [#] Service Supprimé : Service Mgr ExpressFind
    [#] Service Supprimé : Update Mgr ExpressFind

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataapn
    Dossier Supprimé : C:ProgramDatatorchcrashhandler
    Dossier Supprimé : C:Program Files (x86)Express Find
    Dossier Supprimé : C:UsersBastienAppDataLocaltorch
    Dossier Supprimé : C:UsersBastienAppDataRoamingRHEng
    Dossier Supprimé : C:UsersBastienAppDataRoamingMicrosoftWindowsStart MenuProgramstorch
    Fichier Supprimé : C:UsersPublicDesktopeBay.lnk
    Fichier Supprimé : C:UsersBastienAppDataRoamingMicrosoftInternet ExplorerQuick LaunchTorch.lnk
    Fichier Supprimé : C:UsersBastienAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarTorch.lnk
    Fichier Supprimé : C:UsersBastienAppDataRoamingMicrosoftWindowsStart MenuProgramsTorch.lnk
    Fichier Supprimé : C:UsersBastienDesktopFree Games.lnk
    Fichier Supprimé : C:UsersBastienDesktopTorch.lnk

    ***** [ Tâches planifiées ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKCUSoftwareGoogleChromeExtensionsfcfenmboojpjinhpgggodefccipikbpd
    Clé Supprimée : HKLMSOFTWAREClassesApplicationsTorch.exe
    Clé Supprimée : HKLMSOFTWAREClassesprotector_dll.protectorbho
    Clé Supprimée : HKLMSOFTWAREClassesprotector_dll.protectorbho.1
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp Pathstorch.exe
    Clé Supprimée : HKLMSOFTWAREMozillaPluginsTorchVLC
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerExtensions{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{CF623224-D905-40D8-B3E5-6EB93E6F6FF5}
    Clé Supprimée : HKCUSoftwareBitberry
    Clé Supprimée : HKCUSoftwaretorch
    Clé Supprimée : HKLMSOFTWAREtorch
    Clé Supprimée : HKLMSOFTWAREExpressFind
    Clé Supprimée : HKU.DEFAULTSoftwareAskPartnerNetwork
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstalltorch
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{EE171732-BEB4-4576-887D-CB62727F01CA}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{cfd32d46-7d3f-483f-bace-7172aec5592d}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallExpress Find

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.17689

    -\ Google Chrome v41.0.2272.118

    [C:UsersBastienAppDataLocalGoogleChromeUser DataDefaultSecure Preferences] – Supprimée [Extension] : fcfenmboojpjinhpgggodefccipikbpd

    *************************

    AdwCleaner[R0].txt – [4417 octets] – [15/04/2015 13:19:28]
    AdwCleaner[S0].txt – [4228 octets] – [15/04/2015 13:20:31]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [4288 octets] ##########[/spoiler:3gemwtff]

    – MalawareBytes 1ère fois: je ne trouve pas le rapport mais il m’a trouvé deux PUP que j’ai mis en quarantaine, puis supprimés

    – ZHPDiag: [spoiler:3gemwtff]~ Rapport de ZHPDiag v2015.4.13.38 – Nicolas Coolman (13/04/2015)
    ~ Lancé par Bastien (15/04/2015 14:08:12)
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ Adresse du Forum http://forum.nicolascoolman.fr
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17691
    GCIE: Google Chrome v41.0.2272.118 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 7QJB7
    Windows License : OK
    ~ Windows Remaining Initializations Number : 2
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK
    Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

    —\ Logiciels de protection du système
    Avast Free Antivirus v10.2.2215
    Malwarebytes Anti-Malware version 2.1.4.1018
    Windows Defender W7 (Activate)

    —\ Logiciels d'optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 17 NPAPI
    Adobe Reader X

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3947 MB (60% free)
    System Restore: Activé (Enable)
    System drive C: has 322 GB (71%) free of 448 GB

    —\ Mode de connexion au système
    ~ Computer Name: BASTIEN-PC
    ~ User Name: Bastien
    ~ All Users Names: UpdatusUser, HomeGroupUser$, Bastien, Administrateur,
    ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersBastienAppDataRoamingZHP
    ~ %AppData% : C:UsersBastienAppDataRoaming
    ~ %Desktop% : C:UsersBastienDesktop
    ~ %Favorites% : C:UsersBastienFavorites
    ~ %LocalAppData% : C:UsersBastienAppDataLocal
    ~ %StartMenu% : C:UsersBastienAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 322 Go of 448 Go)
    E: CD-ROM drive (Not Inserted)
    Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.14/07/2011 – 06:30:29.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.36F99BD8A0F09BDBB7850A138845A014] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.20/02/2015 – 02:28:25.) — C:WindowsSystem32wininet.dll [2358784]
    [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.17/07/2014 – 03:07:24.) — C:WindowsSystem32Winlogon.exe [455168]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.FA886682CFC5D36718D3E436AACF10B9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:45:52.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.14/07/2011 – 06:33:59.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.70988118145F5F10EF24720B97F35F65] – (.Microsoft Corporation – TDI Translation Driver.) (.11/11/2014 – 02:46:26.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 01s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/5
    ~ Mes Favoris (My Favorites) : 1/19
    ~ Mes Documents (My Documents) : 1/5
    ~ Mon Bureau (My Desktop) : 0/34
    ~ Menu demarrer (Programs) : 1/29
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.A824317EA303679481EF1039A5D66212] – (.Dritek System Inc. – Launch Manager Worker.) — C:Program Files (x86)Launch ManagerLMworker.exe [343632] [PID.2456]
    [MD5.A22FFAC9D24FED2FC8E7906DBC249DD2] – (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe [31682656] [PID.2720]
    [MD5.0D360F06B168A6F37ACA9D9F958245DA] – (.NTI Corporation – Acer Backup Manager.) — C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe [297280] [PID.2972]
    [MD5.9ABC4E3B00CFA3A47D5569F5B49FE42F] – (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe [1103440] [PID.2980]
    [MD5.06964B7DE858BB6317164BF184E9C766] – (.Avast Software s.r.o. – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [5512912] [PID.3016]
    [MD5.9DC1C210895A9F15AC8A9E3E40EFD768] – (.CyberLink Corp. – clear.fi Resident Program.) — C:Program Files (x86)Acerclear.fiMVPclear.fiAgent.exe [120104] [PID.1292]
    [MD5.542D3040C7EF444589153BB625A84978] – (.CyberLink – DMREngine.) — C:Program Files (x86)Acerclear.fiMVP.KernelDMRDMREngine.exe [169352] [PID.3512]
    [MD5.FA1F9EF2D1E1C03626EEE20490321992] – (.Glarysoft Ltd – Glary Utilities 5.) — C:Program Files (x86)Glary Utilities 5Integrator.exe [848160] [PID.4444]
    [MD5.D0A518D233620D59A3D2D79511FBB736] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6212408] [PID.1736]
    [MD5.3446EFE5B35A7478CA26932084F2E1C6] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8197120] [PID.6864]
    [MD5.210A326658D72D7F2EE2267F3D9C44D4] – (.Avast Software s.r.o. – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [343336] [PID.1384]
    [MD5.4C72FDD915D62EAEF149BD9C73AB9CF4] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [81088] [PID.2004]
    [MD5.1F79342D9EB530A48742F651E570983A] – (.Microsoft Corporation – Updates Skype Click to Call.) — C:Program Files (x86)SkypeToolbarsAutoUpdateSkypeC2CAutoUpdateSvc.exe [1390176] [PID.2300]
    [MD5.E4938E0A376CF0B9D989EE5C0A146891] – (.Microsoft Corporation – Phone Number Recognition (PNR) module.) — C:Program Files (x86)SkypeToolbarsPNRSvcSkypeC2CPNRSvc.exe [1767520] [PID.2336]
    [MD5.9DD3A22F804697606C2B7FF9E912FF6B] – (.Dritek System Inc. – Dritek WMI Service.) — C:Program Files (x86)Launch Managerdsiwmis.exe [353360] [PID.2384]
    [MD5.21ACFD2B4BF6C0F4D9080A437E400E88] – (.Dritek System Inc. – Launch Manager utility process.) — C:Program Files (x86)Launch ManagerLMutilps32.exe [418896] [PID.2464]
    [MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] – (.Acer Incorporated – Global Registration Service.) — C:Program Files (x86)AcerRegistrationGREGsvc.exe [36456] [PID.2488]
    [MD5.B705C7097F9A0EC941D02DCE7C7D426C] – (.Acer Incorporated – Updater Service.) — C:Program FilesAcerAcer UpdaterUpdaterService.exe [244624] [PID.2516]
    [MD5.1873214666F6F0A883742DF91FBC48C9] – (.NTI Corporation – Backup Manager Module.) — C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe [256832] [PID.2596]
    [MD5.39B1D0A636A400304565D4521FAD6D77] – (.Microsoft Corporation – Microsoft Application Virtualization Virtua.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [207528] [PID.3180]
    [MD5.77C5A741A7452812F278EF2C18478862] – (.Microsoft Corporation – Microsoft Application Virtualization Client.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [523944] [PID.3424]
    [MD5.FD557A50A65E44041CD2FCEF4BEB04DB] – (.Microsoft Corporation – Microsoft Office Client Virtualization Serv.) — C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.exe [822504] [PID.4572]
    [MD5.E79A8E33BD136D14BAE1FA20EB2EF124] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13592] [PID.1448]
    [MD5.50C7CE53EF461870410355F1F2E7D515] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [326168] [PID.4152]
    [MD5.A072423C3812472D326BC774610055CF] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2009704] [PID.3240]
    [MD5.374EBDA379A8F38E0CFC2211611E7167] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2656280] [PID.4872]
    [MD5.E27891A49DF92004041FEC5C3A2D4230] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [1080120] [PID.5108]
    [MD5.86701B8E4C53280AA8642AC85F8500F4] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1871160] [PID.512]
    ~ Processes Running: Scanned in 00mn 03s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersBastienAppDataLocalGoogleChromeUser DataDefaultPreferences

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 11 Legitimates Filtered in 00mn 03s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean) (21)
    ~ Hosts File: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Acheter en ligne.lnk . (…) — C:Program Files (x86)Accessory StoreStartUrl.exe (.not file.)
    O4 – GSDesktop [Bastien]: Free Music.lnk . (…) — C:UsersBastienAppDataLocalTorchApplicationtorch.exe (.not file.)
    ~ Global Startup: 2 Legitimates Filtered in 00mn 04s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
    O4 – HKLM..Run: [IntelTBRunOnce] b nologo C:Program FilesIntelTurboBoostRunTBGadgetOnce.vbs (.not file.)
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [RtHDVBg] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
    O4 – HKLM..Run: [Power Management] . (.Acer Incorporated – ePowerTray.) — C:Program FilesAcerAcer ePower ManagementePowerTray.exe
    O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe =>.Skype Technologies S.A.
    O4 – HKCU..Run: [GUDelayStartup] . (.Glarysoft Ltd – Glary Utilities StartupManager.) — C:Program Files (x86)Glary Utilities 5StartupManager.exe
    O4 – HKLM..Wow6432NodeRun: [mcui_exe] C:Program FilesMcAfee.comAgentmcagent.exe (.not file.)
    O4 – HKLM..Wow6432NodeRun: [SuiteTray] . (.Egis Technology Inc. – SuiteTray.) — C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe
    O4 – HKLM..Wow6432NodeRun: [BackupManagerTray] . (.NTI Corporation – Acer Backup Manager.) — C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe
    O4 – HKLM..Wow6432NodeRun: [LManager] . (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe
    O4 – HKLM..Wow6432NodeRun: [Dolby Advanced Audio v2] . (.Dolby Laboratories Inc. – Dolby Profile Selector.) — C:Dolby PCEE4pcee4.exe
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.Avast Software s.r.o. – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUS.DEFAULT..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
    O4 – HKUSS-1-5-18..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
    O4 – HKUSS-1-5-21-2674289332-2699653734-153004527-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2674289332-2699653734-153004527-1000..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 05s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: Skype Click to Call settings [64Bits] – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (…) — c:program files (x86)skypetoolbarsinternet explorer x64icon.ico
    O9 – Extra button: Free YouTube Download [64Bits] – {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (…) — C:Program Files (x86)Common FilesDVDVideoSoftpluginsdvdvideosoft.ico
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{1F97BBD5-7675-4691-9905-0DFA8D01717D}: DhcpNameServer = 89.2.0.1 89.2.0.2
    O17 – HKLMSystemCCSServicesTcpip..{2D354F33-412B-4746-916B-D93389455A7C}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCS1ServicesTcpip..{1F97BBD5-7675-4691-9905-0DFA8D01717D}: DhcpNameServer = 89.2.0.1 89.2.0.2
    O17 – HKLMSystemCS1ServicesTcpip..{2D354F33-412B-4746-916B-D93389455A7C}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCS2ServicesTcpip..{1F97BBD5-7675-4691-9905-0DFA8D01717D}: DhcpNameServer = 89.2.0.1 89.2.0.2
    O17 – HKLMSystemCS2ServicesTcpip..{2D354F33-412B-4746-916B-D93389455A7C}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 89.2.0.1 89.2.0.2
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – AppInit_DLLs: . (.NVIDIA Corporation – NVIDIA Compatible NVIDIA shim initializatio.) – C:Windowssystem32nvinitx.dll
    ~ AppInit DLL: Scanned in 00mn 00s

    —\ Enumère les données de BootExecute (BEX) (O34)
    O34 – HKLM BootExecute: (autocheck autochk * ) – File not found
    ~ BEX: 1 Legitimates Filtered in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [{6C2C12DD-1483-43C7-8F71-740F3DCC640A}] (…) — c:usersBastienappdatalocaltorchapplicationtorch.exe (.not file.) [0]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsSystem32TasksGlaryInitialize 5 [336]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1066]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1070]
    ~ Scheduled Task: 24 Legitimates Filtered in 00mn 10s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (dtsoftbus01) . (. – .) – C:WindowsSystem32DRIVERSdtsoftbus01.sys (.not file.)
    ~ Drivers: 82 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 23/03/2015 – 19:40:49 – [] —-D C:Program Files (x86)Free Codec Pack
    O43 – CFD: 15/04/2015 – 11:56:14 – [] —-D C:Program Files (x86)Common Files77790361-426c-4fa2-8cf3-5994543d685d
    O43 – CFD: 15/04/2015 – 12:56:51 – [] —-D C:ProgramData77790361-426c-4fa2-8cf3-5994543d685d
    O43 – CFD: 21/11/2010 – 09:16:41 – [0] R-H-D C:ProgramDataMicrosoftWindowsStart MenuProgramsTablet PC
    O43 – CFD: 08/12/2014 – 21:31:50 – [] -SH-D C:UsersBastienAppDataLocalEmieBrowserModeList
    ~ 1 Dossier CLSID vide (CLSID Empty Folder)
    ~ Program Folder: 184 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.CF59A63FFA1F0C792F6E6D1CD5ACE722] – 08/04/2015 – 09:49:06 —A- . (…) — C:Windowswininit.ini [682]
    ~ Files: 8 Legitimates Filtered in 00mn 19s

    —\ Clé de registre Shell MountPoints2 (MPSK) (O51)
    O51 – MPSK:{85614c67-7bb5-11e4-b942-b870f4f74046}AutoRuncommand. (…) — F:autorun.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 19 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:30/03/2015 – 20:19:41 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [29168] =>.ALWIL Software
    O58 – SDL:30/03/2015 – 20:19:41 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65736] =>.ALWIL Software
    O58 – SDL:30/03/2015 – 20:19:41 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [271200] =>.ALWIL Software
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:05/04/2011 – 12:26:26 —A- . (.ELAN Microelectronics Corp. – ETD Kernel Center.) — C:WindowsSystem32DriversETD.sys [142632]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    ~ Drivers: 75 Legitimates Filtered in 00mn 04s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2015 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 30/03/2015 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    O64 – Services: CurCS – 15/03/2015 – C:Windowssystem32driversGUBootStartup.sys (GUBootStartup) .(.Glarysoft Ltd – The driver for the Startup Manager tool.) – LEGACY_GUBOOTSTARTUP
    O64 – Services: CurCS – 17/03/2015 – C:Windowssystem32driversmwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation – Malwarebytes Web Access Control.) – LEGACY_MBAMWEBACCESSCONTROL
    O64 – Services: CurCS – 10/06/2009 – C:WindowsSystem32Driverssecdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) – LEGACY_SECDRV
    O64 – Services: CurCS – 30/03/2015 – C:Program FilesAVAST SoftwareAvastngvboxVBoxAswDrv.sys (VBoxAswDrv) .(.Avast Software – VirtualBox Support Driver.) – LEGACY_VBOXASWDRV
    ~ Legacy: 140 Legitimates Filtered in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: < .html> [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O68 – StartMenuInternet: <>[HKLM..ShellopenCommand] (.Not Key.)
    O68 – StartMenuInternet:
    [HKLM..ShellopenCommand] (…) — C:UsersBastienAppDataLocalTorchApplicationtorch.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com
    O69 – SBI: SearchScopes [HKCU] {3FBEBE6F-3BE9-4D84-9E2C-9D802C27CE3D} – (Google) – http://www.google.com
    O69 – SBI: SearchScopes [HKCU] {BBB8E27E-0BE0-4C7C-BDC4-80AF28EC132A} – (Bing) – http://www.bing.com
    O69 – SBI: SearchScopes [HKCU] {DEB07464-BDEC-40C5-930E-E64FF41D5955} – (Google) – http://www.google.com
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “279A5E3D51A9D724EA8718185ADF49C3” . (.eBay Worldwide.) — c:WindowsInstaller{D3E5A972-9A15-427D-AE78-8181A5FD943C}_6FEFF9B68218417F98F549.exe =>Toolbar.eBay
    ~ Update Products: 1 Legitimates Filtered in 00mn 00s

    —\ Export de clés de registre aléatoires (O91)
    [HKLMSoftwareWow6432Node14919ea49a8f3b4aa3cf1058d9a64cec]:s=”0″
    ~ Export Key Software: Scanned in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 14/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 21/06/2011 173424 | (EgisTec Ticket Service) . (.Egis Technology Inc..) – C:Program Files (x86)Common FilesEgisTecServicesEgisTicketService.exe
    SS – | Demand 04/12/2014 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
    SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
    SS – | Auto 15/02/2015 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 15/02/2015 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 15/02/2015 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Demand 29/11/2010 149504 | (TurboBoost) . (.Intel(R) Corporation.) – C:Program FilesIntelTurboBoostTurboBoost.exe
    SR – | Auto 03/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 30/03/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Demand 30/03/2015 4030800 | (AvastVBoxSvc) . (.Avast Software.) – C:Program FilesAVAST SoftwareAvastngvboxAvastVBoxSVC.exe
    SR – | Auto 01/07/2011 353360 | (DsiWMIService) . (.Dritek System Inc..) – C:Program Files (x86)Launch Managerdsiwmis.exe
    SR – | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FilesAcerAcer ePower ManagementePowerSvc.exe
    SR – | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) – C:Program Files (x86)AcerRegistrationGREGsvc.exe
    SR – | Auto 30/04/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 22/04/2011 244624 | (Live Updater Service) . (.Acer Incorporated.) – C:Program FilesAcerAcer UpdaterUpdaterService.exe
    SR – | Auto 01/02/2011 326168 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 17/03/2015 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 17/03/2015 1080120 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 24/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) – C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe
    SR – | Auto 31/03/2011 993896 | (NVSvc) . (.NVIDIA Corporation.) – C:WindowsSystem32nvvsvc.exe
    SR – | Auto 30/03/2011 2009704 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe
    SR – | Auto 01/02/2011 2656280 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 22/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 12s

    —\ Scan Additionnel (O88)
    Database Version : 13008 – (13/04/2015)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 0

    ~ Additionnel Scan: 239799 Items scanned in 00mn 40s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
    ~ AMI: 3 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ MSI: 0 link(s) detected in 00mn 00s

    ~ 812 Legitimates filtered by white list
    End of the scan (436 lines in 02mn 36s)(0.11)[/spoiler:3gemwtff]

    et j’ai désinstallé les trois logiciels. J’ai lancé un nettoyage avec Ccleaner.

    Comme les publicités et redirections continuaient, j’ai continué:

    -J’ai désinstallé toolbar et bing

    -MalawareBytes 2ème fois: il m’a trouvé une vingtaine de fichiers et dossiers PUP que j’ai mis en quarantaine (du coup j’ai encore les noms)

    -ZHPCleaner (le design est juste parfait ;)): [spoiler:3gemwtff]~ ZHPCleaner v2015.4.15.168 by Nicolas Coolman (15/04/2015)
    ~ Run by Bastien (Administrator) (15/04/2015 17:33:01)
    ~ Forum : http://forum.nicolascoolman.fr
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Type : Netttoyer
    ~ Report : C:UsersBastienDesktopZHPCleaner.txt
    ~ Quarantine : C:UsersBastienAppDataRoamingZHPZHPCleaner_Quarantine.txt
    ~ UAC : Activate
    ~ Boot Mode : Normal (Normal boot)
    ~ Windows 7, 64-bit Service Pack 1 (Build 7601)

    —\ Service. (0)
    ~ Aucun élément malicieux trouvé.

    —\ Navigateur internet. (0)
    ~ Aucun élément malicieux trouvé.

    —\ Fichier hôte. (1)
    ~ Le fichier hôte est légitime. (21)

    —\ Tâche planifiée. (0)
    ~ Aucun élément malicieux trouvé.

    —\ Explorateur ( Dossiers, Fichiers ). (3)
    DEPLACÉ fichier*: C:UsersBastienAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxps_expressfind-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
    DEPLACÉ fichier*: C:UsersBastienAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxps_expressfind-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)
    DEPLACÉ dossier: C:UsersBastienAppDataLocal{75747C0A-7DED-40B6-A83A-96238120AB40} (Empty)

    —\ Base de Registres ( Clés, Valeurs, Données ). (0)
    ~ Aucun élément malicieux trouvé.

    —\ Bilan de la réparation
    ~ Réparation réalisée avec succès.
    ~ Ce navigateur est absent (Mozilla Firefox)
    ~ Ce navigateur est absent (Opera Software)

    —\ Statistiques
    ~ Items scannés : 63495
    ~ Items trouvés : 0
    ~ Items réparés : 3

    End of clean at 17:41:28
    ===================
    ZHPCleaner-[R]-15042015-17_41_28.txt
    ZHPCleaner--15042015-17_28_36.txt[/spoiler:3gemwtff]

    Voilà, c’est l’ordinateur d’un ami, du coup je lance un nettoyage Avast en partant et je pense que je pourrai de nouveau le manipuler ce week end. Merci à la personne qui pourra prendre en charge ce sujet et merci pour la création et maintenance du site :D.

Le sujet ‘PC portable infesté’ est fermé à de nouvelles réponses.