virus clé usb 2013-11-23T13:46:48+00:00
14 sujets de 1 à 14 (sur un total de 14)
  • Auteur
    Messages
  • nadouche92-2
    Nombre d'articles : 0

    Voici le rapport apres “recherche” sur usbfix. qu’est ce que je dois faire?
    ############################## | UsbFix V 7.152 | [Recherche]

    Utilisateur: Nadia (Administrateur) # NADIA-PC
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 14:32:16 | 23/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (1025C)
    CPU: Intel(R) Atom(TM) CPU N2800 @ 1.86GHz
    RAM -> [Total : 1012 | Free : 278]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Starter (6.1.7601 32-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16736
    WB: Mozilla Firefox : 16.0.2

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 100 Go (65 Go libre(s) – 65%) [] # NTFS
    D: -> Disque fixe # 183 Go (183 Go libre(s) – 100%) [] # NTFS

    ################## | Processus Actif |

    C:windowssystem32csrss.exe (ID: 572 |ParentID: 524)
    C:windowssystem32wininit.exe (ID: 620 |ParentID: 524)
    C:windowssystem32csrss.exe (ID: 628 |ParentID: 612)
    C:windowssystem32services.exe (ID: 672 |ParentID: 620)
    C:windowssystem32lsass.exe (ID: 680 |ParentID: 620)
    C:windowssystem32lsm.exe (ID: 700 |ParentID: 620)
    C:windowssystem32winlogon.exe (ID: 732 |ParentID: 612)
    C:windowssystem32svchost.exe (ID: 836 |ParentID: 672)
    C:windowssystem32svchost.exe (ID: 928 |ParentID: 672)
    C:windowsSystem32svchost.exe (ID: 1024 |ParentID: 672)
    C:windowsSystem32svchost.exe (ID: 1064 |ParentID: 672)
    C:windowssystem32svchost.exe (ID: 1108 |ParentID: 672)
    C:windowssystem32svchost.exe (ID: 1144 |ParentID: 672)
    C:windowssystem32svchost.exe (ID: 1316 |ParentID: 672)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1492 |ParentID: 672)
    C:windowssystem32WLANExt.exe (ID: 1512 |ParentID: 1064)
    C:windowssystem32conhost.exe (ID: 1520 |ParentID: 572)
    C:windowsSystem32spoolsv.exe (ID: 1668 |ParentID: 672)
    C:windowssystem32svchost.exe (ID: 1716 |ParentID: 672)
    C:Program FilesASUSInstantOn for EPCInsOnSrv.exe (ID: 1928 |ParentID: 672)
    C:windowssystem32taskhost.exe (ID: 2020 |ParentID: 672)
    C:windowssystem32Dwm.exe (ID: 580 |ParentID: 1064)
    C:windowsExplorer.EXE (ID: 612 |ParentID: 460)
    C:windowssystem32AsusService.exe (ID: 852 |ParentID: 672)
    C:Program FilesPANDORA.TVPanServiceKMPService.exe (ID: 1200 |ParentID: 672)
    C:Program FilesMicrosoft Application Virtualization Clientsftvsa.exe (ID: 2644 |ParentID: 672)
    C:windowssystem32svchost.exe (ID: 2664 |ParentID: 672)
    C:Program FilesTrend MicroTitaniumTiMiniService.exe (ID: 2720 |ParentID: 672)
    C:Program FilesASUSHotkeyServiceHotKeyMon.exe (ID: 2788 |ParentID: 852)
    C:Program FilesAsusEee DockingEee Docking.exe (ID: 2820 |ParentID: 612)
    C:Program FilesASUSHotkeyServiceHotkeyService.exe (ID: 2852 |ParentID: 852)
    C:ExpressGateUtilVAWinService.exe (ID: 3112 |ParentID: 672)
    C:Program FilesAsusLiveUpdateLiveUpdate.exe (ID: 3140 |ParentID: 852)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 3168 |ParentID: 672)
    C:Program FilesASUSSHESuperHybridEngine.exe (ID: 3216 |ParentID: 852)
    C:Program FilesMicrosoft Application Virtualization Clientsftlist.exe (ID: 3292 |ParentID: 672)
    C:ExpressGateUtilVAWinAgent.exe (ID: 3320 |ParentID: 612)
    C:Program FilesTrend MicroTitaniumTiResumeSrv.exe (ID: 3364 |ParentID: 2720)
    C:windowssystem32conhost.exe (ID: 3392 |ParentID: 572)
    C:Program FilesASUSCapsHookCapsHook.exe (ID: 3408 |ParentID: 852)
    C:windowssystem32wbemwmiprvse.exe (ID: 3508 |ParentID: 836)
    C:Program FilesASUSInstantOn for EPCInsOnWMI.exe (ID: 3592 |ParentID: 1928)
    C:WindowsSystem32igfxtray.exe (ID: 3628 |ParentID: 612)
    C:WindowsSystem32hkcmd.exe (ID: 3652 |ParentID: 612)
    C:WindowsSystem32igfxpers.exe (ID: 3684 |ParentID: 612)
    C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 3780 |ParentID: 612)
    C:windowssystem32igfxsrvc.exe (ID: 3788 |ParentID: 836)
    C:Program FilesElantechETDCtrl.exe (ID: 3828 |ParentID: 612)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 3924 |ParentID: 3168)
    C:Program FilesPANDORA.TVPanServiceKMPProcess.exe (ID: 2740 |ParentID: 1200)
    C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3028 |ParentID: 612)
    C:Program FilesASUSUSBChargeSettingiSeriesCharge.exe (ID: 2760 |ParentID: 852)
    C:Program FilesCommon FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID: 2488 |ParentID: 672)
    C:windowssystem32SearchIndexer.exe (ID: 2556 |ParentID: 672)
    C:windowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 4260 |ParentID: 672)
    C:windowssystem32svchost.exe (ID: 4452 |ParentID: 672)
    C:windowsservicingTrustedInstaller.exe (ID: 4524 |ParentID: 672)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4764 |ParentID: 672)
    C:windowssystem32svchost.exe (ID: 5124 |ParentID: 672)
    C:Program FilesElantechETDCtrlHelper.exe (ID: 5300 |ParentID: 3828)
    C:windowssystem32wuauclt.exe (ID: 4100 |ParentID: 1144)
    C:Program FilesMozilla Firefoxfirefox.exe (ID: 5544 |ParentID: 612)
    C:windowssystem32SearchProtocolHost.exe (ID: 4912 |ParentID: 2556)
    C:windowssystem32SearchFilterHost.exe (ID: 4304 |ParentID: 2556)
    C:Program FilesMozilla Firefoxplugin-container.exe (ID: 3612 |ParentID: 5544)
    C:windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 5732 |ParentID: 3612)
    C:windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 1980 |ParentID: 5732)
    C:UsbFixGo.exe (ID: 5148 |ParentID: 5792)
    C:windowssystem32wbemwmiprvse.exe (ID: 4276 |ParentID: 836)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [GfxServiceInstall] – C:windowssystem32GfxCUIServiceInstall.vbs
    04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLMSOFTWARE | Run : [HotkeyMon] – AsusSender.exe C:Program FilesASUSHotkeyServiceHotKeyMon.exe
    04 – HKLMSOFTWARE | Run : [HotkeyService] – AsusSender.exe C:Program FilesASUSHotkeyServiceHotkeyService.exe
    04 – HKLMSOFTWARE | Run : [SuperHybridEngine] – AsusSender.exe C:Program FilesASUSSHESuperHybridEngine.exe
    04 – HKLMSOFTWARE | Run : [LiveUpdate] – AsusSender.exe C:Program FilesAsusLiveUpdateLiveUpdate.exe auto
    04 – HKLMSOFTWARE | Run : [CapsHook] – AsusSender.exe C:Program FilesASUSCapsHookCapsHook.exe
    04 – HKLMSOFTWARE | Run : [Eee Docking] – C:Program FilesASUSEee DockingEee Docking.exe autorun
    04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program FilesASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
    04 – HKLMSOFTWARE | Run : [VizorHtmlDialog.exe] – “C:Program FilesTrend MicroTitaniumUIFrameworkVizorHtmlDialog.exe” “DEF” “EULA” “C:Program FilesTrend MicroTitaniumUIInstaller.cmptresourcespreinstall_01_welcome_trial.html” “DEF” “DEF” “DEF”
    04 – HKLMSOFTWARE | Run : [Trend Micro Client Framework] – “C:Program FilesTrend MicroUniClientUiFrmWrkUIWatchDog.exe”
    04 – HKLMSOFTWARE | Run : [Trend Micro Titanium] – C:Program FilesTrend MicroTitaniumVizorShortCut.exe -ReFlush “none” “none”
    04 – HKLMSOFTWARE | Run : [VAWinAgent] – C:ExpressGateUtilVAWinAgent.exe
    04 – HKLMSOFTWARE | Run : [IgfxTray] – C:windowssystem32igfxtray.exe
    04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:windowssystem32hkcmd.exe
    04 – HKLMSOFTWARE | Run : [Persistence] – C:windowssystem32igfxpers.exe
    04 – HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
    04 – HKLMSOFTWARE | Run : [ETDCtrl] – %ProgramFiles%ElantechETDCtrl.exe
    04 – HKLMSOFTWARE | Run : [ASUSPRP] – C:Program FilesASUSAPRPAPRP.EXE
    04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [iSeriesCharge] – AsusSender.exe C:Program FilesASUSUSBChargeSettingiSeriesCharge.exe
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! C:UsersNadiaAppDataLocalTemputtBB75.tmp.exe
    Présent! C:UsersNadiaAppDataLocalTempjvNKRBkG.vbs

    ################## | Référence de comparaison MD5 |

    Md5 : 86135C147E1EC57C5F163769827B1ADC -> C:UsersNadiaAppDataLocalTempjvNKRBkG.vbs

    ################## | Comparaison MD5 |

    Présent! Md5 : 86135C147E1EC57C5F163769827B1ADC -> C:UsersNadiaAppDataLocalTempjvNKRBkG.vbs

    ################## | Registre |

    ################## | Vaccin |

    (!) Cet ordinateur n’est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    kink06
    Nombre d'articles : 0

    Saalut et :welcome: sur sosvirus. ;)

    Un petit bonjour ne serait pas de refus :shocked:

    • Fais clic droit dessus,sur usbfix exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Choisis l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
    nadouche92-2
    Nombre d'articles : 0

    VOILA RAPPORT APRES SUPPRESSION
    ############################## | UsbFix V 7.152 | [Suppression]

    Utilisateur: Nadia (Administrateur) # NADIA-PC
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 14:47:34 | 23/11/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (1025C)
    CPU: Intel(R) Atom(TM) CPU N2800 @ 1.86GHz
    RAM -> [Total : 1012 | Free : 174]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Starter (6.1.7601 32-Bit) Service Pack 1
    WB: Windows Internet Explorer : 10.0.9200.16736
    WB: Mozilla Firefox : 16.0.2

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 100 Go (65 Go libre(s) – 65%) [] # NTFS
    D: -> Disque fixe # 183 Go (183 Go libre(s) – 100%) [] # NTFS

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1492 |ParentID: 672)
    Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 3028 |ParentID: 612)
    Stoppé! C:Program FilesPANDORA.TVPanServiceKMPService.exe (ID: 5956 |ParentID: 672)
    Stoppé! C:windowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 4388 |ParentID: 672)
    Stoppé! C:Program FilesPANDORA.TVPanServiceKMPProcess.exe (ID: 5880 |ParentID: 5956)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID: 2164 |ParentID: 672)
    Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID: 1696 |ParentID: 2164)
    Stoppé! C:windowssystem32SearchIndexer.exe (ID: 5104 |ParentID: 672)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3068 |ParentID: 672)
    Stoppé! C:windowsSystem32spoolsv.exe (ID: 3608 |ParentID: 672)
    Stoppé! C:windowsExplorer.exe (ID: 3408 |ParentID: 5148)
    Stoppé! C:windowssystem32DllHost.exe (ID: 3532 |ParentID: 836)
    Stoppé! C:Program FilesMozilla Firefoxfirefox.exe (ID: 4116 |ParentID: 3408)
    Stoppé! C:Program FilesMozilla Firefoxplugin-container.exe (ID: 2804 |ParentID: 4116)
    Stoppé! C:windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 3632 |ParentID: 2804)
    Stoppé! C:windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 3272 |ParentID: 3632)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [GfxServiceInstall] – C:windowssystem32GfxCUIServiceInstall.vbs
    04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
    04 – HKLMSOFTWARE | Run : [HotkeyMon] – AsusSender.exe C:Program FilesASUSHotkeyServiceHotKeyMon.exe
    04 – HKLMSOFTWARE | Run : [HotkeyService] – AsusSender.exe C:Program FilesASUSHotkeyServiceHotkeyService.exe
    04 – HKLMSOFTWARE | Run : [SuperHybridEngine] – AsusSender.exe C:Program FilesASUSSHESuperHybridEngine.exe
    04 – HKLMSOFTWARE | Run : [LiveUpdate] – AsusSender.exe C:Program FilesAsusLiveUpdateLiveUpdate.exe auto
    04 – HKLMSOFTWARE | Run : [CapsHook] – AsusSender.exe C:Program FilesASUSCapsHookCapsHook.exe
    04 – HKLMSOFTWARE | Run : [Eee Docking] – C:Program FilesASUSEee DockingEee Docking.exe autorun
    04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program FilesASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
    04 – HKLMSOFTWARE | Run : [VizorHtmlDialog.exe] – “C:Program FilesTrend MicroTitaniumUIFrameworkVizorHtmlDialog.exe” “DEF” “EULA” “C:Program FilesTrend MicroTitaniumUIInstaller.cmptresourcespreinstall_01_welcome_trial.html” “DEF” “DEF” “DEF”
    04 – HKLMSOFTWARE | Run : [Trend Micro Client Framework] – “C:Program FilesTrend MicroUniClientUiFrmWrkUIWatchDog.exe”
    04 – HKLMSOFTWARE | Run : [Trend Micro Titanium] – C:Program FilesTrend MicroTitaniumVizorShortCut.exe -ReFlush “none” “none”
    04 – HKLMSOFTWARE | Run : [VAWinAgent] – C:ExpressGateUtilVAWinAgent.exe
    04 – HKLMSOFTWARE | Run : [IgfxTray] – C:windowssystem32igfxtray.exe
    04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:windowssystem32hkcmd.exe
    04 – HKLMSOFTWARE | Run : [Persistence] – C:windowssystem32igfxpers.exe
    04 – HKLMSOFTWARE | Run : [RtHDVCpl] – C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
    04 – HKLMSOFTWARE | Run : [ETDCtrl] – %ProgramFiles%ElantechETDCtrl.exe
    04 – HKLMSOFTWARE | Run : [ASUSPRP] – C:Program FilesASUSAPRPAPRP.EXE
    04 – HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
    04 – HKLMSOFTWARE | Run : [iSeriesCharge] – AsusSender.exe C:Program FilesASUSUSBChargeSettingiSeriesCharge.exe
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Supprimé! C:UsersNadiaAppDataLocalTemputtBB75.tmp.exe
    Supprimé! C:UsersNadiaAppDataLocalTempjvNKRBkG.vbs

    (!) Fichiers temporaires supprimés.

    ################## | Référence de comparaison MD5 |

    Md5 : 86135C147E1EC57C5F163769827B1ADC -> C:UsersNadiaAppDataLocalTempjvNKRBkG.vbs

    ################## | Comparaison MD5 |

    ################## | Registre |

    ################## | Listing |

    [25/10/2012 – 14:35:56 | SHD ] C:$RECYCLE.BIN
    [11/10/2013 – 16:17:33 | D ] C:AsusVibeData
    [10/06/2009 – 22:42:20 | N | 24] C:autoexec.bat
    [28/06/2012 – 15:03:51 | SHD ] C:Boot
    [20/11/2010 – 13:40:08 | RASH | 383786] C:bootmgr
    [28/06/2012 – 15:05:00 | N | 49] C:CFGCHK.log
    [10/06/2009 – 22:42:20 | N | 10] C:config.sys
    [14/07/2009 – 05:53:55 | SHD ] C:Documents and Settings
    [25/10/2012 – 14:40:19 | D ] C:ExpressGateUtil
    [23/11/2013 – 14:17:39 | ASH | 795820032] C:hiberfil.sys
    [11/04/2012 – 06:05:15 | D ] C:Intel
    [31/01/2013 – 18:51:24 | RHD ] C:MSOCache
    [27/06/2012 – 21:44:14 | D ] C:OEM
    [23/11/2013 – 14:17:41 | ASH | 1073741824] C:pagefile.sys
    [14/07/2009 – 03:37:05 | D ] C:PerfLogs
    [15/10/2013 – 15:34:49 | N | 1372] C:preference.xml
    [07/11/2013 – 20:19:15 | D ] C:Program Files
    [07/11/2013 – 19:07:44 | HD ] C:ProgramData
    [25/10/2012 – 14:26:11 | SHD ] C:Recovery
    [11/04/2012 – 06:07:13 | N | 2055] C:RHDSetup.log
    [31/08/2011 – 13:00:22 | N | 1083] C:setup.iss
    [11/04/2012 – 08:05:54 | N | 164] C:setup.log
    [17/11/2013 – 23:56:47 | SHD ] C:System Volume Information
    [23/11/2013 – 14:50:39 | D ] C:UsbFix
    [23/11/2013 – 14:50:44 | A | 6888] C:UsbFix [Clean 2] NADIA-PC.txt
    [23/11/2013 – 14:36:08 | N | 9277] C:UsbFix [Scan 1] NADIA-PC.txt
    [25/10/2012 – 14:27:57 | RD ] C:Users
    [09/08/2013 – 21:48:01 | D ] C:Windows
    [25/10/2012 – 14:31:32 | SHD ] D:$RECYCLE.BIN
    [26/10/2012 – 05:04:17 | SHD ] D:System Volume Information

    ################## | Vaccin |

    (!) Cet ordinateur n’est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    kink06
    Nombre d'articles : 0

    ok ve ;)

    ensuite fais ceci =>

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur Configurer
    • Clique sur l’icône représentant une loupe avec un + (« Lancer le diagnostic »)

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
    nadouche92-2
    Nombre d'articles : 0

    voici le rapport que je poste ici car je n’arrive pas a l’heberger dans l’autre truc
    ~ Rapport de ZHPDiag v2013.11.22.46 – Nicolas Coolman (22/11/2013)
    ~ Lancé par Nadia (23/11/2013 15:13:44)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16736
    MFIE: Mozilla Firefox 16.0.2 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : YCJVG
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v7.0.1473.0
    Trend Micro Titanium v3.00
    Windows Defender W7

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1 MUI

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 54 Stepping 1, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1011 MB (11% free)
    System Restore: Activé (Enable)
    System drive C: has 65 GB (64%) free of 100 GB

    —\ Mode de connexion au système
    ~ Computer Name: NADIA-PC
    ~ User Name: Nadia
    ~ All Users Names: Nadia, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersNadiaAppDataRoamingZHP
    ~ %AppData% : C:UsersNadiaAppDataRoaming
    ~ %Desktop% : C:UsersNadiaDesktop
    ~ %Favorites% : C:UsersNadiaFavorites
    ~ %LocalAppData% : C:UsersNadiaAppDataLocal
    ~ %StartMenu% : C:UsersNadiaAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 65 Go of 100 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 183 Go of 183 Go)
    Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 43 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 06:30:54.) — C:WindowsExplorer.exe [2616320]
    [MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:14:45.) — C:WindowsSystem32Wininit.exe [96256]
    [MD5.5FD4335DCD343D0FEA9FA6B18ED408D9] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 08:03:50.) — C:WindowsSystem32wininet.dll [1767936]
    [MD5.6D13E1406F50C66E2A95D97F22C47560] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 13:17:56.) — C:WindowsSystem32Winlogon.exe [286720]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 13:21:26.) — C:WindowsSystem32sppcomapi.dll [193536]
    [MD5.F81BB7E487EDCEAB630A7EE66CF23913] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 01:48:58.) — C:Windowssystem32DriversAFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 09:38:12.) — C:Windowssystem32DriversCdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 09:42:34.) — C:Windowssystem32DriversDfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 10:59:30.) — C:Windowssystem32DriversHDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 00:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:17:22.) — C:Windowssystem32DriversMRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 09:39:46.) — C:Windowssystem32DriversnetBT.sys [187904]
    [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 14:45:29.) — C:Windowssystem32Driversntfs.sys [1211752]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 00:45:35.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 00:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 00:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 09:39:18.) — C:Windowssystem32Driverstdx.sys [74752]
    [MD5.C37AEE5966EB5929E2051AC7409B5730] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.25/02/2011 – 06:40:54.) — C:Windowssystem32Driversvolsnap.sys [246144]
    ~ Generic Processes: Scanned in 00mn 01s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes Favoris (My Favorites) : 1/5
    ~ Mes Documents (My Documents) : 1/17
    ~ Mon Bureau (My Desktop) : 2/1902
    ~ Menu demarrer (Programs) : 1/35
    ~ Hidden Files: Scanned in 00mn 06s

    —\ Processus lancés
    [MD5.FB05FF189FC5F57DE636315B1F5E56DB] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [44808] [PID.1492]
    [MD5.83292F9FC76395BD298982C14AC82B97] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [4297136] [PID.3028]
    [MD5.E60E9D5F229CB8DA347D48ADD6E8DC47] – (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe [917984] [PID.2828]
    [MD5.B204707E5F48E90427DA6874E72345F9] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program FilesMozilla Firefoxplugin-container.exe [16864] [PID.476]
    [MD5.EB68851F020D35293EADAADEB18B8220] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_117.exe [1862536] [PID.2964]
    [MD5.06BC146E6C2E881A7235A142BA877B82] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8262144] [PID.4016]
    [MD5.CF87A1DE791347E75B98885214CED2B8] – (.Microsoft Corporation – Service de la plateforme de protection logi.) — C:windowssystem32sppsvc.exe [3179520] [PID.1520]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultprefs.js
    C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultuser.js
    M3 – MFPP: Plugins – [Nadia] — C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultsearchpluginsiminent.xml =>Adware.IMBooster
    M3 – MFPP: Plugins – [Nadia] — C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultsearchpluginsMysearchdial.xml =>Adware.MyWebSearch
    M2 – MFEP: prefs.js [Nadia – 6j584475.default{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}] [] MySearchDial NewTab v (..) =>Adware.MyWebSearch
    ~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    ~ IE Browser: 11 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:windowssystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: avast! WebRep – [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software – avast! WebRep Plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Nadia]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: Internet Explorer (2).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: Internet Explorer (3).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: Internet Explorer (4).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: Internet Explorer (5).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: KMPlayer.exe.lnk . (.KMP Media co.,Ltd – The KMPlayer.) — C:Program FilesThe KMPlayerKMPlayer.exe
    O4 – GSTaskBar [Nadia]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSProgram [Nadia]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSSystemTools [Nadia]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSSendTo [Nadia]: Bluetooth File Transfer.LNK . (.Microsoft Corporation – Pas de description.) — C:WindowsSystem32fsquirt.exe
    O4 – GSSendTo [Nadia]: WiSharing Device.lnk . (.AzureWave – Wi-Fi FTP Add Device.) — C:Program FilesWiSharingWiFTPAddDev.exe
    O4 – GSDesktop [Nadia]: KMPlayer.lnk . (.KMP Media co.,Ltd – The KMPlayer.) — C:Program FilesThe KMPlayerKMPlayer.exe
    O4 – GSDesktop [Nadia]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
    O4 – GSDesktop [Nadia]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
    ~ Global Startup: 67 Legitimates Filtered in 00mn 04s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. – AsusVibe Application.) — C:Program FilesAsusAsusVibeAsusVibeLauncher.exe
    O4 – HKLM..Run: [GfxServiceInstall] . (…) — C:windowssystem32GfxCUIServiceInstall.vbs
    O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
    O4 – HKLM..Run: [HotkeyMon] . (.ASUSTeK Computer Inc. – AsEPCMon.) — C:Program FilesASUSHotkeyServiceHotKeyMon.exe
    O4 – HKLM..Run: [HotkeyService] . (.ASUSTeK Computer Inc. – Asus Hotkey Service.) — C:Program FilesASUSHotkeyServiceHotkeyService.exe
    O4 – HKLM..Run: [SuperHybridEngine] . (.ASUSTeK Computer Inc. – Eee Super Hybrid Engine.) — C:Program FilesASUSSHESuperHybridEngine.exe
    O4 – HKLM..Run: [LiveUpdate] . (.AsusTek Computer Inc. – Asus EeePC LiveUpdate for Bios, Driver, Sof.) — C:Program FilesAsusLiveUpdateLiveUpdate.exe
    O4 – HKLM..Run: [CapsHook] . (.ASUS – CapsAndNumKeyNotify.) — C:Program FilesASUSCapsHookCapsHook.exe
    O4 – HKLM..Run: [Eee Docking] . (.ASUSTek Computer Inc. – Eee Docking Application.) — C:Program FilesASUSEee DockingEee Docking.exe
    O4 – HKLM..Run: [ASUSWebStorage] . (.ecareme – AsusWebStorage.) — C:Program FilesASUSASUS WebStorage3.0.108.222AsusWSPanel.exe
    O4 – HKLM..Run: [VizorHtmlDialog.exe] . (.Trend Micro Inc. – Trend Titanium.) — C:Program FilesTrend MicroTitaniumUIFrameworkVizorHtmlDialog.exe
    O4 – HKLM..Run: [Trend Micro Client Framework] . (.Trend Micro Inc. – Trend Micro Client Session Agent Monitor.) — C:Program FilesTrend MicroUniClientUiFrmWrkUIWatchDog.exe
    O4 – HKLM..Run: [Trend Micro Titanium] . (.Trend Micro Inc. – VizorShortCut Dynamic Link Library.) — C:Program FilesTrend MicroTitaniumVizorShortCut.exe
    O4 – HKLM..Run: [VAWinAgent] . (…) — C:ExpressGateUtilVAWinAgent.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:windowssystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:windowssystem32igfxpers.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARtHDVCpl.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [ETDCtrl] . (.ELAN Microelectronics Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe
    O4 – HKLM..Run: [ASUSPRP] . (.ASUSTek Computer Inc. – ASUS Product Register Program.) — C:Program FilesASUSAPRPAPRP.exe
    O4 – HKLM..Run: [avast] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastUI.exe
    O4 – HKLM..Run: [iSeriesCharge] . (.AsusTek Computer Inc. – USB charge for Apple product.) — C:Program FilesASUSUSBChargeSettingiSeriesCharge.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 01s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{6A00C17D-DB6D-49DB-A2ED-6466BE2AF514}: DhcpNameServer = 192.168.43.1
    O17 – HKLMSystemCS1ServicesTcpip..{6A00C17D-DB6D-49DB-A2ED-6466BE2AF514}: DhcpNameServer = 192.168.43.1
    O17 – HKLMSystemCS2ServicesTcpip..{6A00C17D-DB6D-49DB-A2ED-6466BE2AF514}: DhcpNameServer = 192.168.43.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.43.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation – Windows Live Album Download Protocol Handle.) — C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
    O18 – Filter: application/x-msdownload – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Asus Launcher Service (AsusService) . (…) – C:windowssystem32AsusService.exe
    O23 – Service: VideAceWindowsService (VideAceWindowsService) . (…) – C:ExpressGateUtilVAWinService.exe
    ~ Services: 6 Legitimates Filtered in 00mn 13s

    —\ Tâches planifiées en automatique (O39)
    [MD5.C34968C46A99BBD6248D30F9F1B778C2] [APT] [BoxSoftwareUpdate] (…) — C:ProgramDataBoxUpdChkupdchk.exe [177152] =>Adware.Boxore
    ~ Scheduled Task: 6 Legitimates Filtered in 00mn 12s

    —\ Logiciels installés (O42)
    O42 – Logiciel: KMP Service – (.KMP.) [HKLM] — 4F6D5E84-5826-4394-9F40-3A9A19165651_is1
    O42 – Logiciel: WiSharing – (.AzureWave.) [HKLM] — {21DD6041-7251-40FA-9D06-C5EB30268E0F}
    ~ Logic: 59 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareBoxore] =>Adware.Boxore
    [HKCUSoftwareInstallCore] =>Adware.InstallCore
    [HKCUSoftwarelollipop] =>Adware.Lollipop
    [HKCUSoftwaremysearchdial.com] =>Adware.MyWebSearch
    [HKLMSoftwareBoxore] =>Adware.Boxore
    [HKLMSoftwareIminent] =>Adware.IMBooster
    [HKLMSoftwareWiSharing]
    ~ Key Software: 99 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 07/11/2013 – 19:06:15 – [0] —-D C:Program FilesIminentToolbar =>Adware.IMBooster
    O43 – CFD: 11/04/2012 – 08:05:54 – [32,093] —-D C:Program FilesWiSharing
    O43 – CFD: 07/11/2013 – 23:12:24 – [0,169] —-D C:ProgramDataBoxUpdChk =>Adware.Boxore
    O43 – CFD: 11/04/2012 – 08:05:49 – [0,034] —-D C:ProgramDataWiSharing
    O43 – CFD: 06/11/2013 – 20:09:29 – [0,073] —-D C:UsersNadiaAppDataRoamingmysearchdial =>Adware.MyWebSearch
    O43 – CFD: 07/11/2013 – 20:17:06 – [0] —-D C:UsersNadiaAppDataLocalLollipop =>Adware.Lollipop
    ~ 20 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 126 Legitimates Filtered in 00mn 13s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.493C4CD1D8BDF81666AB344B78239327] – 23/11/2013 – 14:36:08


    . (…) — C:UsbFix [Scan 1] NADIA-PC.txt [9277]
    O44 – LFC:[MD5.488DD6CA89797506F37A1A8868FB02DA] – 23/11/2013 – 14:50:44 —A- . (…) — C:UsbFix [Clean 2] NADIA-PC.txt [7377]
    ~ Files: 44 Legitimates Filtered in 00mn 09s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.956C7177DBDA0F02436868AD644CCF31] – 28/06/2010 – 06:24:00 —A- . (…) — C:WindowsSystem32DriversAsIO.sys [11456]
    O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 13/07/2009 – 22:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    ~ Drivers: 16 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 23/11/2013 – 15:16:21 —A- . (…) — C:UsersNadiaAppDataRoamingASUS WebStorageLogsAWS-notepad.txt [0]
    O61 – LFC: 23/11/2013 – 15:16:22 —A- . (…) — C:UsersNadiaAppDataRoamingZHPLog.txt [17753] =>.Nicolas Coolman
    O61 – LFC: 23/11/2013 – 15:16:22 —A- . (…) — C:UsersNadiaAppDataRoamingZHPTestsZHPDiag.txt [2814] =>.Nicolas Coolman
    O61 – LFC: 23/11/2013 – 15:16:25 —A- . (…) — C:UsersNadiaDownloadsUsbFix.exe [0]
    ~ 1 Fichiers temporaires (Temporary files)
    ~ Files: 7 Legitimates Filtered in 00mn 06s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false;.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.crossrider.bic”, “1422ed2b2d0779e5590fede522d17630”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.aflt”, “telemsd”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.appId”, “{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.cd”, “2XzuyEtN2Y1L1QzuyByE0EyDyEtAtD0D0EtD0F0C0ByEtB0BtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtBy[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.cntry”, “FR”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.cr”, “1927678773”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.dfltLng”, “”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.dfltSrch”, true); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.dnsErr”, true); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.dpkLst”, “3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.excTlbr”, false); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.hdrMd5”, “BF023491DB13F0A8D764C5995F87AD67”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.hmpg”, true); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.hmpgUrl”, “http://start.mysearchdial.com/?f=1&a=telemsd&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAtD0D0EtD[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.id”, “74E5430DE0FCB42B”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.instlDay”, “16015”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.instlRef”, “”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.lastB”, “http://start.mysearchdial.com/?f=1&a=telemsd&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAtD0D0EtD0F[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.lastVrsnTs”, “1.8.21.020:7:40”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.newTabUrl”, “http://start.mysearchdial.com/?f=2&a=telemsd&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAtD0D0E[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.pnu_base”, “{“newVrsn”:”81″,”lastVrsn”:”81″,”vrsnLoad”:””,”showMsg”:”false”,”s[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.prdct”, “mysearchdial”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.prtnrId”, “mysearchdial”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.sg”, “none”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.srchPrvdr”, “Mysearchdial”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.tlbrId”, “base”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.tlbrSrchUrl”, “http://start.mysearchdial.com/?f=3&a=telemsd&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAtD0D[…] =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.vrsn”, “1.8.21.0”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial.vrsni”, “1.8.21.0”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial_i.hmpg”, true); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial_i.newTab”, false); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial_i.smplGrp”, “none”); =>Adware.MyWebSearch
    O69 – SBI: prefs.js [Nadia – 6j584475.default] user_pref(“extensions.mysearchdial_i.vrsnTs”, “1.8.21.020:7:40”); =>Adware.MyWebSearch
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Mysearchdial) – http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    O69 – SBI: SearchScopes [HKCU] {46522EBD-5351-D901-9E34-224B9364C53A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{7D0AA4D4-C1FC-4034-8E04-64ECCB96E784}” | In – Public – P6 – TRUE | .(.AzureWave – WiSharing.) — C:Program FilesWiSharingWiSharing.exe
    O87 – FAEL: “{E1DA1D1C-9F4B-4C7E-980B-0054D4C1721E}” | In – Public – P17 – TRUE | .(.AzureWave – WiSharing.) — C:Program FilesWiSharingWiSharing.exe
    ~ Firewall: 153 Legitimates Filtered in 00mn 03s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 06/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 17/09/2010 196320 | (Amsp) . (.Trend Micro Inc..) – C:Program FilesTrend MicroAMSPcoreServiceShell.exe
    SS – | Auto 01/12/2011 92800 | (ASUS InstantOn) . (.ASUS.) – C:Program FilesASUSInstantOn for EPCInsOnSrv.exe
    SS – | Auto 08/08/2011 224680 | (AsusService) . (…) – C:windowssystem32AsusService.exe
    SR – | Auto 23/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SS – | Demand 16/09/2011 108544 | (DCDhcpService) . (.Atheros Communication Inc..) – C:Program FilesWiSharingDCDhcpService.exe
    SS – | Demand 24/10/2012 115168 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 08/07/2013 1922600 | (PanService) . (.Pandora.TV.) – C:Program FilesPANDORA.TVPanServiceKMPService.exe
    SS – | Auto 17/09/2010 161104 | (TiMiniService) . (.Trend Micro Inc..) – C:Program FilesTrend MicroTitaniumTiMiniService.exe
    SS – | Auto 26/03/2011 91464 | (VideAceWindowsService) . (…) – C:ExpressGateUtilVAWinService.exe
    SS – | Demand 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 29s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by Nadia at 23/11/2013 15:17:34

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
    C:windowssystem32driversiaStor.sys Intel Corporation Intel Rapid Storage Technology driver
    1 ntkrnlpa!IofCallDriver[0x82285BBA] >> DeviceHarddisk0DR0[0x85F9F030]
    kernel: MBR read successfully
    user & kernel MBR OK
    copy of MBR has been found in sector 58 !
    copy of MBR has been found in sector 59 !
    copy of MBR has been found in sector 60 !
    ~ MBR: 17 Legitimates Filtered in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Nadia at 23/11/2013 15:17:36

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 12996 – (22/11/2013)
    Clés trouvées (Keys found) : 65
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 7
    Fichiers trouvés (Files found) : 2

    [HKLMSoftwareClassesCLSID{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
    [HKLMSoftwareClassesInterface{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
    [HKLMSoftwareClassesInterface{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
    [HKLMSoftwareClassesInterface{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
    [HKLMSoftwareClassesInterface{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
    [HKLMSoftwareClassesInterface{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesTypeLib{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
    [HKLMSoftwareClassesInterface{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesTypeLib{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
    [HKLMSoftwareClassesInterface{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
    [HKLMSoftwareClassesInterface{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
    [HKLMSoftwareMicrosoftTracingBingBar_RASMANCS] =>Toolbar.Bing
    [HKCUSoftwareBoxore] =>Adware.Boxore
    [HKLMSoftwareBoxore] =>Adware.Boxore
    [HKCUSoftwarelollipop] =>Adware.Lollipop
    [HKLMSoftwareIminent] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftTracingIminent_RASAPI32] =>Adware.Bandoo
    [HKLMSoftwareMicrosoftTracingIminent_RASMANCS] =>Adware.Bandoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallSearchTheWebARP] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKCUSoftwareInstallCore] =>Adware.InstallCore
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
    [HKCUSoftwareAppDataLowSoftwareCrossrider] =>PUP.CrossRider
    [HKLMSoftwareClassesCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
    [HKLMSoftwareClassesesrv.mysearchdialESrvc] =>Adware.MyWebSearch
    [HKLMSoftwareClassesesrv.mysearchdialESrvc.1] =>Adware.MyWebSearch
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultextensions{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} =>Adware.MyWebSearch^
    C:Program FilesIminentToolbar =>Adware.IMBooster^
    C:ProgramDataBoxUpdChk =>Adware.Boxore^
    C:UsersNadiaAppDataRoamingmysearchdial =>Adware.MyWebSearch^
    C:UsersNadiaAppDataLocalLollipop =>Adware.Lollipop^
    C:Program FilesSoftware =>Adware.Boxore
    C:UsersNadiaAppDataLocalSoftware =>Adware.Boxore
    C:ProgramDataBoxUpdChkupdchk.exe =>Adware.Boxore^
    [HKCUSoftwaremysearchdial.com] =>Adware.MyWebSearch^
    ~ Additionnel Scan: 168282 Items scanned in 01mn 07s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    ~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore” onclick=”window.open(this.href);return false; =>Adware.InstallCore
    ~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop” onclick=”window.open(this.href);return false; =>Adware.Lollipop
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
    ~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade” onclick=”window.open(this.href);return false; =>PUP.RewardsArcade
    ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
    ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    ~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox” onclick=”window.open(this.href);return false; =>Adware.BrowseFox
    ~ MSI: 10 link(s) detected in 01mn 07s

    ~ 904 Legitimates filtered by white list
    End of the scan (539 lines in 05mn 01s)(0)

    kink06
    Nombre d'articles : 0

    Tu as des adwares fais ce qui suit, dans l’ordre

    1)

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer

    • Accepte l’avertissement en cliquant sur OK

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

    _______________________________________________________________________________________

    2)

    • Télécharge Junkware Removal Tool Download (de thisisu) sur ton bureau.
    • Lance Junkware Removal Tool Download, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Appuie sur n’importe quelle touche.

    • Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à été créé.
    • Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    ____________________________________________________________________________________________

    3)

    • Télécharge MalwareBytes
    • Procède à l’installation de celui çi Décocher “Activer l’essai gratuit de Malwarebytes Anti-Malware PRO”
    • Sélectionne Examen complet
    • Clic sur Rechercher
    • Supprime tout les éléments trouvés !
    • Poste le rapport sur le forum

    nadouche92-2
    Nombre d'articles : 0

    Voici le rapport de la premiere partie adw
    # AdwCleaner v3.012 – Rapport créé le 23/11/2013 à 15:30:37
    # Mis à jour le 11/11/2013 par Xplode
    # Système d’exploitation : Windows 7 Starter Service Pack 1 (32 bits)
    # Nom d’utilisateur : Nadia – NADIA-PC
    # Exécuté depuis : C:UsersNadiaDownloadsadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataBoxUpdChk
    Dossier Supprimé : C:Program FilesIminentToolbar
    Dossier Supprimé : C:UsersNadiaAppDataLocallollipop
    Dossier Supprimé : C:UsersNadiaAppDataRoamingMysearchdial
    Dossier Supprimé : C:Program FilesSoftware
    Dossier Supprimé : C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultExtensions{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
    Fichier Supprimé : C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultExtensionsjid1-FCM5fDwCW5M3AQ@jetpack.xpi
    Fichier Supprimé : C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultsearchpluginsiminent.xml
    Fichier Supprimé : C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultsearchpluginsMysearchdial.xml
    Fichier Supprimé : C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultuser.js
    Fichier Supprimé : C:windowsSystem32TasksBoxSoftwareUpdate

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    [#] Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{D402410C-485B-4C02-9BDD-75F2C7EDCAB0}
    [#] Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{D402410C-485B-4C02-9BDD-75F2C7EDCAB0}
    Clé Supprimée : HKLMSOFTWAREClassesesrv.mysearchdialESrvc
    Clé Supprimée : HKLMSOFTWAREClassesesrv.mysearchdialESrvc.1
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingBingBar_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingIminent_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingIminent_RASMANCS
    Clé Supprimée : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Clé Supprimée : HKLMSOFTWAREClassesAppID{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{021B4049-F57D-4565-A693-FD3B04786BFA}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{06844020-CD0B-3D3D-A7FE-371153013E49}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{10D3722F-23E6-3901-B6C1-FF6567121920}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{1675E62B-F911-3B7B-A046-EB57261212F3}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{192929F2-9273-3894-91B0-F54671C4C861}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{2932897E-3036-43D9-8A64-B06447992065}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{32B80AD6-1214-45F4-994E-78A5D482C000}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{923F6FB8-A390-370E-A0D2-DD505432481D}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{D25B101F-8188-3B43-9D85-201F372BC205}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Clé Supprimée : HKCUSoftwareBoxore
    Clé Supprimée : HKCUSoftwareInstallCore
    Clé Supprimée : HKCUSoftwarelollipop
    Clé Supprimée : HKCUSoftwaremysearchdial.com
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareCrossrider
    Clé Supprimée : HKLMSoftwareBoxore
    Clé Supprimée : HKLMSoftwareIminent
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchTheWebARP
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8121C32A9C319F4CB0C11FF059552A4
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components43C098337DB065A49B665D4EA7F16D1C
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA71991503412AEB42838B02C5ED9F9CD
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF2E0D3DD9E5E4B74CA43BCE77815E287
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF7652513C62FF63448CFF05163719DB7

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v10.0.9200.16736

    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Start Page]

    -\ Mozilla Firefox v16.0.2 (fr)

    [ Fichier : C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultprefs.js ]

    Ligne Supprimée : user_pref(“extensions.crossrider.bic”, “1422ed2b2d0779e5590fede522d17630”);
    Ligne Supprimée : user_pref(“extensions.iminent.admin”, false);
    Ligne Supprimée : user_pref(“extensions.iminent.aflt”, “orgnl”);
    Ligne Supprimée : user_pref(“extensions.iminent.appId”, “{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}”);
    Ligne Supprimée : user_pref(“extensions.iminent.autoRvrt”, “false”);
    Ligne Supprimée : user_pref(“extensions.iminent.dfltLng”, “”);
    Ligne Supprimée : user_pref(“extensions.iminent.excTlbr”, false);
    Ligne Supprimée : user_pref(“extensions.iminent.ffxUnstlRst”, false);
    Ligne Supprimée : user_pref(“extensions.iminent.id”, “eab9b42b00000000000074e5430de0fc”);
    Ligne Supprimée : user_pref(“extensions.iminent.instlDay”, “16015”);
    Ligne Supprimée : user_pref(“extensions.iminent.instlRef”, “”);
    Ligne Supprimée : user_pref(“extensions.iminent.newTab”, false);
    Ligne Supprimée : user_pref(“extensions.iminent.prdct”, “iminent”);
    Ligne Supprimée : user_pref(“extensions.iminent.prtnrId”, “iminent”);
    Ligne Supprimée : user_pref(“extensions.iminent.rvrt”, “false”);
    Ligne Supprimée : user_pref(“extensions.iminent.smplGrp”, “none”);
    Ligne Supprimée : user_pref(“extensions.iminent.tlbrId”, “base”);
    Ligne Supprimée : user_pref(“extensions.iminent.tlbrSrchUrl”, “hxxp://start.iminent.com/?ref=toolbarm#q=”);
    Ligne Supprimée : user_pref(“extensions.iminent.vrsn”, “1.8.26.8”);
    Ligne Supprimée : user_pref(“extensions.iminent.vrsnTs”, “1.8.26.823:09:17”);
    Ligne Supprimée : user_pref(“extensions.iminent.vrsni”, “1.8.26.8”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.aflt”, “telemsd”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.appId”, “{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.cd”, “2XzuyEtN2Y1L1QzuyByE0EyDyEtAtD0D0EtD0F0C0ByEtB0BtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu2Z1P1I1P1H1B1Q”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.cntry”, “FR”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.cr”, “1927678773”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.dfltLng”, “”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.dfltSrch”, true);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.dnsErr”, true);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.dpkLst”, “3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[…]
    Ligne Supprimée : user_pref(“extensions.mysearchdial.excTlbr”, false);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.hdrMd5”, “BF023491DB13F0A8D764C5995F87AD67”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.hmpg”, true);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.hmpgUrl”, “hxxp://start.mysearchdial.com/?f=1&a=telemsd&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAtD0D0EtD0F0C0ByEtB0BtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu2Z1P1I[…]
    Ligne Supprimée : user_pref(“extensions.mysearchdial.id”, “74E5430DE0FCB42B”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.instlDay”, “16015”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.instlRef”, “”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.lastB”, “hxxp://start.mysearchdial.com/?f=1&a=telemsd&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAtD0D0EtD0F0C0ByEtB0BtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu2Z1P1I1P[…]
    Ligne Supprimée : user_pref(“extensions.mysearchdial.lastVrsnTs”, “1.8.21.020:7:40”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.newTabUrl”, “hxxp://start.mysearchdial.com/?f=2&a=telemsd&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAtD0D0EtD0F0C0ByEtB0BtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu2Z1P[…]
    Ligne Supprimée : user_pref(“extensions.mysearchdial.pnu_base”, “{“newVrsn”:”81″,”lastVrsn”:”81″,”vrsnLoad”:””,”showMsg”:”false”,”showSilent”:”false”,”msgTs”:0,”lstMsgTs”:”0″}”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.prdct”, “mysearchdial”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.prtnrId”, “mysearchdial”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.sg”, “none”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.srchPrvdr”, “Mysearchdial”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.tlbrId”, “base”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.tlbrSrchUrl”, “hxxp://start.mysearchdial.com/?f=3&a=telemsd&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAtD0D0EtD0F0C0ByEtB0BtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu2Z[…]
    Ligne Supprimée : user_pref(“extensions.mysearchdial.vrsn”, “1.8.21.0”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial.vrsni”, “1.8.21.0”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial_i.hmpg”, true);
    Ligne Supprimée : user_pref(“extensions.mysearchdial_i.newTab”, false);
    Ligne Supprimée : user_pref(“extensions.mysearchdial_i.smplGrp”, “none”);
    Ligne Supprimée : user_pref(“extensions.mysearchdial_i.vrsnTs”, “1.8.21.020:7:40”);
    Ligne Supprimée : user_pref(“iminent.LayoutId”, “1”);
    Ligne Supprimée : user_pref(“iminent.registerToolbarEvent102”, “1383775994636”);
    Ligne Supprimée : user_pref(“iminent.version”, “7.43.4.1”);
    Ligne Supprimée : user_pref(“iminent.versioning”, “{“CurrentVersion”:”7.43.4.1″,”InstallEventCTime”:1383775912817,”InstallEvent”:”True”}”);

    *************************

    AdwCleaner[R0].txt – [13827 octets] – [23/11/2013 15:29:02]
    AdwCleaner[S0].txt – [13804 octets] – [23/11/2013 15:30:37]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [13865 octets] ##########

    nadouche92-2
    Nombre d'articles : 0

    Est ce normale que la deuxième partie soit aussi lent?

    nadouche92-2
    Nombre d'articles : 0

    Voici le rapport de la deuxième partie jtr
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Starter x86
    Ran by Nadia on 23/11/2013 at 15:48:58,76
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services

    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName
    Successfully repaired: [Registry Value] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL

    ~~~ Registry Keys

    ~~~ Files

    ~~~ Folders

    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 23/11/2013 at 16:06:49,73
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    nadouche92-2
    Nombre d'articles : 0

    voici rapport de la troisieme partie
    Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org

    Version de la base de données: v2013.11.23.07

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16736
    Nadia :: NADIA-PC [administrateur]

    Protection: Désactivé

    23/11/2013 17:58:10
    mbam-log-2013-11-23 (17-58-10).txt

    Type d’examen: Examen complet (C:|D:|Q:|)
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 280897
    Temps écoulé: 1 heure(s), 26 minute(s), 51 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 2
    HKCRCLSID{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès.
    HKCRTypeLib{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès.

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 4
    C:UsbFixUpload_UsbFix.zip (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsbFixQuarantineCUsersNadiaAppDataLocalTemputtBB75.tmp.exe.vir (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
    C:WindowsTemp37180_updater.exe (PUP.Optional.PlusHD.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersNadiaAppDataLocalGoogleChromeUser DataDefaultLocal Storagechrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Mis en quarantaine et supprimé avec succès.

    (fin)

    kink06
    Nombre d'articles : 0

    ok super :super: :bravo1:

    1) Mettre à jour Firefox vers la dernière version => https://support.mozilla.org/fr/kb/mettre-jour-firefox-derniere-version” onclick=”window.open(this.href);return false;

    2) pour contrôle refais un nouveau log ZHPDiag: stp
    regarde l’image ici =>
    http://cjoint.com/13oc/CJukFzALKYy.htm” onclick=”window.open(this.href);return false;
    Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> http://www.cjoint.com/” onclick=”window.open(this.href);return false;

    Pour t’aider => http://www.pc-infopratique.com/forum-informatique/tutoriel-heberger-rapport-vt-67934.html” onclick=”window.open(this.href);return false;

    @+ ;)

    nadouche92-2
    Nombre d'articles : 0

    ~ Rapport de ZHPDiag v2013.11.22.46 – Nicolas Coolman (22/11/2013)
    ~ Lancé par Nadia (24/11/2013 13:35:45)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16736
    MFIE: Mozilla Firefox 25.0.1 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : YCJVG
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v7.0.1473.0
    Trend Micro Titanium v3.00
    Windows Defender W7

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1 MUI

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 54 Stepping 1, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1011 MB (10% free)
    System Restore: Activé (Enable)
    System drive C: has 70 GB (69%) free of 100 GB

    —\ Mode de connexion au système
    ~ Computer Name: NADIA-PC
    ~ User Name: Nadia
    ~ All Users Names: Nadia, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersNadiaAppDataRoamingZHP
    ~ %AppData% : C:UsersNadiaAppDataRoaming
    ~ %Desktop% : C:UsersNadiaDesktop
    ~ %Favorites% : C:UsersNadiaFavorites
    ~ %LocalAppData% : C:UsersNadiaAppDataLocal
    ~ %StartMenu% : C:UsersNadiaAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 70 Go of 100 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 183 Go of 183 Go)
    Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 06:30:54.) — C:WindowsExplorer.exe [2616320]
    [MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:14:45.) — C:WindowsSystem32Wininit.exe [96256]
    [MD5.5FD4335DCD343D0FEA9FA6B18ED408D9] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 08:03:50.) — C:WindowsSystem32wininet.dll [1767936]
    [MD5.6D13E1406F50C66E2A95D97F22C47560] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 13:17:56.) — C:WindowsSystem32Winlogon.exe [286720]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 13:21:26.) — C:WindowsSystem32sppcomapi.dll [193536]
    [MD5.F81BB7E487EDCEAB630A7EE66CF23913] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 01:48:58.) — C:Windowssystem32DriversAFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 09:38:12.) — C:Windowssystem32DriversCdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 09:42:34.) — C:Windowssystem32DriversDfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 10:59:30.) — C:Windowssystem32DriversHDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 00:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:17:22.) — C:Windowssystem32DriversMRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 09:39:46.) — C:Windowssystem32DriversnetBT.sys [187904]
    [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 14:45:29.) — C:Windowssystem32Driversntfs.sys [1211752]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 00:45:35.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 00:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 00:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 09:39:18.) — C:Windowssystem32Driverstdx.sys [74752]
    [MD5.C37AEE5966EB5929E2051AC7409B5730] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.25/02/2011 – 06:40:54.) — C:Windowssystem32Driversvolsnap.sys [246144]
    ~ Generic Processes: Scanned in 00mn 01s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes Favoris (My Favorites) : 1/5
    ~ Mes Documents (My Documents) : 1/17
    ~ Mon Bureau (My Desktop) : 2/1899
    ~ Menu demarrer (Programs) : 1/35
    ~ Hidden Files: Scanned in 00mn 07s

    —\ Processus lancés
    [MD5.292E7763BE5097CFA942A0A174231383] – (.ASUSTek Computer Inc. – Eee Docking Application.) — C:Program FilesAsusEee DockingEee Docking.exe [417456] [PID.3976]
    [MD5.6F4785A8BEFCA2BA6DE09859E5296EAB] – (…) — C:ExpressGateUtilVAWinAgent.exe [45448] [PID.3208]
    [MD5.521E1B7A750660A0C7FEF668AA6F60BD] – (.Intel Corporation – igfxTray Module.) — C:WindowsSystem32igfxtray.exe [135168] [PID.3852]
    [MD5.3F6126D5EDF79E4223580FF6ED9A4E66] – (.Intel Corporation – hkcmd Module.) — C:WindowsSystem32hkcmd.exe [168960] [PID.3544]
    [MD5.57BC4D3A4FE98D9114F7C8E5EE7F5E82] – (.Intel Corporation – persistence Module.) — C:WindowsSystem32igfxpers.exe [161280] [PID.3512]
    [MD5.373744D6ECDA3A1ADD07C0293336A0BC] – (.Intel Corporation – igfxsrvc Module.) — C:windowssystem32igfxsrvc.exe [261632] [PID.3672]
    [MD5.3977E6AB25446D645487F313E5E14E06] – (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARtHDVCpl.exe [11004520] [PID.3988]
    [MD5.186183EC3308BDF07B7DFE8963B4DBDE] – (.ELAN Microelectronics Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe [1813800] [PID.4112]
    [MD5.83292F9FC76395BD298982C14AC82B97] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [4297136] [PID.4208]
    [MD5.E5CFEBA7AACE574A932E22D39F05B4D8] – (.ELAN Microelectronics Corp. – ETD Control Center Helper.) — C:Program FilesElantechETDCtrlHelper.exe [1602344] [PID.4604]
    [MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:windowssystem32wuauclt.exe [53784] [PID.3700]
    [MD5.077D59BA0FD4007E841B6C670862B065] – (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe [275568] [PID.3452]
    [MD5.E0B173F23D873286169995D66B9E3CDF] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program FilesMozilla Firefoxplugin-container.exe [18544] [PID.4908]
    [MD5.CEED3CE0035F55A08EEEC34B5804723C] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.1800]
    [MD5.06BC146E6C2E881A7235A142BA877B82] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8262144] [PID.7232]
    ~ Processes Running: Scanned in 00mn 03s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersNadiaAppDataRoamingMozillaFirefoxProfiles6j584475.defaultprefs.js
    ~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:windowssystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: avast! WebRep – [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software – avast! WebRep Plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Nadia]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: Internet Explorer (2).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: Internet Explorer (3).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: Internet Explorer (4).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: Internet Explorer (5).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSTaskBar [Nadia]: KMPlayer.exe.lnk . (.KMP Media co.,Ltd – The KMPlayer.) — C:Program FilesThe KMPlayerKMPlayer.exe
    O4 – GSTaskBar [Nadia]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSProgram [Nadia]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSSystemTools [Nadia]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSSendTo [Nadia]: Bluetooth File Transfer.LNK . (.Microsoft Corporation – Pas de description.) — C:WindowsSystem32fsquirt.exe
    O4 – GSSendTo [Nadia]: WiSharing Device.lnk . (.AzureWave – Wi-Fi FTP Add Device.) — C:Program FilesWiSharingWiFTPAddDev.exe
    O4 – GSDesktop [Nadia]: KMPlayer.lnk . (.KMP Media co.,Ltd – The KMPlayer.) — C:Program FilesThe KMPlayerKMPlayer.exe
    ~ Global Startup: 63 Legitimates Filtered in 00mn 04s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. – AsusVibe Application.) — C:Program FilesAsusAsusVibeAsusVibeLauncher.exe
    O4 – HKLM..Run: [GfxServiceInstall] . (…) — C:windowssystem32GfxCUIServiceInstall.vbs
    O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
    O4 – HKLM..Run: [HotkeyMon] . (.ASUSTeK Computer Inc. – AsEPCMon.) — C:Program FilesASUSHotkeyServiceHotKeyMon.exe
    O4 – HKLM..Run: [HotkeyService] . (.ASUSTeK Computer Inc. – Asus Hotkey Service.) — C:Program FilesASUSHotkeyServiceHotkeyService.exe
    O4 – HKLM..Run: [SuperHybridEngine] . (.ASUSTeK Computer Inc. – Eee Super Hybrid Engine.) — C:Program FilesASUSSHESuperHybridEngine.exe
    O4 – HKLM..Run: [LiveUpdate] . (.AsusTek Computer Inc. – Asus EeePC LiveUpdate for Bios, Driver, Sof.) — C:Program FilesAsusLiveUpdateLiveUpdate.exe
    O4 – HKLM..Run: [CapsHook] . (.ASUS – CapsAndNumKeyNotify.) — C:Program FilesASUSCapsHookCapsHook.exe
    O4 – HKLM..Run: [Eee Docking] . (.ASUSTek Computer Inc. – Eee Docking Application.) — C:Program FilesASUSEee DockingEee Docking.exe
    O4 – HKLM..Run: [ASUSWebStorage] . (.ecareme – AsusWebStorage.) — C:Program FilesASUSASUS WebStorage3.0.108.222AsusWSPanel.exe
    O4 – HKLM..Run: [VizorHtmlDialog.exe] . (.Trend Micro Inc. – Trend Titanium.) — C:Program FilesTrend MicroTitaniumUIFrameworkVizorHtmlDialog.exe
    O4 – HKLM..Run: [Trend Micro Client Framework] . (.Trend Micro Inc. – Trend Micro Client Session Agent Monitor.) — C:Program FilesTrend MicroUniClientUiFrmWrkUIWatchDog.exe
    O4 – HKLM..Run: [Trend Micro Titanium] . (.Trend Micro Inc. – VizorShortCut Dynamic Link Library.) — C:Program FilesTrend MicroTitaniumVizorShortCut.exe
    O4 – HKLM..Run: [VAWinAgent] . (…) — C:ExpressGateUtilVAWinAgent.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:windowssystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:windowssystem32igfxpers.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARtHDVCpl.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [ETDCtrl] . (.ELAN Microelectronics Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe
    O4 – HKLM..Run: [ASUSPRP] . (.ASUSTek Computer Inc. – ASUS Product Register Program.) — C:Program FilesASUSAPRPAPRP.exe
    O4 – HKLM..Run: [avast] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastUI.exe
    O4 – HKLM..Run: [iSeriesCharge] . (.AsusTek Computer Inc. – USB charge for Apple product.) — C:Program FilesASUSUSBChargeSettingiSeriesCharge.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{6A00C17D-DB6D-49DB-A2ED-6466BE2AF514}: DhcpNameServer = 192.168.43.1
    O17 – HKLMSystemCS1ServicesTcpip..{6A00C17D-DB6D-49DB-A2ED-6466BE2AF514}: DhcpNameServer = 192.168.43.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.43.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation – Windows Live Album Download Protocol Handle.) — C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
    O18 – Filter: application/x-msdownload – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Asus Launcher Service (AsusService) . (…) – C:windowssystem32AsusService.exe
    O23 – Service: VideAceWindowsService (VideAceWindowsService) . (…) – C:ExpressGateUtilVAWinService.exe
    ~ Services: 6 Legitimates Filtered in 00mn 19s

    —\ Logiciels installés (O42)
    O42 – Logiciel: KMP Service – (.KMP.) [HKLM] — 4F6D5E84-5826-4394-9F40-3A9A19165651_is1
    O42 – Logiciel: WiSharing – (.AzureWave.) [HKLM] — {21DD6041-7251-40FA-9D06-C5EB30268E0F}
    ~ Logic: 58 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKLMSoftwareWiSharing]
    ~ Key Software: 92 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 11/04/2012 – 08:05:54 – [32,093] —-D C:Program FilesWiSharing
    O43 – CFD: 11/04/2012 – 08:05:49 – [0,034] —-D C:ProgramDataWiSharing
    ~ Program Folder: 103 Legitimates Filtered in 00mn 13s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 23/11/2013 – 19:29:35 —A- . (…) — C:WindowsSystem32sho9E14.tmp [0]
    O44 – LFC:[MD5.6B48BC84D19650D1BB400FB1562E5E00] – 23/11/2013 – 20:56:46 —A- . (…) — C:DelFix.txt [2060]
    ~ Files: 47 Legitimates Filtered in 00mn 15s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.92A43E3F6C4C9541264749D61C76C378] – 23/11/2013 – 21:03:13 —A- – C:WindowsPrefetchKMPPROCESS.EXE-78DA78E1.pf
    O45 – LFCP:[MD5.CA96156AB867ACDDC8F7CA2A100D0942] – 23/11/2013 – 21:05:24 —A- – C:WindowsPrefetch_IU14D2N.TMP-B1B8F126.pf
    O45 – LFCP:[MD5.0689D9C60D48C1FFC3EE7DC562A48C27] – 24/11/2013 – 12:23:47 —A- – C:WindowsPrefetchEEESTORAGECOMMANDER.EXE-73D60B92.pf
    O45 – LFCP:[MD5.289132D4C3AB4B6D40749778493AE77D] – 24/11/2013 – 13:17:40 —A- – C:WindowsPrefetchNSBD77.TMP-04D90A12.pf
    ~ Prefetcher: 87 Legitimates Filtered in 00mn 01s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 18 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.956C7177DBDA0F02436868AD644CCF31] – 28/06/2010 – 06:24:00 —A- . (…) — C:WindowsSystem32DriversAsIO.sys [11456]
    O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 13/07/2009 – 22:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    ~ Drivers: 18 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 23/11/2013 – 13:38:52 —A- . (…) — C:UsersNadiaAppDataRoamingASUS WebStorageLogsAWS-notepad.txt [0]
    O61 – LFC: 24/11/2013 – 13:38:51 —A- . (…) — C:UsersNadiaAppDataLocalMozillaupdates308046B0AF4A39CBactive-update.xml [57]
    O61 – LFC: 24/11/2013 – 13:38:51 —A- . (…) — C:UsersNadiaAppDataLocalMozillaupdates308046B0AF4A39CBupdates.xml [2852]
    O61 – LFC: 24/11/2013 – 13:38:54 —A- . (…) — C:UsersNadiaAppDataRoamingZHPLog.txt [17753] =>.Nicolas Coolman
    O61 – LFC: 24/11/2013 – 13:38:54 —A- . (…) — C:UsersNadiaAppDataRoamingZHPTestsZHPDiag.txt [2814] =>.Nicolas Coolman
    ~ 2 Fichiers temporaires (Temporary files)
    ~ Files: 13 Legitimates Filtered in 00mn 10s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {46522EBD-5351-D901-9E34-224B9364C53A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{7D0AA4D4-C1FC-4034-8E04-64ECCB96E784}” | In – Public – P6 – TRUE | .(.AzureWave – WiSharing.) — C:Program FilesWiSharingWiSharing.exe
    O87 – FAEL: “{E1DA1D1C-9F4B-4C7E-980B-0054D4C1721E}” | In – Public – P17 – TRUE | .(.AzureWave – WiSharing.) — C:Program FilesWiSharingWiSharing.exe
    ~ Firewall: 153 Legitimates Filtered in 00mn 03s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 24/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 17/09/2010 196320 | (Amsp) . (.Trend Micro Inc..) – C:Program FilesTrend MicroAMSPcoreServiceShell.exe
    SR – | Auto 01/12/2011 92800 | (ASUS InstantOn) . (.ASUS.) – C:Program FilesASUSInstantOn for EPCInsOnSrv.exe
    SR – | Auto 08/08/2011 224680 | (AsusService) . (…) – C:windowssystem32AsusService.exe
    SR – | Auto 23/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SS – | Demand 16/09/2011 108544 | (DCDhcpService) . (.Atheros Communication Inc..) – C:Program FilesWiSharingDCDhcpService.exe
    SS – | Demand 24/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SR – | Auto 08/07/2013 1922600 | (PanService) . (.Pandora.TV.) – C:Program FilesPANDORA.TVPanServiceKMPService.exe
    SR – | Auto 17/09/2010 161104 | (TiMiniService) . (.Trend Micro Inc..) – C:Program FilesTrend MicroTitaniumTiMiniService.exe
    SR – | Auto 26/03/2011 91464 | (VideAceWindowsService) . (…) – C:ExpressGateUtilVAWinService.exe
    SS – | Demand 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 23s

    —\ Scan Additionnel (O88)
    Database Version : 12996 – (22/11/2013)
    Clés trouvées (Keys found) : 1
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 0

    [HKLMSoftwareMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    ~ Additionnel Scan: 167352 Items scanned in 01mn 10s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ MSI: 0 link(s) detected in 01mn 10s

    ~ 938 Legitimates filtered by white list
    End of the scan (379 lines in 05mn 33s)(0)

    kink06
    Nombre d'articles : 0

    Re,

    “un sol antivirus sur le pc sinon risque tes plantage” :shame: => tu a 2 antivirus sur le pc désinstaller une des 2 =>

    avast! Free Antivirus v7.0.1473.0
    Trend Micro Titanium v3.00

    ______________________________________________________________________________________________________________________

    puis fais ceci =>

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      A l’aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l’encadré ci-dessous

      Script ZHPFix =>
      ShortcutFix
      O4 - HKLM..Run: [GfxServiceInstall] . (...) -- C:windowssystem32GfxCUIServiceInstall.vbs => %Gfx CUI Service Installation
      R5 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1 => Internet Explorer Allows Proxy Settings Remotely
      O55 - MWPS:[HKLM...PoliciesSystem] - "EnableUIADesktopToggle"=0 => Disable Vista UIAccess applications (UAC)
      O55 - MWPS:[HKLM...PoliciesSystem] - "FilterAdministratorToken"=0 => Le compte "Administrateur" n'est pas soumis aux approbations
      [HKLMSoftwareMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
      OPT:O4 - HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
      O4 - GSTaskBar [Nadia]: KMPlayer.exe.lnk . (.KMP Media co.,Ltd - The KMPlayer.) -- C:Program FilesThe KMPlayerKMPlayer.exe
      O61 - LFC: 23/11/2013 - 13:38:52 ---A- . (...) -- C:UsersNadiaAppDataRoamingASUS WebStorageLogsAWS-notepad.txt [0]
      O61 - LFC: 24/11/2013 - 13:38:51 ---A- . (...) -- C:UsersNadiaAppDataLocalMozillaupdates308046B0AF4A39CBactive-update.xml [57]
      O61 - LFC: 24/11/2013 - 13:38:51 ---A- . (...) -- C:UsersNadiaAppDataLocalMozillaupdates308046B0AF4A39CBupdates.xml [2852]
      O4 - HKLM..Run: [iSeriesCharge] . (.AsusTek Computer Inc. - USB charge for Apple product.) -- C:Program FilesASUSUSBChargeSettingiSeriesCharge.exe
      O4 - HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
      O4 - HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
      O4 - HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
      O4 - HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:WindowsSystem32mctadmin.exe =>.Microsoft Corporatio
      O4 - GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. - AsusVibe Application.) -- C:Program FilesAsusAsusVibeAsusVibeLauncher.exe
      O4 - HKLM..Run: [GfxServiceInstall] . (...) -- C:windowssystem32GfxCUIServiceInstall.vbs
      O4 - HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
      O4 - HKLM..Run: [HotkeyMon] . (.ASUSTeK Computer Inc. - AsEPCMon.) -- C:Program FilesASUSHotkeyServiceHotKeyMon.exe
      O4 - HKLM..Run: [HotkeyService] . (.ASUSTeK Computer Inc. - Asus Hotkey Service.) -- C:Program FilesASUSHotkeyServiceHotkeyService.exe
      O4 - HKLM..Run: [SuperHybridEngine] . (.ASUSTeK Computer Inc. - Eee Super Hybrid Engine.) -- C:Program FilesASUSSHESuperHybridEngine.exe
      O4 - HKLM..Run: [LiveUpdate] . (.AsusTek Computer Inc. - Asus EeePC LiveUpdate for Bios, Driver, Sof.) -- C:Program FilesAsusLiveUpdateLiveUpdate.exe
      O4 - HKLM..Run: [CapsHook] . (.ASUS - CapsAndNumKeyNotify.) -- C:Program FilesASUSCapsHookCapsHook.exe
      O4 - HKLM..Run: [Eee Docking] . (.ASUSTek Computer Inc. - Eee Docking Application.) -- C:Program FilesASUSEee DockingEee Docking.exe
      O4 - HKLM..Run: [ASUSWebStorage] . (.ecareme - AsusWebStorage.) -- C:Program FilesASUSASUS WebStorage3.0.108.222AsusWSPanel.exe
      O4 - HKLM..Run: [VizorHtmlDialog.exe] . (.Trend Micro Inc. - Trend Titanium.) -- C:Program FilesTrend MicroTitaniumUIFrameworkVizorHtmlDialog.exe
      O4 - HKLM..Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:Program FilesTrend MicroUniClientUiFrmWrkUIWatchDog.exe
      O4 - HKLM..Run: [Trend Micro Titanium] . (.Trend Micro Inc. - VizorShortCut Dynamic Link Library.) -- C:Program FilesTrend MicroTitaniumVizorShortCut.exe
      O4 - HKLM..Run: [VAWinAgent] . (...) -- C:ExpressGateUtilVAWinAgent.exe
      O4 - HKLM..Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:windowssystem32igfxtray.exe
      O4 - HKLM..Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:windowssystem32hkcmd.exe
      O4 - HKLM..Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:windowssystem32igfxpers.exe
      O4 - HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:Program FilesRealtekAudioHDARtHDVCpl.exe =>.Realtek Semiconductor Corp
      O4 - HKLM..Run: [ETDCtrl] . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:Program FilesElantechETDCtrl.exe
      O4 - HKLM..Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:Program FilesASUSAPRPAPRP.exe
      SysRestore
      EmptyFlash
      EmptyCLSID
      Firewallraz
      EmptyTemp

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
    kink06
    Nombre d'articles : 0

    [norephelpe:2b9r1lun][/norephelpe:2b9r1lun]

14 sujets de 1 à 14 (sur un total de 14)
  • Vous devez être connecté pour répondre à ce sujet.