pierboat

oui je pense qu"elle est propre merci beaucoup a toi pour tout

Je crois que je suis venu a bout de cette clée recalcitrante avec malwarbytes en mode sans echec dit moi si je dois quand meme passer combofix merci Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 29/04/2014 Heure de l'examen: 21:52:05 Fichier journal: mbam.txt Administrateur: Non Version: 2.00.1.1004 Base de données Malveillants: v2014.04.29.07 Base de données Rootkits: v2014.03.27.01 Licence: Gratuite Protection contre les malveillants: Désactivé(e) Protection contre les sites Web malveillants: Désactivé(e) Chameleon: Désactivé(e) Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: Nano Type d'examen: Examen "Personnalisé" Résultat: Terminé Objets analysés: 265700 Temps écoulé: 11 min, 30 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Désactivé(e) Shuriken: Activé(e) PUP: Activé(e) PUM: Activé(e) Processus: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Clés du Registre: 0 (No malicious items detected) Valeurs du Registre: 0 (No malicious items detected) Données du Registre: 0 (No malicious items detected) Dossiers: 0 (No malicious items detected) Fichiers: 0 (No malicious items detected) Secteurs physiques: 0 (No malicious items detected) (end)

désolé j' ai refais un scan avec malwarbytes et le clé malveillant est toujours la ,il ne la supprime pas au redemarrage ca me prend un peu la tete http://cjoint.com/?0DDtHI3LMq4

et le rapport malwarebytes merci Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 29/04/2014 Heure de l'examen: 19:13:45 Fichier journal: mbam.txt Administrateur: Non Version: 2.00.1.1004 Base de données Malveillants: v2014.04.29.04 Base de données Rootkits: v2014.03.27.01 Licence: Gratuite Protection contre les malveillants: Désactivé(e) Protection contre les sites Web malveillants: Désactivé(e) Chameleon: Désactivé(e) Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: Nano Type d'examen: Examen "Personnalisé" Résultat: Terminé Objets analysés: 265653 Temps écoulé: 21 min, 16 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Désactivé(e) Shuriken: Activé(e) PUP: Activé(e) PUM: Activé(e) Processus: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Clés du Registre: 0 (No malicious items detected) Valeurs du Registre: 0 (No malicious items detected) Données du Registre: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Supprimé-au-redémarrage,[cf49a98723589d99cb6144f0f90b52ae] Dossiers: 0 (No malicious items detected) Fichiers: 0 (No malicious items detected) Secteurs physiques: 0 (No malicious items detected) (end)

voila le rapport R1 http://cjoint.com/?0DDrVrG7E93 et s0 http://cjoint.com/?0DDr1LevmkW

Voila le rapport MBAM la clé n'est pas en quarantaine car si je suis le chemin indiqué je la trouve dans la registre Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 29/04/2014 Heure de l'examen: 16:56:52 Fichier journal: MMMMMM.txt Administrateur: Non Version: 2.00.1.1004 Base de données Malveillants: v2014.04.29.04 Base de données Rootkits: v2014.03.27.01 Licence: Gratuite Protection contre les malveillants: Désactivé(e) Protection contre les sites Web malveillants: Désactivé(e) Chameleon: Désactivé(e) Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: Nano Type d'examen: Examen "Menaces" Résultat: Terminé Objets analysés: 202506 Temps écoulé: 5 min, 47 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Activé(e) Shuriken: Activé(e) PUP: Activé(e) PUM: Activé(e) Processus: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Clés du Registre: 0 (No malicious items detected) Valeurs du Registre: 0 (No malicious items detected) Données du Registre: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[7d9b81af433824129696072dd72d6d93] Dossiers: 0 (No malicious items detected) Fichiers: 0 (No malicious items detected) Secteurs physiques: 0 (No malicious items detected) (end)

la ligne malveillante est toujours detectée par malwarebytes ? MERCI

Voila le rapport en attendant je fais un scan MBAM MERCI A TOI All processes killed ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found. HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: ATANASSIAN ->Temp folder emptied: 743321 bytes ->Temporary Internet Files folder emptied: 128 bytes ->FireFox cache emptied: 16928902 bytes ->Flash cache emptied: 492 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Nano ->Temp folder emptied: 106334767 bytes ->Temporary Internet Files folder emptied: 34926044 bytes ->Java cache emptied: 32805 bytes ->FireFox cache emptied: 30889347 bytes ->Flash cache emptied: 5148 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5476 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43291480 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 222,00 mb OTM by OldTimer - Version 3.1.21.0 log created on 04292014_124012

qu'est ce que je fais je laisse comme ca ? ca ne risque rien merci

oui j'ai redémarre je t'ai posté le rapport et j'ai refais un scan derrière la clé est toujours la merci http://www.casimages.com/img.php?i=140428071229725186.jpg

voila j'ai tout fais mais j'ai refais un examen avec malwarbytes et la ligne PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86 existe toujours ? si je vais dans le registre il est impossible de supprimer cette clé

Voila le rapport merci Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 28/04/2014 Heure de l'examen: 17:48:32 Fichier journal: nnnnnn.txt Administrateur: Non Version: 2.00.1.1004 Base de données Malveillants: v2014.04.28.06 Base de données Rootkits: v2014.03.27.01 Licence: Gratuite Protection contre les malveillants: Désactivé(e) Protection contre les sites Web malveillants: Désactivé(e) Chameleon: Désactivé(e) Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: Nano Type d'examen: Examen "Personnalisé" Résultat: Terminé Objets analysés: 264500 Temps écoulé: 20 min, 21 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Activé(e) Shuriken: Activé(e) PUP: Activé(e) PUM: Activé(e) Processus: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Clés du Registre: 0 (No malicious items detected) Valeurs du Registre: 0 (No malicious items detected) Données du Registre: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Supprimé-au-redémarrage,[5c5a41ee1368ba7caa37b87af4108779] Dossiers: 0 (No malicious items detected) Fichiers: 17 PUP.Optional.YourFileDownloader, E:\$RECYCLE.BIN\S-1-5-21-2946007174-652853119-2129814378-1000\$RHK22XI.exe, Mis en quarantaine, [ac0a32fd2457ed4942c479a505fb8b75], PUP.Optional.Conduit.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir, Mis en quarantaine, [2d899798c9b26bcbc9da2feb49b84fb1], PUP.Optional.Conduit.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir, Mis en quarantaine, [edc95ad5fe7de551802336e44fb29070], PUP.Optional.Conduit.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir, Mis en quarantaine, [9521a689fe7d2a0c2e7526f42fd2ce32], PUP.Optional.Conduit.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir, Mis en quarantaine, [fcbaff30007bca6c8a190e0c986903fd], PUP.Optional.Conduit.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir, Mis en quarantaine, [189e949b5d1eae88ddc61505c63bf10f], PUP.Optional.Conduit.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir, Mis en quarantaine, [12a40e21443741f5257e34e6877ae719], PUP.Optional.Conduit.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir, Mis en quarantaine, [8c2a7eb1582379bdbbe8ce4c659cb14f], PUP.Optional.Conduit.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir, Mis en quarantaine, [3383042bfe7d7cba0e958a90eb160bf5], PUP.Optional.Conduit.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir, Mis en quarantaine, [ebcbfc339be07cba178c6fab659c9769], PUP.Optional.Conduit.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir, Mis en quarantaine, [a3132f004b3091a5396a5fbb897838c8], PUP.Optional.IEPluginService.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir, Mis en quarantaine, [dadc43ec88f361d5e329bca95fa2857b], PUP.Optional.SupTab.A, E:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir, Mis en quarantaine, [feb83ef1a5d689ad004d979e1de331cf], PUP.Optional.SupTab.A, E:\AdwCleaner\Quarantine\C\Users\ATANASSIAN\AppData\Roaming\SupTab\SupTab.dll.vir, Mis en quarantaine, [a115d659abd06dc91f2e211418e8cc34], PUP.Optional.Babylon.A, F:\Logiciels\Unlocker1.9.2.exe, Mis en quarantaine, [4e6872bdb8c35adcd071e81a5ba67987], PUP.Optional.Babylon.A, F:\Logiciels\unlocker_1-9-2_fr_20237.exe, Mis en quarantaine, [6650cb647efdfa3c88b91ae84cb556aa], PUP.Optional.OpenCandy, F:\Logiciels\ecran veille yo-windows\yosetup.exe, Mis en quarantaine, [d9dd63ccc1baf44290d33d194db7c13f], Secteurs physiques: 0 (No malicious items detected) (end)

la ligne malveillante existe toujours dans malwarebytes ? MERCI

et Shortcut Cleaner http://cjoint.com/?0DCpGBSRLOX

http://cjoint.com/?0DCpB57W4o2 http://cjoint.com/?0DCpBiRObgY voila les deux rapport a priori il n'y avait pas de rootkit merci

Il y a toujours un element suspect dans le rapport malwarebytes je vous joint le rapport si vous pouvez y jetez un oeil merci d'avance rapport MBAM http://cjoint.com/?0DComybRkRa

http://cjoint.com/?0DCm6iTXhd3 rapport zhpfix http://cjoint.com/?0DCm7RtSmIM et fscgt merci a toi

Bonjour j'ai passé comme je le fais regulierement malwarebytes et il a detecté des logiciels malveillants je lui ai demandé d'appliquer toute les actions, le PC a redemarrer mais si je relence un scan les malveillants sont toujours la ? Merci pour vos conseils Rapport zhpdiag ~ Rapport de ZHPDiag v2014.4.26.45 - Nicolas Coolman (26/04/2014) ~ Lancé par ATANASSIAN (28/04/2014 08:18:47) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17041 MFIE: Mozilla Firefox 28.0 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows Operating System - Windows® 7, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : MHKV4 Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avira Free Antivirus v14.0.3.350 Malwarebytes Anti-Malware version 2.0.1.1004 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.12 =>.Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 13 Plugin Adobe Reader XI Java 7 Update 55 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4034 MB (51% free) System Restore: Activé (Enable) System drive C: has 388 GB (84%) free of 458 GB ---\\ Mode de connexion au système ~ Computer Name: NANO-PC ~ User Name: ATANASSIAN ~ All Users Names: Nano, HomeGroupUser$, ATANASSIAN, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\ATANASSIAN\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\ATANASSIAN\AppData\Roaming\ ~ %Desktop% : C:\Users\ATANASSIAN\Desktop\ ~ %Favorites% : C:\Users\ATANASSIAN\Favorites\ ~ %LocalAppData% : C:\Users\ATANASSIAN\AppData\Local\ ~ %StartMenu% : C:\Users\ATANASSIAN\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 388 Go of 458 Go) D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) E: Hard drive, Flash drive, Thumb drive (Free 256 Go of 327 Go) F: Hard drive, Flash drive, Thumb drive (Free 359 Go of 458 Go) G: CD-ROM drive (Free 0 Go of 0 Go) H: CD-ROM drive (Not Inserted) I: Floppy drive, Flash card reader, USB Key (Free 8 Go of 8 Go) J: Hard drive, Flash drive, Thumb drive (Free 111 Go of 368 Go) L: Floppy drive, Flash card reader, USB Key (Not Inserted) Z: Hard drive, Flash drive, Thumb drive (Free 55 Go of 95 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 14:24:45.) -- C:\Windows\Explorer.exe [2872320] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/03/2014 - 07:22:40.) -- C:\Windows\System32\wininet.dll [2260480] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/02/2011 - 07:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes Favoris (My Favorites) : 1/26 ~ Mes Documents (My Documents) : 1/2 ~ Mon Bureau (My Desktop) : 1/46 ~ Menu demarrer (Programs) : 1/22 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.293770C94202D1EA18EE27E0D3EB6A41] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032] [PID.4376] [MD5.F5ED26AB8BDD951BFAC8BBD0D68BA3E9] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992] [PID.4812] [MD5.BD2C0CDD525902E3033DAA8D08D0F015] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848] [PID.4980] [MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.5012] [MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592] [PID.5740] [MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.4912] [MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.1036] [MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe [1864368] [PID.2772] [MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.5564] [MD5.A1F8B58F1EC431485F8377A273E02223] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [390256] [PID.6860] [MD5.7EA50DC775B557AD1E06ABF3C7A2A24D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7869952] [PID.1708] [MD5.CDA9313E34887A111B8309B55BCDCD82] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.1144] [MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400] [PID.1996] [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2004] [MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400] [PID.2052] [MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.2076] [MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376] [PID.2136] [MD5.3CA1E0858B2E919C78F9BAD0B904A746] - (.Freemake - FreemakeUtilsService.) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032] [PID.2244] [MD5.6822CA012769844EB14FD6634F22C4F6] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192] [PID.2388] [MD5.C323410457AF74DBE57C295181C71376] - (...) -- C:\Program Files (x86)\TowerTilt\updateTowerTilt.exe [351008] [PID.2828] [MD5.C323410457AF74DBE57C295181C71376] - (...) -- C:\Program Files (x86)\TowerTilt\bin\utilTowerTilt.exe [351008] [PID.2956] [MD5.20E83F4632E15A5E9E716FF2E8AC7FAE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.4928] [MD5.BF5D3A2624177C413680DEF19A465AF8] - (.Intel Corporation - Intel® Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432] [PID.3408] [MD5.3EA307C51069BC72DD74A4964F2A30A9] - (.Intel Corporation - Intel® Local Management Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [366552] [PID.5712] ~ Processes Running: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: TowerTilt [64Bits] - {53d1f32a-a4e1-493c-8830-a4f3599a667f} . (.TowerTilt - TowerTilt.) -- C:\Program Files (x86)\TowerTilt\TowerTiltbho.dll ~ BHO: 3 Legitimates Filtered in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [ATANASSIAN]: Sync Folder.lnk . (...) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (.not file.) =>PUP.MyPCBackup ~ Global Startup: 1 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [iAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe O4 - HKLM\..\Run: [shadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll O4 - HKLM\..\Run: [XtrCtrlExEmotion] . (.Guillemot Corporation S.A. - Hercules Xtra Controller Main Application.) -- C:\Program Files (x86)\Hercules\Dualpix Emotion\XtrCtrlEx.exe O4 - HKLM\..\Wow6432Node\Run: [uSB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [XtrCtrlExEmotion] . (.Guillemot Corporation S.A. - Hercules Xtra Controller Main Application.) -- C:\Program Files (x86)\Hercules\Dualpix Emotion\XtrCtrlEx.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2946007174-652853119-2129814378-1000\..\Run: [EPSON SX510W Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.exe =>.Epson Seiko Corporation O4 - HKUS\S-1-5-21-2946007174-652853119-2129814378-1000\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2946007174-652853119-2129814378-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{77D956DA-66BE-4C6D-9AB4-7DE56261128A}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{F721653C-4747-45F7-9D94-D151F2B915B9}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{77D956DA-66BE-4C6D-9AB4-7DE56261128A}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{F721653C-4747-45F7-9D94-D151F2B915B9}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{77D956DA-66BE-4C6D-9AB4-7DE56261128A}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{F721653C-4747-45F7-9D94-D151F2B915B9}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Update TowerTilt (Update TowerTilt) . (...) - C:\Program Files (x86)\TowerTilt\updateTowerTilt.exe O23 - Service: Util TowerTilt (Util TowerTilt) . (...) - C:\Program Files (x86)\TowerTilt\bin\utilTowerTilt.exe O23 - Service: Service Component of VO (vosr) . (...) - C:\Users\ATANASSIAN\AppData\Roaming\VOPackage\VOsrv.exe (.not file.) =>Adware.Downware ~ Services: 22 Legitimates Filtered in 00mn 02s ---\\ Tâches planifiées en automatique (O39) [MD5.20EF7EED836BB8F1C11C4E371A60BD52] [APT] [YourFile DownloaderUpdate] (.http://yourfiledownloader.com.) -- C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe [399472] =>PUP.YourFileDownloader ~ Scheduled Task: 12 Legitimates Filtered in 00mn 02s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: ({587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys =>PUP.LinkiDoo ~ Drivers: 75 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: ChèquesEditor4.22 - (.JLF.) [HKLM][64Bits] -- ChèquesEditor_is1 O42 - Logiciel: Feature Update Service (YFD) - (...) [HKCU][64Bits] -- YourFileDownloaderUpdater O42 - Logiciel: TarotClub-2.0.0 - (.TarotClub Corp..) [HKLM][64Bits] -- {66E297AA-D2C9-4060-851F-3B8B9383ACF2}_is1 O42 - Logiciel: TowerTilt - (.TowerTilt.) [HKLM][64Bits] -- TowerTilt O42 - Logiciel: webssearches uninstaller - (.webssearches.) [HKLM][64Bits] -- webssearches uninstaller =>Hijacker.WebsSearches ~ Logic: 9 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\TowerTilt] [HKLM\Software\Wow6432Node\TowerTilt] ~ Key Software: 214 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 26/04/2014 - 07:15:02 - [] ----D C:\Program Files (x86)\ChèquesEditor5.04 O43 - CFD: 27/04/2014 - 22:18:45 - [] ----D C:\Program Files (x86)\ChèquesEditor6.00 O43 - CFD: 20/04/2014 - 21:02:26 - [] ----D C:\Program Files (x86)\TarotClub O43 - CFD: 27/04/2014 - 21:14:02 - [] ----D C:\Program Files (x86)\TowerTilt O43 - CFD: 27/04/2014 - 20:10:27 - [] ----D C:\Program Files (x86)\YourFileDownloader Updater O43 - CFD: 20/04/2014 - 16:28:25 - [] ----D C:\Program Files (x86)\ZedTV O43 - CFD: 27/04/2014 - 20:13:07 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector O43 - CFD: 27/04/2014 - 20:12:52 - [] ----D C:\ProgramData\WPM =>PUP.WpManager O43 - CFD: 19/04/2014 - 07:18:28 - [] -SH-D C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} ~ Program Folder: 137 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.718FECF22BF4BD4FC05B79AA4BEC75D0] - 17/04/2014 - 06:25:02 ---A- . (...) -- C:\Windows\Language_trs.ini [1769] O44 - LFC:[MD5.17718FD5DD39CB4A3F0B3C5A7C2678E7] - 17/04/2014 - 06:35:04 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [378949] O44 - LFC:[MD5.528F558212E5C2358F28E1624A473392] - 17/04/2014 - 07:00:13 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [24544] O44 - LFC:[MD5.B1DFE12FD3CBC407A21ABBDD7F1B424F] - 17/04/2014 - 16:16:48 ---A- . (...) -- C:\Windows\Ascd_tmp.ini [40744] O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 18/04/2014 - 05:31:53 ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559] O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 18/04/2014 - 05:32:01 ---A- . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429] O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 18/04/2014 - 05:33:03 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [347904] O44 - LFC:[MD5.28CBE9DE37E1A99BDD05441A4B208EAB] - 18/04/2014 - 18:16:32 ---A- . (...) -- C:\Windows\snp2uvc.ini [15497] O44 - LFC:[MD5.E0067DD7AE6C680CB18E3A58E7FB8DFB] - 18/04/2014 - 18:16:32 ---A- . (...) -- C:\Windows\snp2uvc.src [13022] O44 - LFC:[MD5.6A0A2BACE01320DBCEB098B98BEB490A] - 18/04/2014 - 18:16:32 ---A- . (.Pas de propriétaire - ResourceDLL.) -- C:\Windows\System32\rsnp2uvc.dll [179712] O44 - LFC:[MD5.345364877EE171A20DA4F49D5272F005] - 18/04/2014 - 18:16:32 ---A- . (.Pas de propriétaire - The utilities for device installation.) -- C:\Windows\System32\csnp2uvc.dll [301056] O44 - LFC:[MD5.BA2E864CDC01731A4F144019FB3BF598] - 18/04/2014 - 18:16:32 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [3552384] O44 - LFC:[MD5.3CF09A0A997B6F6A2929296E74B32C11] - 19/04/2014 - 15:09:16 ---A- . (...) -- C:\Windows\System32\RaCoInst.dat [14051] O44 - LFC:[MD5.5BFF54111E54B1FEEE60B9C85D6FEEDA] - 19/04/2014 - 15:11:45 ---A- . (...) -- C:\Windows\System32\RaCoInst.log [2728] O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 19/04/2014 - 16:07:06 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284] O44 - LFC:[MD5.FA48C12FDD2A32B95076577BB187FAE0] - 24/04/2014 - 11:34:44 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys [61120] =>PUP.LinkiDoo O44 - LFC:[MD5.9B5562FC16263DC91E99513CE052FF33] - 26/04/2014 - 06:02:32 ---A- . (...) -- C:\Windows\itc.dll [6110] O44 - LFC:[MD5.8E1F541053FF166E139DF3E6263CA5E2] - 26/04/2014 - 06:02:58 ---A- . (...) -- C:\Windows\Api32.dll [2423] ~ Files: 1135 Legitimates Filtered in 00mn 11s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\KeePass 2 PreLoad [Key] . (.Dominik Reichl - KeePass.) -- C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe ~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:16/07/2008 - 08:59:32 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [35840] O58 - SDL:22/04/2009 - 13:46:06 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [3552384] O58 - SDL:26/12/2013 - 06:41:40 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108856] O58 - SDL:26/12/2013 - 06:41:40 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206136] O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:24/04/2014 - 11:34:44 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys [61120] =>PUP.LinkiDoo O58 - SDL:22/08/2012 - 10:54:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232] O58 - SDL:02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296] ~ Drivers: 75 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 25/04/2014 - 08:19:14 ---A- . (...) -- C:\Users\ATANASSIAN\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin [331781] ~ 287 Fichiers temporaires (Temporary files) ~ 7 Fichiers cookies (Cookies files) ~ Files: 31 Legitimates Filtered in 00mn 04s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys ({587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64) .(.StdLib - StdLib.) - LEGACY_{587CB346-A3D8-4884-B39B-F0ED918B6F96}GW64 =>PUP.LinkiDoo ~ Legacy: 74 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup ~ BTK: 101 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 17/04/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe SS - | Demand 17/04/2014 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SS - | Auto 17/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 17/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 13/02/2013 820184 | (Intel® Capability Licensing Service TCP IP Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 19/04/2014 607048 | (TuneUp.Defrag) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe SS - | Auto 10/07/1658 0 | (vosr) . (...) - C:\Users\ATANASSIAN\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 28/10/2008 743192 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 17/04/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 17/04/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 07/05/2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe SR - | Auto 17/12/2007 163840 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.exe SR - | Auto 11/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe SR - | Auto 26/03/2014 108032 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 13/02/2013 731648 | (Intel® Capability Licensing Service Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 12/03/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe SR - | Auto 12/03/2013 366552 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe SR - | Auto 01/04/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 02/04/2014 1615192 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe SR - | Auto 02/04/2014 20541216 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe SR - | Auto 04/03/2014 922968 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 04/03/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 12/11/2009 1353544 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe SR - | Auto 27/04/2014 351008 | (Update TowerTilt) . (...) - C:\Program Files (x86)\TowerTilt\updateTowerTilt.exe SR - | Auto 27/04/2014 351008 | (Util TowerTilt) . (...) - C:\Program Files (x86)\TowerTilt\bin\utilTowerTilt.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 03s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by ATANASSIAN at 28/04/2014 08:20:09 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by ATANASSIAN at 28/04/2014 08:20:11 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13045 - (26/04/2014) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 1 [HKLM\SYSTEM\CurrentControlSet\Services\vosr] =>Adware.Downware^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller] =>Hijacker.WebsSearches^ C:\ProgramData\IePluginService =>Trojan.SProtector^ C:\ProgramData\WPM =>PUP.WpManager^ C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe =>PUP.YourFileDownloader^ ~ Additionnel Scan: 247928 Items scanned in 00mn 15s ---\\ Récapitulatif des détections trouvées sur votre station ~ MSI: 7 link(s) detected in 00mn 00s ~ 1798 Legitimates filtered by white list End of the scan (462 lines in 01mn 39s)(0)