[Résolu] Infection navigateur

[Adrix25]

Bonjour,

 

Je me suis déjà inscrits sur plusieurs forums pour essayer de me débarrasser de mes différentes petites infections qi me gâchent pas mal la vie lorsque je suis sur le web. ^^

 

Le dernier forum m'a conseillé de venir vers vous (http://forum.malekal.com/).

 

Voici mon rapport ZHP :

 

 

Rapport de ZHPDiag v2013.8.1.3 par Nicolas Coolman, Update du 01/08/2013

Run by Administrateur at 02/08/2013 23:31:14

WebSite: Home - Malicius Software Information

State : Version à jour.

WhiteList : Enable

High Elevated Privileges : OK

UAC : Not Found

 

 

---\\ Web Browser

MSIE: Internet Explorer v7.0.5730.13

MFIE: Mozilla Firefox 15.0.1

GCIE: Google Chrome v28.0.1500.95 (Defaut)

 

---\\ Windows Product Information

~ Langage: Français

Windows XP Professional Service Pack 3 (Build 2600)

Windows Automatic Updates : OK

Windows Genuine Advantage : OK

 

---\\ System Protection

Avira Free Antivirus v13.0.0.3884

Malwarebytes' Anti-Malware

 

---\\ System Optimizer

CCleaner =>Piriform Ltd

 

---\\ Peer To Peer (P2P)

Vuze v5.0.0.0 =>P2P.Azureus

 

---\\ Software Update

Adobe Flash Player 11 Plugin

Adobe Reader XI

Java 7 Update 15

 

---\\ System Information

~ Processor: x86 Family 16 Model 4 Stepping 2, AuthenticAMD

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 2046 MB (53% free)

System Restore: Activé (Enable)

System drive C: has 98 GB (33%) free of 298 GB

 

---\\ Logged in mode

~ Computer Name: ADRIX

~ User Name: Administrateur

~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,

~ Unselected Option: None

Logged in as Administrator

 

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\

~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\

~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\

~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\

~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\

~ %Windir% : C:\WINDOWS\

~ %System% : C:\WINDOWS\system32\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 98 Go of 298 Go)

D:\ CD-ROM drive (Free 0 Go of 0 Go)

F:\ CD-ROM drive (Not Inserted)

 

 

 

---\\ Security Center & Tools Informations

~ Security Center: 33 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]

[MD5.951A8D2E2A7082C8F32005CEAE1A14C3] - (.Microsoft Corporation - Internet Extensions for Win32.) (.07/06/2013 - 22:30:38.) -- C:\WINDOWS\system32\wininet.dll [841216]

[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]

[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]

[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]

[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]

[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]

[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]

[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]

[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]

[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]

[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]

[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]

[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]

[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]

[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]

[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.04/10/2008 - 13:38:02.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]

[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]

[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 08:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]

[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]

[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]

~ Generic Processes: Scanned in 00mn 00s

 

 

 

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 0/9845

~ Mes musiques (My Musics) : 10/3769

~ Mes Videos (My Videos) : 1/11

~ Mes Favoris (My Favorites) : 1/8

~ Mes Documents (My Documents) : 1/29954

~ Mon Bureau (My Desktop) : 0/3865

~ Menu demarrer (Programs) : 1/43

~ Hidden Files: Scanned in 00mn 07s

 

 

 

---\\ Processus lancés

[MD5.E34CBC289982C0B64B92F536A5776964] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [573440] [PID.1148]

[MD5.F720502AAA03FAB627A96E5EAADAA28D] - (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) -- C:\Program Files\WinZipper\winzipersvc.exe [424104] [PID.1824]

[MD5.99387251353598C939592FAF40DF8AA9] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024] [PID.1972]

[MD5.5AC9D06768D112A1377F2E6161AD17B0] - (.SSC Localization Group - SSC Service Utility.) -- C:\Program Files\SSC Service Utility\ssc_serv.exe [665600] [PID.356]

[MD5.E681281D9BFC9D45D3B72532717E5880] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.360]

[MD5.B376AF03DEFF319984E58ADB84D78FE7] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16851456] [PID.396]

[MD5.D050311A72D10D4D2CFFACF5728FC978] - (.DT Soft Ltd. - Virtual DAEMON Manager.) -- C:\Program Files\DAEMON Tools\daemon.exe [133016] [PID.416]

[MD5.BE04ACE33529DC138FE0F180BF750E0A] - (.Guillemot Corporation S.A. - Hercules Xtra Controller Main Application.) -- C:\Program Files\Hercules\Blog Webcam\XtrCtrl.exe [2913576] [PID.440]

[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.580]

[MD5.4631FF0EE2964CCDC646AF807CB778F5] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144] [PID.608]

[MD5.25CA1677AAA3CDC99CD4FCF940886F3C] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [49152] [PID.680]

[MD5.D0AC482B584F244B0E10B465CFC6DEC5] - (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\SFR\Kit\9props.exe [955712] [PID.708]

[MD5.B0136786E9007FDF765126329787B454] - (.Pas de propriétaire - NetgearCUv2 MFC Application.) -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [1486848] [PID.768]

[MD5.8491FDA93507F2F27FFBA11372764086] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088] [PID.2492]

[MD5.1758AF653723679E3746FC7DDD93C69B] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.2564]

[MD5.47BEAA841455FBEFBAD547A3D2ADDE10] - (.Pas de propriétaire - Printer Communication System.) -- C:\WINDOWS\system32\LMabcoms.exe [593920] [PID.2620]

[MD5.2AAE889742376EDC5C3203DFB74F28FD] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [877864] [PID.2676]

[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.2864]

[MD5.62066C65AF8C2BF009542ABF96549FD6] - (.Raxco Software, Inc. - PD91Agent Module.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [693512] [PID.2880]

[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\WINDOWS\system32\IoctlSvc.exe [81920] [PID.2896]

[MD5.68C105908A54D734D2B154DB546F562E] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76856] [PID.3476]

[MD5.696EB1F22EC71262BB8188639DBEED3E] - (.Avira Operations GmbH & Co. KG - Avira WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [589368] [PID.3492]

[MD5.5DFE72B9F1FF669070FC032090B7B982] - (.Sun Microsystems, Inc. - Java Update Checker.) -- C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe [507312] [PID.344]

[MD5.ECCA7F72A24C7CF43131946C076689D1] - (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [846288] [PID.4052]

[MD5.FD854C8CB3AED38E1F622A9B495B320F] - (.Adobe Systems, Incorporated - Adobe Photoshop CS3.) -- C:\Program Files\Adobe\Adobe PhotoShop CS3\Photoshop.exe [44814336] [PID.3828]

[MD5.7B0381EE7606DD45D2614910B41238D9] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7589888] [PID.4964]

[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2200]

~ Processes Running: Scanned in 00mn 02s

 

 

 

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

G1 - GCS: Preference [user Data\Default] Google

G2 - GCE: Preference [user Data\Default] [aaaaacalgebmfelllfiaoknifldpngjh] Avira SearchFree Toolbar plus Web Protection v.20.53263, (Désactivé) =>Toolbar.Avira

~ Google Browser: 7 Legitimates Filtered in 00mn 03s

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\prefs.js

M3 - MFPP: Plugins - [Administrateur] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\youtube---videos.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\MediaDICO-fr.xml

M2 - MFEP: prefs.js [Administrateur - t3i2mr5p.default\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com] [] Plus-HD-2.2 v (..) =>Adware.PlusHD

~ Firefox Browser: 36 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)

~ IE Browser: 12 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

 

 

 

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs

F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 20

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: Avira SearchFree Toolbar plus Web Protection BHO - {41564952-412D-5637-00A7-7A786E7484D7} . (...) -- "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (.not file.) =>Toolbar.Avira

~ BHO: 8 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (...) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Avira

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} Clé orpheline

~ Toolbar: Scanned in 00mn 00s

 

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [sSC Service Utility] . (.SSC Localization Group - SSC Service Utility.) -- C:\Program Files\SSC Service Utility\ssc_serv.exe

O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe

O4 - HKLM\..\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

O4 - HKLM\..\Run: [DAEMON Tools] . (.DT Soft Ltd. - Virtual DAEMON Manager.) -- C:\Program Files\DAEMON Tools\daemon.exe

O4 - HKLM\..\Run: [CamserviceBlog] . (.Guillemot Corporation S.A. - Hercules Xtra Controller Main Application.) -- C:\Program Files\Hercules\Blog Webcam\XtrCtrl.exe

O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 5.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

O4 - HKCU\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\SFR\Kit\9props.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] Clé orpheline

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] Clé orpheline

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] Clé orpheline

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll

O4 - HKUS\S-1-5-21-789336058-813497703-682003330-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-789336058-813497703-682003330-500\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

O4 - HKUS\S-1-5-21-789336058-813497703-682003330-500\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\SFR\Kit\9props.exe

~ Application: Scanned in 00mn 00s

 

 

 

---\\ Autres liens utilisateurs (O4)

O4 - GS\Programs: Adobe Bridge.lnk . (.Adobe Systems, Inc. - Adobe Bridge.) -- C:\Program Files\Adobe\Adobe Bridge\Bridge.exe

O4 - GS\Programs: Adobe Help Center.lnk . (.Adobe Systems Incorporated - Pas de description.) -- C:\Program Files\Adobe\Adobe Help Center\ahc.exe

O4 - GS\Programs: Adobe Illustrator CS.lnk . (.Adobe Systems, Inc. - Adobe Illustrator.) -- C:\Program Files\Adobe\Illustrator CS\Support Files\Contents\Windows\Illustrator.exe

O4 - GS\Programs: Adobe Illustrator CS2.lnk . (.Adobe Systems, Inc. - Adobe Illustrator.) -- C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe

O4 - GS\Programs: Adobe Reader XI.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico

O4 - GS\Programs: eMule.lnk . (.http://emulemorph.sourceforge.net - eMule.) -- C:\Program Files\emule\eMule.exe

O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - GS\Programs: PerfectDisk 2008.lnk . (...) -- C:\WINDOWS\Installer\{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}\MenuStartPD9_2B6EC03E6FA04D7C9CCE1B03819AB613.exe

O4 - GS\Programs: Vuze.lnk . (.Azureus Software, Inc - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus

O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe

O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe

O4 - GS\Programs: Dreamweaver CS3.lnk . (.PortableAppZ.blogspot.com (Bernat) - Dreamweaver Portable.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS3\DreamweaverPortable.exe

O4 - GS\Programs: Foxit Reader.lnk . (...) -- C:\Program Files\Foxit Reader\Foxit Reader.exe

O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\Programs: PerfectDisk 2008.lnk . (...) -- C:\Program Files\Raxco\PerfectDisk2008\pd_launcher.bat

O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe

~ Global Startup: Scanned in 00mn 01s

 

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO

~ IE Extra Buttons: Scanned in 00mn 00s

 

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\WINDOWS\Java\classes\xmldso.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

~ Objets ActiveX: Scanned in 00mn 00s

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{17E3C17D-26BF-44C4-ADA3-05D99B58C168}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{17E3C17D-26BF-44C4-ADA3-05D99B58C168}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{17E3C17D-26BF-44C4-ADA3-05D99B58C168}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

~ Domain: Scanned in 00mn 00s

 

 

 

---\\ Protocole additionnel (O18)

O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll

~ Protocole Additionnel: Scanned in 00mn 00s

 

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll

O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll

O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll

O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll

O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll

O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: WgaLogon . (...) -- WgaLogon.dll

O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll

~ Winlogon: Scanned in 00mn 00s

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: PD91Agent (PD91Agent) . (.Raxco Software, Inc. - PD91Agent Module.) - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - C:\Program Files\WinZipper\winzipersvc.exe

O23 - Service: Wsys Service (WsysSvc) . (...) - C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity

~ Services: 13 Legitimates Filtered in 00mn 02s

 

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Desktop Component 0: (no name) - file:file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

 

 

 

---\\ BootExecute (O34)

O34 - HKLM BootExecute: (PDBoot.exe) - File not found

~ BEX: 2 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: Stream Torrent 1.0 - (...) [HKLM] -- StreamTorrent 1.0

~ Logic: 130 Legitimates Filtered in 00mn 00s

 

 

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\Superchips]

[HKCU\Software\TVANTS]

[HKLM\Software\7F68A003]

~ Key Software: 257 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 05/08/2009 - 19:51:15 - [14,517] ----D C:\Program Files\Samurize

O43 - CFD: 29/04/2012 - 11:04:01 - [0] ----D C:\Program Files\searchweb

O43 - CFD: 08/11/2009 - 22:16:08 - [2,584] ----D C:\Program Files\StreamTorrent 1.0

O43 - CFD: 08/11/2009 - 22:16:09 - [0,143] ----D C:\Documents and Settings\Administrateur\Application Data\StreamTorrent

O43 - CFD: 08/11/2009 - 22:16:08 - [0,001] ----D C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Stream Torrent 1.0

~ Program Folder: 187 Legitimates Filtered in 00mn 27s

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.BF6D48B2F9F384F9C5C8DCBA774DEFE4] - 02/08/2013 - 22:09:36 ---A- . (...) -- C:\WINDOWS\wiadebug.log [401]

O44 - LFC:[MD5.D2EC9EE2FE684CCB4746D60586075B6F] - 02/08/2013 - 12:10:33 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]

O44 - LFC:[MD5.6288DAEFEBB8BAF4061621E3CBD42064] - 02/08/2013 - 12:10:15 ---A- . (...) -- C:\WINDOWS\system32\ativvaxx.cap [45668]

~ Files: 16 Legitimates Filtered in 00mn 04s

 

 

 

---\\ Export de clé d'application autorisée (O47)

O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Local Settings\Temp\Update_9fb5.exe" [Enabled] .(...) -- C:\Documents and Settings\Administrateur\Local Settings\Temp\Update_9fb5.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\lmabcoms.exe" [Enabled] .(..) -- C:\WINDOWS\system32\lmabcoms.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Google\Google Talk\googletalk.exe" [Enabled] .(...) -- C:\Program Files\Google\Google Talk\googletalk.exe (.not file.)

~ Keys Export: 11 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - taskmgr.exe - "C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE"

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

~ IFEO: Scanned in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuPinnedList"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMConfigurePrograms"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsHistory"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMMyDocs"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMMyPictures"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuMyMusic"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoNetworkConnections"=1

~ MWPE Keys: 17 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.6E58654CB25730B2579E45E1FD116A47] - 04/10/2008 - 14:02:22 ---A- . (.Advanced Micro Devices - AMD PCI SATA/IDE Bus Driver.) -- C:\WINDOWS\system32\Drivers\AMDIDE.sys [9096]

O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]

~ Drivers: Scanned in 00mn 00s

 

 

 

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)

O61 - LFC: 01/08/2013 - 07:40:21 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences.bad [117007]

O61 - LFC: 01/08/2013 - 07:42:22 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000742.sst [231]

O61 - LFC: 01/08/2013 - 07:51:38 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\Origins\CURRENT [16]

O61 - LFC: 01/08/2013 - 07:51:38 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000067 [107]

O61 - LFC: 01/08/2013 - 07:51:40 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\Origins\LOG [145]

O61 - LFC: 01/08/2013 - 07:52:08 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager [15360]

O61 - LFC: 01/08/2013 - 07:52:09 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager-journal [8768]

O61 - LFC: 01/08/2013 - 11:18:26 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000751.sst [231]

O61 - LFC: 01/08/2013 - 11:20:45 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_disqus.com_0.localstorage [5120]

O61 - LFC: 01/08/2013 - 11:20:45 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_disqus.com_0.localstorage-journal [5672]

O61 - LFC: 01/08/2013 - 11:20:45 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.progeek.fr_0.localstorage [3072]

O61 - LFC: 01/08/2013 - 11:20:45 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.progeek.fr_0.localstorage-journal [512]

O61 - LFC: 01/08/2013 - 11:24:24 ---A- C:\Documents and Settings\Administrateur\Mes documents\Downloads\AdwCleaner-2.306.exe [666633]

O61 - LFC: 01/08/2013 - 12:37:20 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\Installer\setup.exe [1173456]

O61 - LFC: 01/08/2013 - 12:39:20 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\Installer\chrome.7z [126382908]

O61 - LFC: 01/08/2013 - 12:39:23 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\VisualElementsManifest.xml [396]

O61 - LFC: 01/08/2013 - 12:39:24 ---A- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2369]

O61 - LFC: 01/08/2013 - 12:39:25 ---A- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Google Chrome\Google Chrome.lnk [2363]

O61 - LFC: 01/08/2013 - 19:14:55 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cricfree.tv_0.localstorage [12288]

O61 - LFC: 01/08/2013 - 19:14:55 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cricfree.tv_0.localstorage-journal [12896]

O61 - LFC: 01/08/2013 - 19:39:11 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_fr.start.gamigo.com_0.localstorage [3072]

O61 - LFC: 01/08/2013 - 19:39:11 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_fr.start.gamigo.com_0.localstorage-journal [3608]

O61 - LFC: 01/08/2013 - 20:17:36 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.netechangisme.com_0.localstorage [3072]

O61 - LFC: 01/08/2013 - 20:17:36 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.netechangisme.com_0.localstorage-journal [3608]

O61 - LFC: 02/08/2013 - 07:50:44 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.meetic.fr_0.localstorage [3072]

O61 - LFC: 02/08/2013 - 07:50:44 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.meetic.fr_0.localstorage-journal [3608]

O61 - LFC: 02/08/2013 - 08:29:52 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites [880640]

O61 - LFC: 02/08/2013 - 08:29:52 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal [16384]

O61 - LFC: 02/08/2013 - 11:31:32 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.dailymotion.com_0.localstorage [3072]

O61 - LFC: 02/08/2013 - 11:31:32 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.dailymotion.com_0.localstorage-journal [3608]

O61 - LFC: 02/08/2013 - 12:05:27 ---A- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Windows Media Player.lnk [764]

O61 - LFC: 02/08/2013 - 12:06:38 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb [31936512]

O61 - LFC: 02/08/2013 - 12:07:57 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage [143360]

O61 - LFC: 02/08/2013 - 12:07:57 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage-journal [16384]

O61 - LFC: 02/08/2013 - 12:10:18 -SHA- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-789336058-813497703-682003330-500\Credentials [12802]

O61 - LFC: 02/08/2013 - 12:11:38 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old [148]

O61 - LFC: 02/08/2013 - 12:11:40 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old [151]

O61 - LFC: 02/08/2013 - 12:26:47 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Tabs [184062]

O61 - LFC: 02/08/2013 - 12:26:48 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache [3920025]

O61 - LFC: 02/08/2013 - 12:26:48 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Session [1330061]

O61 - LFC: 02/08/2013 - 12:26:48 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old [792]

O61 - LFC: 02/08/2013 - 12:26:48 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links [1040432]

O61 - LFC: 02/08/2013 - 21:55:34 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16]

O61 - LFC: 02/08/2013 - 21:55:35 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG [148]

O61 - LFC: 02/08/2013 - 21:55:36 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT [16]

O61 - LFC: 02/08/2013 - 21:55:36 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG [151]

O61 - LFC: 02/08/2013 - 21:55:36 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-002688 [652]

O61 - LFC: 02/08/2013 - 21:55:37 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]

O61 - LFC: 02/08/2013 - 21:56:54 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.adopteunmec.com_0.localstorage [3072]

O61 - LFC: 02/08/2013 - 21:56:54 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.adopteunmec.com_0.localstorage-journal [512]

O61 - LFC: 02/08/2013 - 21:58:37 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\018315.sst [147]

O61 - LFC: 02/08/2013 - 21:58:37 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-018312 [268]

O61 - LFC: 02/08/2013 - 21:58:38 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG [644]

O61 - LFC: 02/08/2013 - 22:00:20 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data [86016]

O61 - LFC: 02/08/2013 - 22:00:20 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal [14904]

O61 - LFC: 02/08/2013 - 22:01:39 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Certificate Revocation Lists [257258]

O61 - LFC: 02/08/2013 - 22:02:43 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_0 [45056]

O61 - LFC: 02/08/2013 - 22:02:43 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_1 [270336]

O61 - LFC: 02/08/2013 - 22:02:58 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_imagesrv.adition.com_0.localstorage [3072]

O61 - LFC: 02/08/2013 - 22:02:58 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_imagesrv.adition.com_0.localstorage-journal [3608]

O61 - LFC: 02/08/2013 - 22:03:01 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_get4cdn.com_0.localstorage [3072]

O61 - LFC: 02/08/2013 - 22:03:01 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_get4cdn.com_0.localstorage-journal [3608]

O61 - LFC: 02/08/2013 - 22:03:07 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-06 [41172992]

O61 - LFC: 02/08/2013 - 22:03:07 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-06-journal [16384]

O61 - LFC: 02/08/2013 - 22:05:46 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bh.contextweb.com_0.localstorage [3072]

O61 - LFC: 02/08/2013 - 22:05:46 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bh.contextweb.com_0.localstorage-journal [512]

O61 - LFC: 02/08/2013 - 22:07:08 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.commentcamarche.net_0.localstorage [3072]

O61 - LFC: 02/08/2013 - 22:07:08 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.commentcamarche.net_0.localstorage-journal [3608]

O61 - LFC: 02/08/2013 - 22:10:49 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.laredoute.fr_0.localstorage [3072]

O61 - LFC: 02/08/2013 - 22:10:49 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.laredoute.fr_0.localstorage-journal [3608]

O61 - LFC: 02/08/2013 - 22:10:50 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_lr.iadvize.com_0.localstorage [3072]

O61 - LFC: 02/08/2013 - 22:10:50 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_lr.iadvize.com_0.localstorage-journal [3608]

O61 - LFC: 02/08/2013 - 22:14:23 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [208896]

O61 - LFC: 02/08/2013 - 22:14:23 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal [16384]

O61 - LFC: 02/08/2013 - 22:15:09 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-05 [30556160]

O61 - LFC: 02/08/2013 - 22:15:09 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-05-journal [16384]

O61 - LFC: 02/08/2013 - 22:24:24 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_secure.shared.live.com_0.localstorage [100352]

O61 - LFC: 02/08/2013 - 22:24:24 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_secure.shared.live.com_0.localstorage-journal [16384]

O61 - LFC: 02/08/2013 - 22:24:51 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Archived History [26288128]

O61 - LFC: 02/08/2013 - 22:24:51 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Archived History-journal [16384]

O61 - LFC: 02/08/2013 - 22:26:26 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download [656488]

O61 - LFC: 02/08/2013 - 22:26:28 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom [10153372]

O61 - LFC: 02/08/2013 - 22:26:29 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [2037220]

O61 - LFC: 02/08/2013 - 22:26:29 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135184]

O61 - LFC: 02/08/2013 - 22:26:29 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist [19656]

O61 - LFC: 02/08/2013 - 22:26:29 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist [5924]

O61 - LFC: 02/08/2013 - 22:29:11 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\TransportSecurity [2201]

O61 - LFC: 02/08/2013 - 22:29:34 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons [5627904]

O61 - LFC: 02/08/2013 - 22:29:34 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal [16384]

O61 - LFC: 02/08/2013 - 22:29:34 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History [11948032]

O61 - LFC: 02/08/2013 - 22:29:34 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-07 [30994432]

O61 - LFC: 02/08/2013 - 22:29:34 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-07-journal [16384]

O61 - LFC: 02/08/2013 - 22:29:34 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-08 [2396160]

O61 - LFC: 02/08/2013 - 22:29:35 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-08-journal [16384]

O61 - LFC: 02/08/2013 - 22:31:27 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies [6144]

O61 - LFC: 02/08/2013 - 22:31:27 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal [4640]

O61 - LFC: 02/08/2013 - 22:31:39 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [82913]

O61 - LFC: 02/08/2013 - 22:32:01 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [1015808]

O61 - LFC: 02/08/2013 - 22:32:01 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal [16384]

O61 - LFC: 02/08/2013 - 22:32:07 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor [708608]

O61 - LFC: 02/08/2013 - 22:32:07 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal [16384]

O61 - LFC: 02/08/2013 - 22:32:07 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts [417792]

O61 - LFC: 02/08/2013 - 22:32:07 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal [16384]

O61 - LFC: 02/08/2013 - 22:32:08 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal [49760]

O61 - LFC: 02/08/2013 - 22:32:16 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_badoo.com_0.localstorage [172032]

O61 - LFC: 02/08/2013 - 22:32:16 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_badoo.com_0.localstorage-journal [36632]

O61 - LFC: 02/08/2013 - 22:32:16 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Local State [36020]

O61 - LFC: 14/02/2002 - 20:19:56 ---A- C:\Documents and Settings\Administrateur\Mes documents\Utilitaire\Pack Ciel (compta-devis-factures)+crack ok marche...by Dadi\Pack Ciel - Compta Devis Facture Gestion Crack(1)\Ciel Compta 10.00 FR\Install\esauvegarde\ikernel.ex_ [344923]

O61 - LFC: 14/02/2002 - 20:19:56 ---A- C:\Documents and Settings\Administrateur\Mes documents\Utilitaire\Pack Ciel (compta-devis-factures)+crack ok marche...by Dadi\Pack Ciel - Compta Devis Facture Gestion Crack(1)\Ciel Gestion Commerciale 10.00 FR\Install\e-Commerce\ikernel.ex_ [344923]

O61 - LFC: 14/02/2002 - 20:19:56 ---A- C:\Documents and Settings\Administrateur\Mes documents\Utilitaire\Pack Ciel (compta-devis-factures)+crack ok marche...by Dadi\Pack Ciel - Compta Devis Facture Gestion Crack(1)\Ciel Gestion Commerciale 10.00 FR\Install\eSauvegarde\ikernel.ex_ [344923]

O61 - LFC: 18/02/1996 - 17:33:06 ---A- C:\Documents and Settings\Administrateur\Mes documents\Utilitaire\Pack Ciel (compta-devis-factures)+crack ok marche...by Dadi\Pack Ciel - Compta Devis Facture Gestion Crack(1)\Ciel Compta 10.00 FR\Install\_INST32I.EX_ [306748]

O61 - LFC: 18/02/1996 - 17:33:06 ---A- C:\Documents and Settings\Administrateur\Mes documents\Utilitaire\Pack Ciel (compta-devis-factures)+crack ok marche...by Dadi\Pack Ciel - Compta Devis Facture Gestion Crack(1)\Ciel Gestion Commerciale 10.00 FR\Install\_INST32I.EX_ [306748]

O61 - LFC: 25/02/2003 - 06:43:10 ---A- C:\Documents and Settings\Administrateur\Mes documents\Utilitaire\Pack Ciel (compta-devis-factures)+crack ok marche...by Dadi\Pack Ciel - Compta Devis Facture Gestion Crack(1)\Ciel Compta 10.00 FR\Utilitaire Recup Societe\ikernel.ex_ [346602]

O61 - LFC: 30/07/2013 - 08:10:43 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_secure-au.imrworldwide.com_0.localstorage [3072]

O61 - LFC: 30/07/2013 - 08:10:43 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_secure-au.imrworldwide.com_0.localstorage-journal [3608]

O61 - LFC: 30/07/2013 - 11:59:22 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_en.wikipedia.org_0.localstorage [3072]

O61 - LFC: 30/07/2013 - 11:59:22 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_en.wikipedia.org_0.localstorage-journal [3608]

O61 - LFC: 30/07/2013 - 12:05:32 ---A- C:\Documents and Settings\Administrateur\Mes documents\Downloads\Katanagatari 01 à 07 HD Vostfr [Ms-FR].torrent [20681]

O61 - LFC: 30/07/2013 - 14:18:22 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000729.sst [253]

O61 - LFC: 30/07/2013 - 14:18:41 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\002647.sst [347]

O61 - LFC: 30/07/2013 - 15:30:00 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\28.0.1500.95\28.0.1500.95_28.0.1500.72_chrome_updater.exe [784224]

O61 - LFC: 30/07/2013 - 23:19:35 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage [6144]

O61 - LFC: 30/07/2013 - 23:19:35 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage-journal [6704]

O61 - LFC: 31/07/2013 - 08:18:39 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_mediacdn.disqus.com_0.localstorage [66560]

O61 - LFC: 31/07/2013 - 08:18:39 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_mediacdn.disqus.com_0.localstorage-journal [16384]

O61 - LFC: 31/07/2013 - 19:07:46 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\CURRENT [16]

O61 - LFC: 31/07/2013 - 19:07:46 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\LOCK [0]

O61 - LFC: 31/07/2013 - 19:07:46 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\MANIFEST-000002 [50]

O61 - LFC: 31/07/2013 - 19:07:47 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo\LOG [47]

O61 - LFC: 31/07/2013 - 22:46:48 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0\10 [20480]

O61 - LFC: 31/07/2013 - 22:46:49 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\Origins\LOG.old [145]

~ 8 Fichiers temporaires (Temporary files)

~ 7 Fichiers cookies (Cookies files)

~ Files: 987 Legitimates Filtered in 02mn 51s

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: HijackThis 1.99.1 - (.Soeperman Enterprises Ltd..) [HKLM] -- HijackThis

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

~ ADS: Scanned in 00mn 00s

 

 

 

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 07/10/2009 - C:\WINDOWS\system32\LMabcoms.exe (lmab_device) .(.Pas de propriétaire - Printer Communication System.) - LEGACY_LMAB_DEVICE

O64 - Services: CurCS - 14/07/2013 - C:\Program Files\WinZipper\winzipersvc.exe (winzipersvc) .(.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - LEGACY_WINZIPERSVC

O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (WsysSvc) .(...) - LEGACY_WSYSSVC =>PUP.eSafeSecurity

~ Legacy: 139 Legitimates Filtered in 00mn 02s

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML.YFNUZN6LCAUGXXMXGAPV2636ZI>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 17 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" QVO6 =>Hijacker.Qvo6

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome.YFNUZN6LCAUGXXMXGAPV2636ZI> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - Bing

O69 - SBI: SearchScopes [HKCU] {8A244612-A1F7-11E0-95C0-E71F4824019B} - (Search) - Meet People on Badoo, Make New Friends, Chat, Flirt

O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.1232A3869AA737157FF6492AE88D4DDE] [sPRF][03/12/2009] (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat [137]

[MD5.EE86268E59E4B38961E7C40D16BE5BB4] [sPRF][16/02/2005] (.Soeperman Enterprises Ltd. - HijackThis.) -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe [218112]

[MD5.C5E5C16916D9A471AA7D81054B0AF580] [sPRF][21/06/2012] (...) -- C:\Documents and Settings\Administrateur\Bureau\ps3video9_Installer-2.25.exe [9528790]

[MD5.54ACBA9CFD7154C02CEACF6310CF3CFA] [sPRF][01/05/2012] (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Documents and Settings\Administrateur\Bureau\spybotsd162.exe [16409960]

[MD5.504F86F230A39B0C159D9BC00572A9D7] [sPRF][06/01/2007] (.© Une création GRAPHYS © 2001 - Le seul, l'unique ::: The Only Genuine One! - X'nBeep, réveil digital pour Windows XP.) -- C:\Documents and Settings\Administrateur\Bureau\XnBeep.exe [1067520]

~ Files: Scanned in 00mn 02s

 

 

 

---\\ Product Upgrade Codes (O90)

O90 - PUC: "25946514D2147365007A7A857BC02020" . (.Avira SearchFree Toolbar plus Web Protection.) -- C:\WINDOWS\Installer\{41564952-412D-5637-00A7-A758B70C0202}\ToolbarIcon.exe =>Toolbar.Avira

O90 - PUC: "9FB0ECF5AA1A3AF42AC86F4213DC254C" . (.Sony Vegas 6.0.) -- C:\WINDOWS\Installer\{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}\vegas60.ico

O90 - PUC: "B33ADC63B9099174791D4C9B3990DB7C" . (.ATI Parental Control & Encoder.) -- C:\WINDOWS\Installer\{36CDA33B-909B-4719-97D1-C4B99309BDC7}\ARPPRODUCTICON.exe

O90 - PUC: "ED6B985CFB7F22E45842351E51FEA64B" . (.Sony Media Manager 2.0.) -- C:\WINDOWS\Installer\{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}\mediamgr.ico

~ Update Products: 121 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 08/03/2012 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

SR - | Auto 27/07/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

SR - | Auto 27/07/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 27/07/2013 589368 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe

SR - | Auto 03/09/2008 573440 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe

SS - | Auto 593920 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe

SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe

SR - | Auto 20/02/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe

SR - | Auto 593920 | (lmab_device) . (...) - C:\WINDOWS\system32\LMabcoms.exe

SS - | Demand 07/09/2012 114144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Demand 0 | (MSSQLServerADHelper) . (...) - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

SR - | Auto 08/06/2008 877864 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

SS - | Demand 24/06/2008 537896 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

SR - | Auto 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe

SR - | Auto 31/12/2008 693512 | (PD91Agent) . (.Raxco Software, Inc..) - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

SS - | Demand 31/12/2008 910600 | (PD91Engine) . (.Raxco Software, Inc..) - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\WINDOWS\system32\IoctlSvc.exe

SS - | Demand 06/11/2007 92792 | (rpcapd) . (.CACE Technologies.) - C:\Program Files\WinPcap\rpcapd.exe

SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 14/07/2013 424104 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files\WinZipper\winzipersvc.exe

SS - | Auto 0 | (WsysSvc) . (...) - C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity

~ Services: Scanned in 00mn 05s

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by Administrateur at 02/08/2013 23:37:05

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe >>UNKNOWN [0x8A64F0E8]<<

1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x8A5CEAB8]

\Driver\Disk[0x8A662538] >> IRP_MJ_CREATE >> 0x8A64F0E8

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\Disk >> 0x8a64f0e8

user & kernel MBR OK

Warning: possible MBR rootkit infection !

~ MBR: 16 Legitimates Filtered in 00mn 02s

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Administrateur at 02/08/2013 23:37:07

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

 

 

 

---\\ Scan Additionnel (O88)

Database Version : v2.12834 - (01/08/2013)

Clés trouvées (Keys found) : 5

Valeurs trouvées (Values found) : 1

Dossiers trouvés (Folders found) : 2

Fichiers trouvés (Files found) : 4

 

[HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh] =>Toolbar.Avira^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}] =>Toolbar.Avira^

[HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc] =>PUP.eSafeSecurity^

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Avira^

C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com =>Adware.PlusHD^

C:\Program Files\searchweb =>Toolbar.Babylon

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh =>Toolbar.Avira^

C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Avira^

C:\WINDOWS\Installer\{41564952-412D-5637-00A7-A758B70C0202}\ToolbarIcon.exe =>Toolbar.Avira^

C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity^

~ Additionnel Scan: 228949 Items scanned in 00mn 13s

 

 

 

---\\ Récapitulatif des détections trouvées sur votre station

~ Adware.PlusHD - Malicius Software Information =>Adware.PlusHD

~ PUP.eSafeSecurity - Malicius Software Information =>PUP.eSafeSecurity

~ Hijacker.Qvo6 - Malicius Software Information =>Hijacker.Qvo6

~ Hijacker.22Find - Malicius Software Information =>Hijacker.22Find

~ Toolbar.Babylon - Malicius Software Information =>Toolbar.Babylon

~ MSI: 5 link(s) detected in 00mn 13s

 

 

 

~ 2095 Legitimates filtered by white list

End of the scan (682 lines in 06mn 07s)(0)

 

 

 

Merci pour votre aide.

[pear]

Bonjour,

 

 

1)

Il faut savoir que Spybot utilise une technologie dépassée.

Si vous ajoutez à cela les problèmes causés par la vaccination qui ralentit le système et TeaTimer qui peut faire obstacle à une désinfection.....

Préférez lui Malwarebytes' Anti-Malware (MBAM)bien plus efficace bien que ,en version libre ,il ne soit pas résident.

 

Pour désactiver TeaTimer qui ne sert à rien et peut faire échouer une désinfection:!

Sous Vista, exécuter avec privilèges Administrateur

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Effacer le contenu du dossier Snapshots(le contenu de snapshots, pas le fichier snapshots) , sous XP :

C:\Documents and Settings\All Users\Application Data\Spybot - Search &Destroy\Snapshots

Et sous Vista :

C:\ProgramData\Spybot - Search & Destroy\Snapshots

 

 

Vaccination Spybot

Si ,dans Spybot S&D vous avez vacciné, allez à l'onglet "vaccination"

cliquez sur "Vaccination" dans la colonne sur la gauche :

Cliquez sur annuler (la flèche bleue) pour annuler la vaccination.

 

Désinstaller Spybot

 

 

 

Vous devez trouver sur le bureau ces 3 icônes .

ou sinon dans le dossier où vous avez installé Zhpdiag (Program files ->Zhpdiag ->Zhpfix)

Cliquer sur l'icône Zhpfix

Sous Vista/7 clic-droit, "Exécuter En tant qu'Administrateur

Copiez/Collez les lignes vertes dans le cadre ci dessous:

pour cela;

Clic gauche maintenu enfoncé, Balayer l'ensemble du texte à copier avec la souris pour le mettre en surbrillance ,de gauche à droite et de haut en bas

Ctrl+c mettre le tout en mémoire

Ctrl+v pour inscrire le texte dans le Document ou, mieux, en cliquant le bouton Coller le presse papier au milieu,en haut, à gauche[1]

 

M2 - MFEP: prefs.js [Administrateur - t3i2mr5p.default\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com] [] Plus-HD-2.2 v (..) =>Adware.PlusHD

O23 - Service: Wsys Service (WsysSvc) . (...) - C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity

O43 - CFD: 29/04/2012 - 11:04:01 - [0] ----D C:\Program Files\searchweb => Infection BT (Adware.SocialSkinz)

O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (WsysSvc) .(...) - LEGACY_WSYSSVC =>PUP.eSafeSecurity

O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" QVO6 =>Hijacker.Qvo6

SS - | Auto 0 | (WsysSvc) . (...) - C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity

detected hooks:

[HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc] =>PUP.eSafeSecurity^

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity

C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com =>Adware.PlusHD^

C:\Program Files\searchweb =>Toolbar.Babylon

C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity^

O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Local Settings\Temp\Update_9fb5.exe" [Enabled] .(...) -- C:\Documents and Settings\Administrateur\Local Settings\Temp\Update_9fb5.exe (.not file.) => Fichier absent

[MD5.54ACBA9CFD7154C02CEACF6310CF3CFA] [sPRF][01/05/2012] (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Documents and Settings\Administrateur\Bureau\spybotsd162.exe [16409960] => Safer Networking Ltd - Spybot S&D

G2 - GCE: Preference [user Data\Default] [aaaaacalgebmfelllfiaoknifldpngjh] Avira SearchFree Toolbar plus Web Protection v.20.53263, (Désactivé) =>Toolbar.Avira

O2 - BHO: Avira SearchFree Toolbar plus Web Protection BHO - {41564952-412D-5637-00A7-7A786E7484D7} . (...) -- "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (.not file.) =>Toolbar.Avira

O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (...) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Avira

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing => Toolbar.Bing

O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing => Toolbar.Bing

O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing => Toolbar.Bing

O90 - PUC: "25946514D2147365007A7A857BC02020" . (.Avira SearchFree Toolbar plus Web Protection.) -- C:\WINDOWS\Installer\{41564952-412D-5637-00A7-A758B70C0202}\ToolbarIcon.exe =>Toolbar.Avira

[HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh] =>Toolbar.Avira^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}] =>Toolbar.Avira^

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Avira^

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh =>Toolbar.Avira^

C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Avira^

C:\WINDOWS\Installer\{41564952-412D-5637-00A7-A758B70C0202}\ToolbarIcon.exe =>Toolbar.Avira^

 

EmptyFlash

EmptyTemp

EmptyClsid

FirewallRaz

SysRestore

 

Cliquer sur "Go" |2]

 

Si vous ne voyez pas le boutonGo, cliquez sur le bouton du milieu, en haut, à gauche.[1]

Redémarrer pour achever le nettoyage.

 

Copier-coller,dans la réponse, le contenu du rapport ZHPFixReport.txt qui s'affiche .

Si besoin; il est enregistré sous C:\ZHP\ZHPFixReport.txt

 

2)Réinitialiser le navigateur

[Adrix25]

Ok je poste ça !

Modifié le 3 août 2013 par Adrix25

[Adrix25]

 

Rapport de ZHPFix 2013.7.20.5 par Nicolas Coolman, Update du 20/07/2013

Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-03-08-2013-12-41-39.txt

Run by Administrateur at 03/08/2013 12:41:39

High Elevated Privileges : OK

Windows XP Professional Service Pack 3 (Build 2600)

 

Corbeille vidée

 

========== Processus mémoire ==========

SUPPRIME Memory Process: C:\WINDOWS\Installer\{41564952-412D-5637-00A7-A758B70C0202}\ToolbarIcon.exe

 

========== Clé(s) du Registre ==========

SUPPRIME Key: Service: WsysSvc

ERREUR Key: Service Legacy: LEGACY_WSYSSVC

ABSENT Key: Service: WsysSvc

ABSENT Key: HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc

SUPPRIME Key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc

SUPPRIME Key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

SUPPRIME Key: CLSID BHO: {41564952-412D-5637-00A7-7A786E7484D7}

SUPPRIME Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]

SUPPRIME Key: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

SUPPRIME Key*: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

ABSENT SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

SUPPRIME Key: \Software\Classes\Installer\Products\\25946514D2147365007A7A857BC02020

SUPPRIME Key: \Software\Classes\Installer\Features\25946514D2147365007A7A857BC02020

SUPPRIME Key: HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh

ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}

 

========== Valeur(s) du Registre ==========

SUPPRIME AAKE KeyValue: C:\Documents and Settings\Administrateur\Local Settings\Temp\Update_9fb5.exe

SUPPRIME Toolbar: {41564952-412D-5637-00A7-7A786E7484D7}

ABSENT [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7}

SUPPRIME FirewallRaz (SP) : C:\Program Files\Skype\Plugin Manager\skypePM.exe

SUPPRIME FirewallRaz (SP) : C:\Program Files\Windows Live\Messenger\msnmsgr.exe

SUPPRIME FirewallRaz (SP) : C:\Program Files\Google\Google Talk\googletalk.exe

SUPPRIME FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe

SUPPRIME FirewallRaz (DP) : %windir%\system32\sessmgr.exe

SUPPRIME FirewallRaz (DP) : C:\Program Files\Windows Live\Messenger\msnmsgr.exe

Aucune valeur présente dans la clé d'exception du registre (FirewallRaz)

 

========== Elément(s) de donnée du Registre ==========

SUPPRIME StartMenuInternet: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" QVO6

 

========== Préférences navigateur ==========

ABSENT Folder Chrome: aaaaacalgebmfelllfiaoknifldpngjh

 

========== Dossier(s) ==========

Aucun dossiers CLSID Local utilisateur vide

 

========== Fichier(s) ==========

ABSENT File: c:\documents and settings\all users\application data\esafe\egdpsvc.exe

ABSENT Folder/File: c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\t3i2mr5p.default\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com

ABSENT Folder/File: c:\program files\searchweb

ABSENT Folder/File: c:\documents and settings\all users\application data\esafe\egdpsvc.exe

ABSENT File: c:\documents and settings\administrateur\local settings\temp\update_9fb5.exe

ABSENT Folder/File: c:\documents and settings\administrateur\bureau\spybotsd162.exe ltd - spybot s&d

SUPPRIME File: c:\documents and settings\administrateur\local settings\application data\google\chrome\user data\default\preferences

ABSENT File: c:\program files\askpartnernetwork\toolbar\avira-v7\passport.dll

ABSENT Folder/File: c:\documents and settings\administrateur\local settings\application data\google\chrome\user data\default\extensions\aaaaacalgebmfelllfiaoknifldpngjh

ABSENT Folder/File: c:\program files\askpartnernetwork\toolbar\avira-v7\passport.dll

SUPPRIME File*: c:\windows\installer\{41564952-412d-5637-00a7-a758b70c0202}\toolbaricon.exe

SUPPRIME Flash Cookies

SUPPRIME Temporaires Windows

 

========== Restauration Système ==========

Point de restauration du système créé avec succès

 

========== Autre ==========

NON TRAITE detected hooks:

 

 

========== Récapitulatif ==========

1 : Processus mémoire

15 : Clé(s) du Registre

10 : Valeur(s) du Registre

1 : Elément(s) de donnée du Registre

1 : Dossier(s)

13 : Fichier(s)

1 : Préférences navigateur

1 : Restauration Système

1 : Autre

 

 

End of clean in 00mn 28s

 

========== Chemin de fichier rapport ==========

C:\ZHP\ZHPFix[R1].txt - 03/08/2013 12:41:39 [4496]

 

 

[pear]

C'est propre.

 

Pubs intempestives ?

Par exemple:

01NetToolbar ,Conduit, Babylone,Delta Search , Wajam Kiwee etc..

01net depuis quelques temps repack des logiciels pour y ajouter des programmes parasites qui sont d'ailleurs précochés.

Alors .ATTENTION

Le but est de gagner de l'argent à chaque installation réussie.

 

Pour vous éviter ou, au moins ,limiter ce genre de problèmes:

 

1)Cliquez sur le lien suivant

Comment se protéger des Pups Indésirables

2)Quelques solutions complémentaires

HOSTS Anti-PUPs/Adware modifie votre fichier HOSTS afin de vous protéger des sites distribuant les PUPs/LPIs et Adwares :

 

http://www.malekal.com/2012/01/10/hosts-anti-pupsadware/

 

Filtrer les PUPs/Adwares (programmes parasites) les plus fréquents avec :

HOSTS Anti-PUPs/Adwares

Le message ci-dessous va s’ouvrir – Cliquez sur OK pour lancer l’installation :

 

Le programme va créer un dossier dans %PROGRAMDIR/Hosts_Anti_Adwares_PUPs, un service HOSTS Anti-PUPs et une Clef Run.

Enfin un raccourci Desinstaller_HOSTS_Anti-PUPs est créer sur le bureau si vous souhaitez désinstaller HOSTS_Anti-PUPs/Adware

 

Le programme va donc être lancé à chaque démarrage le fichier HOSTS.txt sera téléchargé pour mettre à jour le fichier HOSTS de filtrage.

Le programme va aussi checker la version, dans le cas où une nouvelle version est disponible, le programme va la télécharger et l’installer.

 

Si vous souhaitez désinstaller HOSTS_Anti-PUPs/Adware, lancez le raccourci qui a été créé sur le bureau.

 

Et ,si ce n'est déjà fait,installez ces 2 extensions pour Firefox:

 

Adblock+ 2.2.1

Ghostery 2.8.4

 

Ce logiciel va désinstaller les outils utilisés pour la désinfection:

 

Télécharger DelFix de Xplode

 

Lancez-le.

 

Cochez [suppression des outils]

et Cliquez [Exécuter]

 

 

Si vous pensez que votre problème a trouvé une solution, et afin que ceux qui la cherchent en profitent,

éditez votre premier message (Edition complète)et, dans le titre, inscrivez Résolu.

[1] En bas de votre premier message, cliquer sur [Modifier]

[2] En bas de l'éditeur qui s'ouvre, cliquer sur [utiliser l'éditeur complet]

[3] En haut de l'éditeur complet, ajouter [Résolu] au début du titre de votre sujet.

[Adrix25]

J'utilise Chrome donc j'ai pu ajouter Adblock mais pas l'autre qui semble spécifique à Firefox. Et je ne peux pas ajouter HOSTS Anti-PUPS/adware surement à cause d'Avira.

 

Merci pour votre efficacité, effectivement plus aucun soucis. Vous êtes vraiment à recommander !

 

Bon week end !