[Résolu] Jsstatis pourrit ma navigation sur Internet

[Jumeau]

Bonjour,

J'aimerais avoir de l'aide..

jsstatis.net me pourri ma navigation sur internet ainsi que electrolyrics..

J'ai essayé de résoudre le problème en télécharger malwarebytes mais rien n'y fait.

J'ai déjà vu un sujet résolu sur jsstatis mais je ne sais pas si je peux faire les mêmes consignes donné car peut être que ca varie suivant les PC

Merci de me dire qu'es que je doit faire, je n'en peux plus!!

 

Merci par avance

Modifié le 10 janvier 2014 par Jumeau

[Apollo]

Bonsoir,

 

1) Télécharge Junkware Removal Tool sur le bureau: http://www.bleepingcomputer.com/download/junkware-removal-tool/

Site éditeur: http://thisisudax.org/

Sous XP, double-clique sur l'icône et presse une touche lorsque cela sera demandé.

Sous Vista/7/8, clic droit/exécuter en temps qu'administrateur.

L'outil peut demander si on souhaite vérifier la présence d'une nouvelle version Y/N >> taper Y.
S'il découvre une version obsolète, il le dira et devrez presser une touche. L'outil se fermera.

JRT_New sera créé sur le bureau;

Jette l'ancien JRT et renomme JRT_New en JRT .

Si c'est déjà la bonne version , il commencera sa recherche de malwares normalement. Patience svp.

Afin de ne pas fausser le rapport, ne passer l'outil qu'une seule fois svp!

Si l'antivirus fait des siennes: désactive-le provisoirement. Si tu ne sais pas comment faire, reporte-toi à cet article.

Poste le rapport généré à la fin de l'analyse.

NB: Le bureau disparaitra un instant, c'est normal.

>>>Si le rapport est long, l'héberger ici: http://cjoint.com ou http://dl.free.fr/

------------------------------
*** Si tu as une ancienne version d'AdwCleaner, lance-le et clique sur désinstaller.***

2) Télécharge AdwCleaner par Xplode: http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner

Enregistre-le sur le bureau (et pas ailleurs).

Afin de ne pas fausser le rapport, ne passer l'outil qu'une seule fois svp!

Si tu es sous XP double clique sur AdwCleaner pour lancer l'outil.
Si tu es sous Vista/Seven, clique droit sur AdwCleaner et choisis exécuter en temps qu'administrateur.

Clique sur Scanner et laisse travailler l'outil.

Cliquer sur Nettoyer, le bouton sera accessible.

Le rapport va s'ouvrir en fichier texte; copie la totalité de son contenu et colle-le dans ta réponse.

Le rapport est en outre sauvegardé sous C:\AdwCleaner[s0]

NB: Si l'outil "cale" en mode normal, le lancer en mode sans échec: http://www.vista-xp.fr/forum/topic93.html

A lire absolument: http://www.vista-xp.fr/forum/topic5482.html
http://www.vista-xp.fr/forum/topic10389.html

-------------------------

3)

 

 

ZHPDiag :

• Télécharge ZHPDiag de Nicolas Coolman. et enregistre-le sur le BUREAU.
  Lien de secours: ftp://zebulon.fr/ZHPDiag2.exe
  
• Double-clique sur ZHPDiag.exe pour lancer l'installation
  
  • Important:
    Sous Vista et Windows 7/8 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

[*]L'outil a créé 2 icônes ZHPDiag et ZHPFix sur le Bureau.

[*]Double-clique sur ZHPDiag pour lancer l'exécution

• Important:
  Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

Clique sur Configurer.

[*]Clique sur le petit tournevis et clique sur TOUS.

Décocher 045 . Clic sur OK.

[*]Clique sur Rechercher pour lancer l'analyse. Tu patientes jusqu'à ce que le scan affiche 100%
Tu refermes ZHPDiag

[*]Le rapport ZHPDiag.txt se trouve sur le Bureau. (et sous c:\ZHP\ZHPDiag.txt)
Ce rapport étant trop long pour le forum, héberge le :

• soit directement sur le forum en pièce jointe dans ta réponse : Ajouter un fichier en pièce jointe sur le forum <<< Seulement pour le forum Vista-XP.fr!
• soit sur Cjoint et copie-colle le lien fourni dans ta réponse.

ou http://dl.free.fr/

http://www.rue-du-montceau.fr/tuto_cjoint.html >> tuto de Nardino pour héberger.

@++

PS: poste le rapport de MBAM stp.

[Jumeau]

Merci beaucoup, je fais tout ça et je te met les rapports et tout.

[Jumeau]

J'ai Advanced SystemCar je dois le supprimer aussi ?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 8.1 x64

Ran by Ludivine on 09/01/2014 at 18:40:28,25

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2250779375-3675684031-949784069-1002\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\priam_bho.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarlog

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somoto

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2250779375-3675684031-949784069-1002\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\filesfrog update checker

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15d2d75c-9cb2-4efd-bad7-b9b4cb4bc693}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0043882.BHO

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0043882.BHO.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0045918.BHO

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0045918.BHO.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0045918.Sandbox

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0045918.Sandbox.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411591118}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422592218}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455385582}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455595518}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466386682}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466596618}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444384482}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444594418}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411591118}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422592218}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455385582}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455595518}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466386682}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466596618}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444384482}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444594418}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0043882.BHO

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0043882.BHO.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0045918.BHO

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0045918.BHO.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0045918.Sandbox

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0045918.Sandbox.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455385582}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455595518}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466386682}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466596618}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444384482}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444594418}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411381182}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411381182}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455385582}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455595518}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466386682}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466596618}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444384482}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444594418}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411591118}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EDB0425C-8A6D-4178-A829-67CD69A0E263}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}

~~~ Files

Successfully deleted: [File] C:\WINDOWS\Tasks\ElectroLyrics-15-chromeinstaller.job

Successfully deleted: [File] C:\WINDOWS\Tasks\ElectroLyrics-15-codedownloader.job

Successfully deleted: [File] C:\WINDOWS\Tasks\ElectroLyrics-15-updater.job

Successfully deleted: [File] C:\WINDOWS\Tasks\Plus-HD-4.9-chromeinstaller.job

Successfully deleted: [File] C:\WINDOWS\Tasks\Plus-HD-4.9-codedownloader.job

Successfully deleted: [File] C:\WINDOWS\Tasks\Plus-HD-4.9-enabler.job

Successfully deleted: [File] C:\WINDOWS\Tasks\Plus-HD-4.9-firefoxinstaller.job

Successfully deleted: [File] C:\WINDOWS\Tasks\Plus-HD-4.9-updater.job

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\bitguard"

Successfully deleted: [Folder] "C:\ProgramData\browser manager"

Successfully deleted: [Folder] "C:\ProgramData\browserprotect"

Successfully deleted: [Folder] "C:\ProgramData\dsearchlink"

Successfully deleted: [Folder] "C:\Users\Ludivine\AppData\Roaming\isafe"

Successfully deleted: [Folder] "C:\Users\Ludivine\AppData\Roaming\slick savings"

Successfully deleted: [Folder] "C:\Users\Ludivine\AppData\Roaming\systweak"

Successfully deleted: [Folder] "C:\Users\Ludivine\appdata\local\filesfrog update checker"

Successfully deleted: [Folder] "C:\Users\Ludivine\appdata\local\slick savings"

Successfully deleted: [Folder] "C:\Users\Ludivine\appdata\local\swvupdater"

Successfully deleted: [Folder] "C:\Users\Ludivine\appdata\local\wajam"

Successfully deleted: [Folder] "C:\Program Files (x86)\bettersurf"

Successfully deleted: [Folder] "C:\Program Files (x86)\regclean pro"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"

Successfully deleted: [Folder] "C:\Users\Ludivine\AppData\Roaming\microsoft\windows\start menu\programs\filesfrog update checker"

~~~ FireFox

Successfully deleted: [File] C:\Users\Ludivine\AppData\Roaming\mozilla\firefox\profiles\y9bgr9tf.default\user.js

Successfully deleted: [Folder] C:\Users\Ludivine\AppData\Roaming\mozilla\firefox\profiles\y9bgr9tf.default\extensions\d019febe-eb2b-4057-a3f2-7def88f2c9cd@1cced8ec-0ffe-43ea-b4b2-fbce5de8e9a4.com

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Ludivine\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09/01/2014 at 18:56:35,38

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Apollo]

 

J'ai Advanced SystemCar je dois le supprimer aussi ?

 

Oui, il vaut mieux employer Windows Repair: http://forum.security-x.fr/tutoriels-317/reparer-widnows-avec-windows-repair-(all-in-one)/

 

Procède avec AdwCleaner stp.

 

@++

[Jumeau]

# AdwCleaner v3.016 - Rapport créé le 09/01/2014 à 19:01:55

# Mis à jour le 23/12/2013 par Xplode

# Système d'exploitation : Windows 8.1 (64 bits)

# Nom d'utilisateur : Ludivine - PC-LUDIVINE

# Exécuté depuis : C:\Users\Ludivine\Downloads\adwcleaner.exe

# Option : Nettoyer

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Program Files (x86)\Kozaka

Dossier Supprimé : C:\Program Files (x86)\ElectroLyrics-15

Dossier Supprimé : C:\Program Files (x86)\Plus-HD-4.9

Dossier Supprimé : C:\Users\Ludivine\AppData\Local\Bundled software uninstaller

Dossier Supprimé : C:\Users\Ludivine\AppData\Roaming\ExpressFiles

Dossier Supprimé : C:\Users\Ludivine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

Dossier Supprimé : C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcmfkmnidkjnppglklanhlknckkdbje

Dossier Supprimé : C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa

Fichier Supprimé : C:\Users\Public\Desktop\eBay.lnk

Fichier Supprimé : C:\WINDOWS\System32\roboot64.exe

Fichier Supprimé : C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

Fichier Supprimé : C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage

Fichier Supprimé : C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage

Fichier Supprimé : C:\WINDOWS\System32\Tasks\Express FilesUpdate

***** [ Raccourcis ] *****

Raccourci Désinfecté : C:\Users\Ludivine\Desktop\Search.lnk

***** [ Registre ] *****

Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp

Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Clé Supprimée : HKCU\Software\5a2d7dcb069b847

Clé Supprimée : HKLM\SOFTWARE\5a2d7dcb069b847

Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Handy Updater]

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3cd4e557-62f4-406d-b565-745c986d68ff}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{839c5bab-80cf-47d2-b4a4-4c3fd316f7db}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c0630884-3429-44f2-8ebc-67f315165eaf}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e3b17261-d639-43d0-8ab6-6e5460b8f1b4}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fc68dfe8-8e8d-42e2-9fce-5d682989fe77}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{048890a7-38d2-4037-89c8-51c84bb49411}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{350e5285-787b-4f17-859a-ef820c570a9c}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35b1674d-bc26-4be8-9583-a24b8323bd3c}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ae895304-04ca-4878-9846-f6ecc713caee}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ba6d0812-0cb4-42f5-9088-bdc9a1d146ab}

Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3cd4e557-62f4-406d-b565-745c986d68ff}

Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{839c5bab-80cf-47d2-b4a4-4c3fd316f7db}

Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c0630884-3429-44f2-8ebc-67f315165eaf}

Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e3b17261-d639-43d0-8ab6-6e5460b8f1b4}

Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fc68dfe8-8e8d-42e2-9fce-5d682989fe77}

Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{048890a7-38d2-4037-89c8-51c84bb49411}

Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{350e5285-787b-4f17-859a-ef820c570a9c}

Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35b1674d-bc26-4be8-9583-a24b8323bd3c}

Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ae895304-04ca-4878-9846-f6ecc713caee}

Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ba6d0812-0cb4-42f5-9088-bdc9a1d146ab}

Clé Supprimée : HKCU\Software\ExpressFiles

Clé Supprimée : HKCU\Software\InstalledThirdPartyPrograms

Clé Supprimée : HKCU\Software\AppDataLow\Software\ElectroLyrics-15

Clé Supprimée : HKCU\Software\AppDataLow\Software\Plus-HD-4.9

Clé Supprimée : HKLM\Software\BetterSurf

Clé Supprimée : HKLM\Software\ExpressFiles

Clé Supprimée : HKLM\Software\SafetyNut

Clé Supprimée : HKLM\Software\ElectroLyrics-15

Clé Supprimée : HKLM\Software\Plus-HD-4.9

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\somotomoviestoolbar1FF

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ElectroLyrics-15

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-4.9

Clé Supprimée : [x64] HKLM\SOFTWARE\Iminent

Clé Supprimée : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16384

-\\ Mozilla Firefox v26.0 (fr)

[ Fichier : C:\Users\Ludivine\AppData\Roaming\Mozilla\Firefox\Profiles\y9bgr9tf.default\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ Fichier : C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [11399 octets] - [09/01/2014 19:00:58]

AdwCleaner[s0].txt - [7298 octets] - [09/01/2014 19:01:55]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7358 octets] ##########

[Apollo]

Fais le scan ZHPDiag stp.

 

++

Modifié le 9 janvier 2014 par Apollo

[Jumeau]

Après j'ai malwarbytes qu'es que j'en fais ?

 

Mon antivirus est Avira.

 

 

Je télécharge Windows repair en plus d'adwcleaner?

[Apollo]

 

Je télécharge Windows repair en plus d'adwcleaner?

 

Ca n'a aucun rapport, AdwCleaner est un outil de désinfection, Windows Repair, comme son nom l'indique, sert à réparer Windows.

 

Fais ce que je demande et on verra pour MBAM après.

 

Conseil: remplace Avira par MSE ou un autre: mais après désinfection totale: Protéger son pc gratuitement

 

@++

[Jumeau]

~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014)

~ Lancé par Ludivine (09/01/2014 19:19:38)

~ Adresse du Site Web http://nicolascoolman.webs.com

~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/

~ Traduit par Nicolas Coolman

~ Etat de la version :

~ Liste blanche : Activée par le programme

~ Elévation des Privilèges : OK

~ User Account Control (UAC): Deactivate by program

---\\ Navigateurs Internet

MSIE: Internet Explorer v11.0.9600.16476

MFIE: Mozilla Firefox 26.0

GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informations sur les produits Windows

~ Langage: Français

Windows 8.1, 64-bit (Build 9600)

Windows Server License Manager Script : OK

~ ion : Windows® Operating System, OEM_DM channel

Windows ID Activation : OK

~ Windows Partial Key : 3PBQ6

Windows License : OK

~ Windows Remaining Initializations Number : 999

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ Logiciels de protection du système

Avira Free Antivirus v14.0.2.286

Malwarebytes Anti-Malware version 1.75.0.1300

Windows Defender W8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système

~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3682 MB (56% free)

System Restore: Activé (Enable)

System drive C: has 631 GB (93%) free of 676 GB

---\\ Mode de connexion au système

~ Computer Name: PC-LUDIVINE

~ User Name: Ludivine

~ All Users Names: Ludivine, Administrateur,

~ Unselected Option: O45

Logged in as Administrator

---\\ Variables d'environnement

~ System Unit : C:\

~ %AppZHP% : C:\Users\Ludivine\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Ludivine\AppData\Roaming\

~ %Desktop% : C:\Users\Ludivine\Desktop\

~ %Favorites% : C:\Users\Ludivine\Favorites\

~ %LocalAppData% : C:\Users\Ludivine\AppData\Local\

~ %StartMenu% : C:\Users\Ludivine\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques

C: Hard drive, Flash drive, Thumb drive (Free 631 Go of 676 Go)

D: Hard drive, Flash drive, Thumb drive (Free 3 Go of 22 Go)

E: CD-ROM drive (Not Inserted)

F: Floppy drive, Flash card reader, USB Key (Free 15 Go of 15 Go)

---\\ Etat du Centre de Sécurité Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date

~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques

[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.12/12/2013 - 15:19:01.) -- C:\Windows\Explorer.exe [2328872]

[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]

[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/12/2013 - 15:23:04.) -- C:\Windows\System32\wininet.dll [2334208]

[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]

[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]

[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]

[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]

[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]

[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]

[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]

[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]

[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]

[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.30/09/2013 - 05:14:00.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]

[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.30/09/2013 - 05:13:57.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]

[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]

[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]

[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]

[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]

[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 04:59:53.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]

[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]

[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]

~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 2/419

~ Mes musiques (My Musics) : 9/176

~ Mes Videos (My Videos) : 1/5

~ Mes Favoris (My Favorites) : 1/7

~ Mes Documents (My Documents) : 2/2320

~ Mon Bureau (My Desktop) : 1/7

~ Menu demarrer (Programs) : 1/25

~ Hidden Files: Scanned in 00mn 11s

---\\ Processus lancés

[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2128]

[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.2932]

[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.2940]

[MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904] [PID.2948]

[MD5.6198A9BC15ED77F318D5DDD1918CF1D1] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024] [PID.4496]

[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.4512]

[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184] [PID.4660]

[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8321024] [PID.5040]

~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\Preferences

G1 - GCS: Preference [user Data\Default] http://www.google.com

G0 - GCSP: Preference [user Data\Default] http://google.com

G2 - GCE: Preference [user Data\Default] [hbcennhacfaagdopikcegfcobcadeocj] Ebay Shopping Assistant by Spigot v.1.1 (Désactivé) =>PUP.Dealio

G2 - GCE: Preference [user Data\Default] [icdlfehblmklkikfigmjhbmmpmkmpooj] Domain Error Assistant v.1.2 (Désactivé)

G2 - GCE: Preference [user Data\Default] [jmcmfkmnidkjnppglklanhlknckkdbje] ElectroLyrics-15 v.1.26.31, (Activé) =>Adware.AddLyrics

G2 - GCE: Preference [user Data\Default] [mciekghplkkgcmofonmkmlomhkamochd] Kozaka v.1.0.0 (Désactivé) =>PUP.Kozaka

G2 - GCE: Preference [user Data\Default] [mhkaekfpcppmmioggniknbnbdbcigpkk] Slick Savings v.2.4 (Désactivé) =>PUP.Dealio

G2 - GCE: Preference [user Data\Default] [pfndaklgolladniicklehhancnlgocpp] Amazon Shopping Assistant by Spigot v.1.0 (Désactivé) =>PUP.Dealio

~ Google Browser: 24 Legitimates Filtered in 00mn 19s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\Ludivine\AppData\Roaming\Mozilla\Firefox\Profiles\y9bgr9tf.default\prefs.js

~ Firefox Browser: 1 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://avira.search.ask.com

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google.com

R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com

~ IE Browser: 15 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll =>Toolbar.Ask

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline

~ Toolbar: Scanned in 00mn 00s

---\\ Autres liens utilisateurs (O4)

O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\Desktop [Public]: HP Games.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe

O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline

O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - GS\QuickLaunch [Ludivine]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\QuickLaunch [Ludivine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\TaskBar [Ludivine]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\TaskBar [Ludivine]: HP Utility Center.lnk . (.Hewlett-Packard Development Company, L.P. - HP Utility Center.) -- C:\HP\Data\HPUC\HPPU.exe

O4 - GS\TaskBar [Ludivine]: HPConnectedRemoteMgmtUI.lnk . (.Hewlett-Packard - HPConnectedRemoteMgmtUI.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteMgmtUI.exe

O4 - GS\Program [Ludivine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\Desktop [Ludivine]: Search.lnk . (...) -- C:\ProgramData\DSearchLink\DSearchLink.exe (.not file.) =>Toolbar.DeltaSearch

~ Global Startup: 48 Legitimates Filtered in 00mn 02s

---\\ Applications lancées au démarrage du sytème (O4)

O4 - HKLM\..\Run: [sysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)

O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe

O4 - HKLM\..\Wow6432Node\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc

O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe

O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

~ Application: Scanned in 00mn 00s

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation

O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{18152E89-A951-4FEB-BD60-4BAC587EA4E2}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{718CA6B7-2829-49E5-B71D-65B226634135}: DhcpNameServer = 40.20.1.201 40.20.1.203 40.20.1.202

O17 - HKLM\System\CS1\Services\Tcpip\..\{18152E89-A951-4FEB-BD60-4BAC587EA4E2}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{718CA6B7-2829-49E5-B71D-65B226634135}: DhcpNameServer = 40.20.1.201 40.20.1.203 40.20.1.202

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)

O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\movies~1\safety~1\x64\safety~2.dll (.not file.)

~ AppInit DLL: Scanned in 00mn 00s

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask

O23 - Service: Update Kozaka (Update Kozaka) . (...) - C:\Program Files (x86)\Kozaka\updateKozaka.exe (.not file.) =>PUP.Kozaka

O23 - Service: Util Kozaka (Util Kozaka) . (...) - C:\Program Files (x86)\Kozaka\bin\utilKozaka.exe (.not file.) =>PUP.Kozaka

~ Services: 17 Legitimates Filtered in 00mn 07s

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]

[MD5.00000000000000000000000000000000] [APT] [Run RoboForm TaskBar Icon] (...) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{3824553D-DC75-4940-B8B2-F25C24C48588}] (...) -- C:\Program Files (x86)\ElectroLyrics-15\Uninstall.exe (.not file.) [0] =>Adware.AddLyrics

~ Scheduled Task: 21 Legitimates Filtered in 00mn 08s

---\\ Logiciels installés (O42)

O42 - Logiciel: Handy Updater - (...) [HKLM][64Bits] -- HandyUpdater

O42 - Logiciel: Slick Savings - (.Spigot, Inc..) [HKLM][64Bits] -- {3A787631-66A2-4634-B928-A37E73B58FB6} =>PUP.Dealio

~ Logic: 28 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AskPartnerNetwork]

[HKCU\Software\Kozaka] =>PUP.Kozaka

[HKLM\Software\AskPartnerNetwork]

[HKLM\Software\Wow6432Node\ADSRemoval]

[HKLM\Software\Wow6432Node\AskPartnerNetwork]

[HKLM\Software\Wow6432Node\Kozaka] =>PUP.Kozaka

~ Key Software: 244 Legitimates Filtered in 00mn 01s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 16/12/2013 - 19:09:23 - [13,032] ----D C:\Program Files (x86)\AskPartnerNetwork

O43 - CFD: 12/10/2013 - 14:55:47 - [0,412] ----D C:\Program Files (x86)\HandyUpdater

O43 - CFD: 16/12/2013 - 19:09:23 - [2,358] ----D C:\ProgramData\AskPartnerNetwork

O43 - CFD: 15/12/2013 - 19:50:27 - [0] ----D C:\ProgramData\ProductData

O43 - CFD: 15/12/2013 - 19:36:12 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

~ Program Folder: 139 Legitimates Filtered in 00mn 34s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04/01/2014 - 11:08:26 ---A- . (...) -- C:\asc_rdflag [0]

O44 - LFC:[MD5.F6B1931533278D6FCCA6E45009CB2A1F] - 09/01/2014 - 18:21:15 ---A- . (...) -- C:\DelFix.txt [275]

~ Files: 11 Legitimates Filtered in 01mn 21s

---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)

O51 - MPSK:{92cdaedf-2606-11e3-be7a-d4c9ef66064c}\AutoRun\command. (...) -- G:\HTC_Sync_Manager_PC.exe (.not file.)

~ Keys: Scanned in 00mn 00s

---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

---\\ Liste des pilotes du système (SDL) (O58)

O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows ® Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]

O58 - SDL:[MD5.955FFE2B1D74A9E0E3E0E558E6A17F3B] - 28/10/2013 - 01:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288]

O58 - SDL:[MD5.BB94A5E2CEE5FD83BA5A72A37AECADDF] - 28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]

O58 - SDL:[MD5.05B2F42D53A8A089453A2B9D2406034F] - 28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [204568]

O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]

O58 - SDL:[MD5.32BE0B7CCA47A5BE30E7E43DC54B54F3] - 20/08/2012 - 06:45:20 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [542208]

~ Drivers: 19 Legitimates Filtered in 00mn 02s

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)

O61 - LFC: 06/01/2014 - 19:24:17 ---A- . (...) -- C:\Users\Ludivine\Downloads\Acquisitions selon les groupes d'age.pdf [288247]

O61 - LFC: 07/01/2014 - 19:23:30 ---A- . (...) -- C:\Users\Ludivine\Documents\anglais.docx [15305]

O61 - LFC: 09/01/2014 - 19:22:46 ---A- . (...) -- C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [266232]

O61 - LFC: 09/01/2014 - 19:22:53 ---A- . (...) -- C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Local State [52245]

O61 - LFC: 09/01/2014 - 19:23:30 ---A- . (...) -- C:\Users\Ludivine\AppData\Roaming\ZHP\Log.txt [17634] =>.Nicolas Coolman

O61 - LFC: 09/01/2014 - 19:23:30 ---A- . (...) -- C:\Users\Ludivine\AppData\Roaming\ZHP\TestsZHPDiag.txt [2903] =>.Nicolas Coolman

O61 - LFC: 09/01/2014 - 19:24:17 ---A- . (...) -- C:\Users\Ludivine\Downloads\adwcleaner.exe [1233962]

O61 - LFC: 09/01/2014 - 19:24:27 ---A- . (...) -- C:\Users\Ludivine\SkyDrive\Documents\JRT.txt [12800]

~ 26 Fichiers temporaires (Temporary files)

~ Files: 483 Legitimates Filtered in 01mn 40s

---\\ Liste des outils de désinfection (LATC) (O63)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ Associations Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de démarrage Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {291F4A4B-FA59-4920-B657-79AF35D028E2} [DefaultScope] - (Yahoo) - http://fr.search.yahoo.com

O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Recherche particulière à la racine du système (SPRF) (O84)

[MD5.F0A5B44B9B8A23E2F2950B346B5C7718] [sPRF][23/12/2013] (...) -- C:\Users\Ludivine\AppData\Local\Temp\Quarantine.exe [360051]

[MD5.B6B1F4876E678F1187EF6FBF0AB8BD16] [sPRF][05/01/2014] (...) -- C:\Users\Ludivine\AppData\Local\Temp\SHSetup.exe [46777424] =>Crapware.SpyHunter

~ Files: 2 Legitimates Filtered in 00mn 00s

---\\ Liste des exceptions du parefeu (FirewallRules) (O87)

O87 - FAEL: "{CFB0928F-59E4-460E-B03C-B69DB82E5FA6}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles

O87 - FAEL: "{42D88F0F-952F-49E6-83FA-81B72839BE77}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles

O87 - FAEL: "{A04BCB91-8FA1-4710-80EE-E267DEF5904A}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles

O87 - FAEL: "{7017A43A-D31C-4EE7-AFF4-7092CAD3E68F}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles

O87 - FAEL: "{741B7FB7-E2AF-45E3-B937-E1004C002505}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe

O87 - FAEL: "{FBAC63E3-C795-466C-BB8E-FA455EAD810E}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe

~ Firewall: 240 Legitimates Filtered in 00mn 02s

---\\ Enumère les codes produits des logiciels (PUC) (O90)

O90 - PUC: "25946514D2147365007A7A857BC0A000" . (.Avira SearchFree Toolbar.) -- C:\WINDOWS\Installer\{41564952-412D-5637-00A7-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Avira

~ Update Products: 108 Legitimates Filtered in 00mn 00s

---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)

[MD5.EACFF4CBE1EC3A8212663F0FF397034F] [WIS][20/12/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\5764fe9.msi [813568] =>Toolbar.Avira

~ WIS: 108 Legitimates Filtered in 00mn 09s

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

SS - | Auto 22/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 22/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

SS - | Demand 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Auto 10/07/1658 0 | (Update Kozaka) . (...) - C:\Program Files (x86)\Kozaka\updateKozaka.exe =>PUP.Kozaka

SS - | Auto 10/07/1658 0 | (Util Kozaka) . (...) - C:\Program Files (x86)\Kozaka\bin\utilKozaka.exe =>PUP.Kozaka

SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 26/09/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe

SR - | Auto 12/09/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

SR - | Auto 19/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

SR - | Auto 27/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 19/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

SR - | Auto 20/12/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask

SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co

SR - | Auto 12/10/2012 35744 | (HPConnectedRemote) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

SR - | Demand 07/06/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

SR - | Auto 24/09/2012 31040 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe

SR - | Auto 07/09/2012 35232 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

SR - | Auto 14/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

SR - | Auto 20/08/2012 323072 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe

SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe

SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe

SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 11s

---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)

Run by Ludivine at 09/01/2014 19:27:02

~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s

---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Ludivine at 09/01/2014 19:27:04

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

---\\ Scan Additionnel (O88)

Database Version : 13018 - (02/01/2014)

Clés trouvées (Keys found) : 20

Valeurs trouvées (Values found) : 1

Dossiers trouvés (Folders found) : 7

Fichiers trouvés (Files found) : 4

[HKLM\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio^

[HKLM\Software\Google\Chrome\Extensions\jmcmfkmnidkjnppglklanhlknckkdbje] =>Adware.AddLyrics^

[HKLM\Software\Google\Chrome\Extensions\mciekghplkkgcmofonmkmlomhkamochd] =>PUP.Kozaka^

[HKLM\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio^

[HKLM\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio^

[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^

[HKLM\SYSTEM\CurrentControlSet\Services\Update Kozaka] =>PUP.Kozaka^

[HKLM\SYSTEM\CurrentControlSet\Services\Util Kozaka] =>PUP.Kozaka^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}] =>PUP.Dealio^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma

[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask

[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask

[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask

[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411381182}] =>PUP.CrossRider

[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411591118}] =>PUP.CrossRider

[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422382282}] =>PUP.CrossRider

[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422592218}] =>PUP.CrossRider

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411381182}] =>PUP.CrossRider

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411591118}] =>PUP.CrossRider

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Ask^

C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj =>PUP.Dealio^

C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcmfkmnidkjnppglklanhlknckkdbje =>Adware.AddLyrics^

C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciekghplkkgcmofonmkmlomhkamochd =>PUP.Kozaka^

C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk =>PUP.Dealio^

C:\Users\Ludivine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp =>PUP.Dealio^

C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask

C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask

[HKCU\Software\Kozaka] =>PUP.Kozaka^

[HKLM\Software\Wow6432Node\Kozaka] =>PUP.Kozaka^

C:\Users\Ludivine\AppData\Local\Temp\SHSetup.exe =>Crapware.SpyHunter^

C:\Windows\Installer\5764fe9.msi =>Toolbar.Avira^

~ Additionnel Scan: 258176 Items scanned in 00mn 40s

---\\ Récapitulatif des détections trouvées sur votre station

~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio

~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics =>Adware.AddLyrics

~ http://nicolascoolman.webs.com/apps/blog/show/35479345-pup-kozaka =>PUP.Kozaka

~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask

~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch

~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter

~ http://nicolascoolman.webs.com/apps/blog/show/26753274-adware-expressfiles =>Adware.ExpressFiles

~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma

~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider

~ MSI: 9 link(s) detected in 00mn 40s

~ 1422 Legitimates filtered by white list

End of the scan (518 lines in 08mn 07s)(0)

Tout les rapports sont fait !

 

Merci de me dire qu'es que je fait mtn ?