[Résolu] Changement antivirus et fenêtres pub intempestives

[zurlinden]

bizarre car AVIRA était bien sur ton pc.

 

AVG est bien aussi.

 

Si tu penses après cela que tout va bien de ton coté.

 

* Télécharge << DelFix >>(d'Xplode) sur ton bureau.

* Lance le, puis coche les cases suivantes :

 

 

 

 

Supprimer les outils de désinfection

 

 

 

 

 

* Clique ensuite sur Exécuter puis patiente pendant le processus de suppression.

 

Puis valide ton post en résolu.

http://forum.zebulon.fr/comment-afficher-son-sujet-comme-resolu-t180253.html

 

Bonne soirée

 

bonjour

hier j'ai voulu désinstaller avira car ttes les mises à jour échouaient ;o(

qd j'ai voulu le télécharger à nouveau depuis 01.net, j'ai eu la mention "avira n'est pas compatible avec windows 8; (alors que la première fois que je l'ai téléchargé, il n y avait pas eu de problème)

je me suis donc rabattu sur AVG? (toujours téléchargé depuis 01.net)

et depuis, problèmes en cascades:

absences des petites fenêtres où je dois taper mon mot de passe sur les sites de jeux où je jouais avant sans problème( king.com par exemple) et fenêtres de pub intempestives et ordi lent (

 

j'avais déjà eu un problème de ce genre il y a qq mois et vous m'aviez bien aidé.

que puis je faire SVP??

merci d'avance pour votre aide

[bernard53]

Bonjour

Surtout ne pas télécharger sur 01net .

 

Fait ceci s.t.p.

 

Télécharge AdwCleaner d'Xplode sur ton bureau.

 

Ensuite :

Valide le mode Scanner

 

 

Puis : valide Rapport et si des intrusions sont détectées valide alors le mode Nettoyer

 

Possibilité après ce lancement d’une demande de redémarrage pour valider toutes les suppressions.

 

- Au redémarrage, un rapport s'ouvrira. Postes le sur le forum.

 

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[s1].txt

Mets les rapports ici car ils prennent bien de la place.

http://cjoint.com/

ou.

http://www.1fichier.com/

 

Ensuite :

Télécharge Junkware Removal Tool sur le bureau: lien ici

( patientez quelques instants, ensuite clic sur " Enregistrer" à l'apparition du fichier à télécharger JRT.exe )

Une fois le téléchargement terminé,

 

Sous XP, double-clique sur l'icône de JRT.exe pour démarrer l'outil.

Sous Vista/Seven/et Windows 8, clic droit sur le fichier téléchargé( JRT.exe ) et choisir "exécuter en tant qu'administrateur".

 

Une fenêtre va s'ouvrir, appuie sur une touche pour continuer...

 

 

Afin de ne pas fausser les rapports, ne passer l'outil qu'une seule fois svp!

Si l'antivirus fait des siennes :arrow: désactive-le provisoirement. Si tu ne sais pas comment faire, reporte-toi à cet article.

 

Ensuite, patiente le temps du scan de l'outil, il va faire une sauvegarde du "registre" pour commencer et ensuite scanner différents modules de ton PC.

NB: Le bureau disparaitra quelques instants, c’est normal.

 

 

Une fois tout ton PC examiné tu auras cette fenêtre:

 

 

Poste le rapport généré à la fin de l'analyse.

 

Pour rappel:

Fais un ctrl + a, à l'intérieur de la fenêtre de ton bloc note (présent sur le bureau) puis un ctrl +c, pour copier ton rapport dans ta réponse sur le forum. ( ctrl+v )

 

Mets les rapports ici car ils prennent bien de la place.

http://cjoint.com/

ou.

http://www.1fichier.com/

 

 

Ensuite :

Télécharges http://nicolascoolman.webs.com/'> ZHPDIAG (de Nicolas Coolman) sur ton bureau...
Doubles-clique sur l'icône ZHPDiag .exe pour l’installation.

L'installation va créer 2 raccourcis (ZHPDiag et ZHPFix ) sur ton bureau

 

Double-clique ensuite sur l’icône ZHPDiag pour le lancer l’analyse puis :

 

A la fin du scan le rapport est sauvegardé directement sur ton bureau. ZHPDiag.txt

Mets le rapport ici car il prend bien de la place.

http://cjoint.com/

ou.

http://www.1fichier.com/

[zurlinden]

merci pour les infos: je m'attaque à cela dés demain matin:

bonne soirée et encore merci;

je vous tiens au courant )

[bernard53]

ok ca marche.

[zurlinden]

rapport junkware removal tools

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 8 x64

Ran by martial on 09/02/2014 at 10:25:48,06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Failed to stop: [service] Util RightSurf

Failed to stop: [service] Update RightSurf

Successfully stopped: [service] savesenselive

Failed to delete: [service] savesenselive

Successfully stopped: [service] savesenselivem

Failed to delete: [service] savesenselivem

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3778166341-1465188008-936229986-1001\Software\wajam

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\1c875dde39636004ca8cdaec335b4160

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71e129ff-6c2a-4984-818c-7e2c998b8d99}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

~~~ Files

Failed to delete: [File] C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job

Failed to delete: [File] C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\apn"

Failed to delete: [Folder] "C:\ProgramData\savesenselive"

Successfully deleted: [Folder] "C:\Users\martial\AppData\Roaming\savesense"

Successfully deleted: [Folder] "C:\Users\martial\appdata\local\savesense"

Successfully deleted: [Folder] "C:\Users\martial\appdata\local\savesenselive"

Successfully deleted: [Folder] "C:\Users\martial\appdata\local\software"

Failed to delete: [Folder] "C:\Program Files (x86)\RightSurf"

Failed to delete: [Folder] "C:\Program Files (x86)\savesenselive"

Failed to delete: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Chrome

Successfully deleted: [Folder] C:\Users\martial\appdata\local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09/02/2014 at 10:29:43,84

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

rapport ZHP DIAG

~ Rapport de ZHPDiag v2014.2.6.4 - Nicolas Coolman (06/02/2014)

~ Lancé par martial (09/02/2014 10:36:11)

~ Adresse du Site Web http://nicolascoolman.webs.com

~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/

~ Traduit par Nicolas Coolman

~ Etat de la version :

~ Liste blanche : Activée par le programme

~ Elévation des Privilèges : OK

~ User Account Control (UAC): Activate by user

---\\ Navigateurs Internet

MSIE: Internet Explorer v10.0.9200.16750

GCIE: Google Chrome v32.0.1700.107 (Defaut)

---\\ Informations sur les produits Windows

~ Langage: Français

Windows 8, 64-bit (Build 9200)

Windows Server License Manager Script : OK

~ ion : Windows® Operating System, OEM_DM channel

Windows ID Activation : OK

~ Windows Partial Key : 4RDHT

Windows License : OK

~ Windows Remaining Initializations Number : 999

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ Logiciels de protection du système

AVG 2014 v14.0.3697

Windows Defender W8

---\\ Logiciels d'optimisation du système

CCleaner v4.10 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système

~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 8144 MB (74% free)

System Restore: Activé (Enable)

System drive C: has 399 GB (87%) free of 458 GB

---\\ Mode de connexion au système

~ Computer Name: PC-BALOU

~ User Name: martial

~ All Users Names: martial, HomeGroupUser$, Administrateur,

~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89

Logged in as Administrator

---\\ Variables d'environnement

~ System Unit : C:\

~ %AppZHP% : C:\Users\martial\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\martial\AppData\Roaming\

~ %Desktop% : C:\Users\martial\Desktop\

~ %Favorites% : C:\Users\martial\Favorites\

~ %LocalAppData% : C:\Users\martial\AppData\Local\

~ %StartMenu% : C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques

C: Hard drive, Flash drive, Thumb drive (Free 399 Go of 458 Go)

D: Hard drive, Flash drive, Thumb drive (Free 457 Go of 458 Go)

E: CD-ROM drive (Not Inserted)

---\\ Etat du Centre de Sécurité Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

~ Security Center: 41 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques

[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]

[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]

[MD5.E7099336BF7531B6FCC920DCB5101259] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/10/2013 - 07:19:22.) -- C:\Windows\System32\wininet.dll [2241536]

[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]

[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]

[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]

[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]

[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]

[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]

[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]

[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]

[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]

[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]

[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]

[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]

[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]

[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]

[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]

[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]

[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]

[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]

~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 2/5

~ Mes Favoris (My Favorites) : 1/7

~ Mes Documents (My Documents) : 1/7

~ Mon Bureau (My Desktop) : 2/23

~ Menu demarrer (Programs) : 1/38

~ Hidden Files: Scanned in 00mn 00s

---\\ Processus lancés

[MD5.85BCCCE4A932C1EFB08EA84444031491] - (...) -- C:\Program Files (x86)\View-Password\ViewPassword152_wd.exe [92672] [PID.3336] =>PUP.ViewPassword

[MD5.280B64F6BFCEDE6D67D261EB808AA617] - (.Acer Incorporated - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [524944] [PID.4464]

[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.2108]

[MD5.BEFFB2D021E7FA9E92249F3997930A68] - (.Acer - ArcServer.) -- C:\Program Files (x86)\Acer Remote\ArcServer.exe [522144] [PID.4392]

[MD5.C850CA110CB798851BFD47F60E8B4B2D] - (.OpenOffice.org - OpenOffice.org Writer.) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe [103936] [PID.4372]

[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.4400]

[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.4416]

[MD5.1DEE34C2698609FCA287D794BA29CE02] - (.Tlapia - sysTPL.) -- C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440] [PID.4192]

[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.1164]

[MD5.643F7A81B4FC27845886AB9650AD2C61] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176] [PID.1076]

[MD5.0CED501E811F5C4745415FCC000CE043] - (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.5232]

[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632] [PID.1196]

[MD5.47D7F5E049E3FAA24176FB92859C552B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8333824] [PID.2572]

~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:\Users\martial\AppData\Local\Google\Chrome\User Data\Default\Preferences

G1 - GCS: Preference [user Data\Default] http://search.conduit.com

G2 - GCE: Preference [user Data\Default] [licjnkifamhpbaefhdpacpmihicfbomb] PricePeep v.2.2.0.9 (Activé) =>Adware.PricePeep

G2 - GCE: Preference [user Data\Default] [nikdaiaidiiiogaidkkekcmokcgcdeac] Discount Dragon v.1.0, (Activé) =>PUP.DiscountDragon

G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [pbpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.6 (Activé) =>Spyware.SmartDisplay

~ Google Browser: 17 Legitimates Filtered in 00mn 06s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com =>PUP.DoSearches

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com =>PUP.DoSearches

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com =>PUP.DoSearches

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com =>PUP.DoSearches

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com =>PUP.DoSearches

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com =>PUP.DoSearches

~ IE Browser: 17 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8877 =>Hijacker.Proxy

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)

O1 - Hosts: 54.204.28.26 nikdaiaidiiiogaidkkekcmokcgcdeac =>PUP.DiscountDragon

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 23

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: RightSurf [64Bits] - {88be1aa9-6740-461c-9e3e-f35eb8fa741c} . (.RightSurf - RightSurf.) -- C:\Program Files (x86)\RightSurf\RightSurfbho.dll =>PUP.RightSurf

O2 - BHO: Discount Dragon BHO [64Bits] - {EA34C851-D481-49F5-A356-3A8B0A8F3B7E} . (.Pas de propriétaire - FrameworkBHO.) -- C:\Program Files (x86)\Discount Dragon\FrameworkBHO.dll =>PUP.DiscountDragon

~ BHO: 4 Legitimates Filtered in 00mn 00s

---\\ Autres liens utilisateurs (O4)

O4 - GS\Desktop [Public]: 3D Vision Photo Viewer.lnk . (.NVIDIA Corporation - NVIDIA 3D Vision Photo Viewer.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe

O4 - GS\Desktop [Public]: Acer Remote.lnk . (.Acer - ArcServer.) -- C:\Program Files (x86)\Acer Remote\ArcServer.exe

O4 - GS\Desktop [Public]: Advanced Disk Recovery.lnk . (.Systweak Software, (www.systweak.com) - Advanced Disk Recovery - UAC Launcher.) -- C:\Program Files (x86)\Advanced Disk Recovery\HighestAvailable.exe

O4 - GS\Desktop [Public]: Casino Classic.lnk . (.Microgaming Systems - Game Launcher.) -- C:\Microgaming\Casino\casinoclassic\casinogame.exe

O4 - GS\Desktop [Public]: Demo Acer Remote.lnk . (...) -- C:\Program Files (x86)\Acer Remote Demo\Acer Remote_demo.mp4

O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe

O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline

O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline

O4 - GS\QuickLaunch [martial]: Advanced Disk Recovery.lnk . (.Systweak Software, (www.systweak.com) - Advanced Disk Recovery - UAC Launcher.) -- C:\Program Files (x86)\Advanced Disk Recovery\HighestAvailable.exe

O4 - GS\QuickLaunch [martial]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\QuickLaunch [martial]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\TaskBar [martial]: Acer Docs.lnk . (...) -- C:\Program Files (x86)\Acer\AcerCloud Docs\AcerCloud Docs.exe

O4 - GS\TaskBar [martial]: Acer Media.lnk . (.Acer Incorporated - Acer Media.) -- C:\Program Files (x86)\Acer\clear.fi Media\ClearfiMedia.exe

O4 - GS\TaskBar [martial]: Acer Photo.lnk . (.Acer Incorporated - Acer Photo.) -- C:\Program Files (x86)\Acer\clear.fi Photo\ClearfiPhoto.exe

O4 - GS\TaskBar [martial]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\TaskBar [martial]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\TaskBar [martial]: Lanceur d'applications Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\Program [martial]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\Desktop [martial]: Lanceur d'applications Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\Desktop [martial]: Ludi.lnk - Clé orpheline

O4 - GS\Desktop [martial]: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe

~ Global Startup: 54 Legitimates Filtered in 00mn 01s

---\\ Applications lancées au démarrage du sytème (O4)

O4 - GS\Startup [Public]: Acer Remote.lnk . (.Acer - ArcServer.) -- C:\Program Files (x86)\Acer Remote\ArcServer.exe

O4 - GS\Startup [martial]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - GS\Startup [martial]: PricePeepUpdater.lnk . (...) -- C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (.not file.) =>Adware.PricePeep

O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp

O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIKE.exe =>.Epson Seiko Corporation

O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.

O4 - HKLM\..\Wow6432Node\Run: [sysTPL] . (.Tlapia - sysTPL.) -- C:\Program Files (x86)\sysTPL\sysTPL.exe

O4 - HKLM\..\Wow6432Node\Run: [fst_fr_78] Clé orpheline =>PUA.FSTfr9

O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe

O4 - HKLM\..\Wow6432Node\RunOnce: [Discount Dragon-repairJob] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>PUP.DiscountDragon

O4 - HKUS\S-1-5-21-3778166341-1465188008-936229986-1001\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIKE.exe =>.Epson Seiko Corporation

O4 - HKUS\S-1-5-21-3778166341-1465188008-936229986-1001\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.

~ Application: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{3EAD6CDF-D505-4FFC-B3C8-31B02CB49FF0}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{3EAD6CDF-D505-4FFC-B3C8-31B02CB49FF0}: DhcpDomain = bouyguesbox.fr

O17 - HKLM\System\CS1\Services\Tcpip\..\{3EAD6CDF-D505-4FFC-B3C8-31B02CB49FF0}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{3EAD6CDF-D505-4FFC-B3C8-31B02CB49FF0}: DhcpDomain = bouyguesbox.fr

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation

O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) . (.SaveSense - SaveSenseLive Update.) - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense

O23 - Service: Update RightSurf (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf

O23 - Service: Util RightSurf (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe =>PUP.RightSurf

O23 - Service: View Password (ViewPassword) . (...) - C:\Program Files (x86)\View-Password\ViewPassword152.exe =>PUP.ViewPassword

O23 - Service: WajamUpdaterV3 (WajamUpdaterV3) . (...) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (.not file.) =>PUP.Wajam

~ Services: 24 Legitimates Filtered in 00mn 03s

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-S-1-5-21-3778166341-1465188008-936229986-1001.job [366] =>PUP.GiganticSavings

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-sys.job [366] =>PUP.GiganticSavings

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SaveSense.job [318] =>Hijacker.iHaveNet

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job [948] =>PUP.SaveSense

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job [952] =>PUP.SaveSense

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\View Password Update.job [426]

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\View Password_wd.job [420]

[MD5.2064E97CF3396C4EC5A497CE49E4515F] [APT] [bench-S-1-5-21-3778166341-1465188008-936229986-1001] (...) -- C:\Program Files (x86)\Bench\Updater\updater.exe [254456] =>PUP.GiganticSavings

[MD5.2064E97CF3396C4EC5A497CE49E4515F] [APT] [bench-sys] (...) -- C:\Program Files (x86)\Bench\Updater\updater.exe [254456] =>PUP.GiganticSavings

[MD5.00000000000000000000000000000000] [APT] [saveSense] (...) -- C:\Users\martial\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.SaveSense

[MD5.C495D8665A32539660625182D23D5C59] [APT] [saveSenseLiveUpdateTaskMachineCore] (.SaveSense.) -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920] =>PUP.SaveSense

[MD5.C495D8665A32539660625182D23D5C59] [APT] [saveSenseLiveUpdateTaskMachineUA] (.SaveSense.) -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920] =>PUP.SaveSense

[MD5.4D6ECC299B8D1E62FB993111F32E53A8] [APT] [View Password Update] (...) -- C:\Program Files (x86)\View-Password\View-Password.exe [245248]

[MD5.85BCCCE4A932C1EFB08EA84444031491] [APT] [View Password_wd] (...) -- C:\Program Files (x86)\View-Password\ViewPassword152_wd.exe [92672] =>PUP.ViewPassword

[MD5.00000000000000000000000000000000] [APT] [{7D9DB445-CDF2-402D-8C76-408B14284FAD}] (...) -- C:\Users\martial\Desktop\avira_free_antivirus_fr.exe (.not file.) [0]

~ Scheduled Task: 30 Legitimates Filtered in 00mn 03s

---\\ Logiciels installés (O42)

O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore

O42 - Logiciel: Casino Classic - (...) [HKLM][64Bits] -- casinoclassic

O42 - Logiciel: Discount Dragon - (.Smart Apps.) [HKLM][64Bits] -- 38900_Discount Dragon =>PUP.DiscountDragon

O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr

O42 - Logiciel: RightSurf - (.RightSurf.) [HKLM][64Bits] -- RightSurf =>PUP.RightSurf

O42 - Logiciel: SaveSense - (.SaveSense.) [HKCU][64Bits] -- SaveSense =>PUP.SaveSense

O42 - Logiciel: View Password - (.View Password.) [HKLM][64Bits] -- 76c4cae9-491a-4726-b03c-2402f21abf4a

~ Logic: 35 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\Ecommfactory]

[HKCU\Software\MGS]

[HKCU\Software\RightSurf] =>PUP.RightSurf

[HKCU\Software\SaveSenseLive] =>PUP.SaveSense

[HKLM\Software\Wow6432Node\Discount Dragon] =>PUP.DiscountDragon

[HKLM\Software\Wow6432Node\RightSurf] =>PUP.RightSurf

[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense

~ Key Software: 251 Legitimates Filtered in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 21/12/2013 - 19:53:24 - [1,964] ----D C:\Program Files (x86)\AskPartnerNetwork

O43 - CFD: 07/02/2014 - 20:29:22 - [1,038] ----D C:\Program Files (x86)\Discount Dragon =>PUP.DiscountDragon

O43 - CFD: 06/02/2014 - 21:44:24 - [119,341] ----D C:\Program Files (x86)\PokerStars.FR

O43 - CFD: 07/02/2014 - 20:38:02 - [2,728] ----D C:\Program Files (x86)\RightSurf =>PUP.RightSurf

O43 - CFD: 07/02/2014 - 19:50:02 - [3,431] ----D C:\Program Files (x86)\SaveSenseLive =>PUP.SaveSense

O43 - CFD: 07/02/2014 - 19:53:01 - [0,667] ----D C:\Program Files (x86)\View-Password

O43 - CFD: 21/12/2013 - 19:53:16 - [0] ----D C:\ProgramData\APN

O43 - CFD: 18/10/2013 - 17:03:20 - [-890,689] ----D C:\ProgramData\MGS

O43 - CFD: 05/10/2013 - 08:15:08 - [0] ----D C:\ProgramData\OEM_YAHOO

O43 - CFD: 07/02/2014 - 19:50:01 - [0] ----D C:\ProgramData\SaveSenseLive =>PUP.SaveSense

O43 - CFD: 07/02/2014 - 20:29:23 - [1,083] ----D C:\Users\martial\AppData\Local\Discount Dragon =>PUP.DiscountDragon

O43 - CFD: 09/10/2013 - 19:51:04 - [35,079] ----D C:\Users\martial\AppData\Local\Doc

O43 - CFD: 08/02/2014 - 20:40:54 - [3,975] ----D C:\Users\martial\AppData\Local\PokerStars.FR

O43 - CFD: 05/10/2013 - 20:23:04 - [0,003] ----D C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.FR

O43 - CFD: 07/02/2014 - 19:49:50 - [0,001] ----D C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.SaveSense

O43 - CFD: 07/02/2014 - 19:53:15 - [0,002] ----D C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop

~ Program Folder: 148 Legitimates Filtered in 00mn 03s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.06BFB1C90F001458F8D39C1879076597] - 09/02/2014 - 10:20:25 ---A- . (...) -- C:\Windows\win.ini [618]

~ Files: 12 Legitimates Filtered in 00mn 26s

---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)

O51 - MPSK:{d76a96c1-3c02-11e3-be78-7427ea4db901}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)

~ Keys: Scanned in 00mn 00s

---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1

~ MWPS: 20 Legitimates Filtered in 00mn 00s

---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

---\\ Liste des pilotes du système (SDL) (O58)

O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]

~ Drivers: 20 Legitimates Filtered in 00mn 01s

---\\ Liste des outils de désinfection (LATC) (O63)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ Associations Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de démarrage Internet (SMI) (O68)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Enumère les codes produits des logiciels (PUC) (O90)

O90 - PUC: "2A8EBFD6FBDCE3543BC4232F20CFEEC4" . (.Software Updater.) -- C:\Windows\Installer\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}\icon.ico

O90 - PUC: "33B1C8585D3C77347BB7E1F233C8F766" . (..) -- C:\Windows\Installer\{858C1B33-C3D5-4377-B77B-1E2F338C7F66}\ARPPRODUCTICON.exe

O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\Windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore

~ Update Products: 44 Legitimates Filtered in 00mn 00s

---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)

[MD5.A3AEEC9A9B6984F2E22B90FDC9A23AB8] [WIS][21/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\1151bb.msi [24993792]

[MD5.FD27033962C87183E39F38DB982AB9A3] [WIS][07/02/2014] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\60aa9.msi [1896448] =>Adware.Boxore

~ WIS: 46 Legitimates Filtered in 00mn 04s

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Disabled 09/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

SS - | Auto 06/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 06/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Auto 07/02/2014 146920 | (savesenselive) . (.SaveSense.) - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense

SS - | Demand 07/02/2014 146920 | (savesenselivem) . (.SaveSense.) - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense

SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SS - | Auto 10/07/1658 0 | (WajamUpdaterV3) . (...) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe =>PUP.Wajam

SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 09/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

SR - | Auto 09/12/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 24/09/2013 1358944 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe

SR - | Auto 11/11/2013 3478544 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

SR - | Auto 24/09/2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

SR - | Auto 10/07/2013 2650696 | (CCDMonitorService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

SR - | Demand 18/01/2013 660040 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

SR - | Auto 12/12/2011 135824 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe

SR - | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

SR - | Auto 20/04/2012 635104 | (Intel® Capability Licensing Service Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe

SR - | Auto 05/06/2012 190824 | (Intel® PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe

SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

SR - | Auto 14/07/2012 769432 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe

SR - | Auto 30/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 30/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SR - | Auto 29/01/2014 399640 | (sysTPLMonitor.exe) . (.Tlapia.) - C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe

SR - | Auto 29/01/2014 400664 | (sysTPLService.exe) . (.Tlapia.) - C:\Program Files (x86)\sysTPL\sysTPLService.exe

SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

SR - | Auto 07/02/2014 80160 | (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf

SR - | Auto 07/02/2014 80160 | (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe =>PUP.RightSurf

SR - | Auto 07/02/2014 178176 | (ViewPassword) . (...) - C:\Program Files (x86)\View-Password\ViewPassword152.exe =>PUP.ViewPassword

SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe

SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

~ Services: Scanned in 00mn 05s

---\\ Scan Additionnel (O88)

Database Version : 13030 - (06/02/2014)

Clés trouvées (Keys found) : 19

Valeurs trouvées (Values found) : 3

Dossiers trouvés (Folders found) : 11

Fichiers trouvés (Files found) : 25

[HKLM\Software\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb] =>Adware.PricePeep^

[HKLM\Software\Google\Chrome\Extensions\nikdaiaidiiiogaidkkekcmokcgcdeac] =>PUP.DiscountDragon^

[HKLM\Software\Google\Chrome\Extensions\pbpohikckhbcljgombipcdoinkaedlfa] =>Spyware.SmartDisplay^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C}] =>PUP.RightSurf^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}] =>PUP.DiscountDragon^

[HKLM\SYSTEM\CurrentControlSet\Services\savesenselive) (savesenselive] =>PUP.SaveSense^

[HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf] =>PUP.RightSurf^

[HKLM\SYSTEM\CurrentControlSet\Services\Util RightSurf] =>PUP.RightSurf^

[HKLM\SYSTEM\CurrentControlSet\Services\ViewPassword] =>PUP.ViewPassword^

[HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdaterV3] =>PUP.Wajam^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\38900_Discount Dragon] =>PUP.DiscountDragon^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf] =>PUP.RightSurf^

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense] =>PUP.SaveSense^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_78 =>PUA.FSTfr9^

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:Discount Dragon-repairJob =>PUP.DiscountDragon^

C:\Users\martial\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb =>Adware.PricePeep^

C:\Users\martial\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikdaiaidiiiogaidkkekcmokcgcdeac =>PUP.DiscountDragon^

C:\Users\martial\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay^

C:\Program Files (x86)\Discount Dragon =>PUP.DiscountDragon^

C:\Program Files (x86)\RightSurf =>PUP.RightSurf^

C:\Program Files (x86)\SaveSenseLive =>PUP.SaveSense^

C:\ProgramData\SaveSenseLive =>PUP.SaveSense^

C:\Users\martial\AppData\Local\Discount Dragon =>PUP.DiscountDragon^

C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.SaveSense^

C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^

C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask

C:\Program Files (x86)\View-Password\ViewPassword152_wd.exe =>PUP.ViewPassword^

C:\Windows\Tasks\bench-S-1-5-21-3778166341-1465188008-936229986-1001.job =>PUP.GiganticSavings^

C:\Windows\Tasks\bench-sys.job =>PUP.GiganticSavings^

C:\Windows\Tasks\SaveSense.job =>Hijacker.iHaveNet^

C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job =>PUP.SaveSense^

C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job =>PUP.SaveSense^

C:\Program Files (x86)\Bench\Updater\updater.exe =>PUP.GiganticSavings^

C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense^

[HKCU\Software\RightSurf] =>PUP.RightSurf^

[HKCU\Software\SaveSenseLive] =>PUP.SaveSense^

[HKLM\Software\Wow6432Node\Discount Dragon] =>PUP.DiscountDragon^

[HKLM\Software\Wow6432Node\RightSurf] =>PUP.RightSurf^

[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense^

C:\Windows\Installer\60aa9.msi =>Adware.Boxore^

C:\Users\martial\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore

C:\Users\martial\AppData\Local\Temp\nspCD20.exe =>Toolbar.Conduit

C:\Users\martial\AppData\Local\Temp\nspE638.exe =>Toolbar.Conduit

C:\Users\martial\AppData\Local\Temp\nsuCB6A.exe =>Toolbar.Conduit

C:\Users\martial\AppData\Local\Temp\nszE4A1.exe =>Toolbar.Conduit

C:\Users\martial\AppData\Local\Temp\Umbrella.exe173a2a =>Adware.IMBooster

~ Additionnel Scan: 184974 Items scanned in 00mn 12s

---\\ Récapitulatif des détections trouvées sur votre station

~ http://nicolascoolman.webs.com/apps/blog/show/35740148-pup-viewpassword =>PUP.ViewPassword

~ http://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay =>Spyware.SmartDisplay

~ http://nicolascoolman.webs.com/apps/blog/show/33477786-pup-dosearches =>PUP.DoSearches

~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy

~ http://nicolascoolman.webs.com/apps/blog/show/41196115-pup-rightsurf =>PUP.RightSurf

~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9

~ http://nicolascoolman.webs.com/apps/blog/show/36853930-pup-savesense =>PUP.SaveSense

~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>PUP.Wajam

~ http://nicolascoolman.webs.com/apps/blog/show/37514218-pup-giganticsavings =>PUP.GiganticSavings

~ http://nicolascoolman.webs.com/apps/blog/show/33336602-hijacker-ihavenet =>Hijacker.iHavenet

~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore

~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop

~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd

~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask

~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit

~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster

~ MSI: 16 link(s) detected in 00mn 12s

~ 897 Legitimates filtered by white list

End of the scan (520 lines in 01mn 11s)(0)

[zurlinden]

JE N AVAIS PAS FAIT COMME IL FALLAIT car jAVAIS FAIT RECHERCHER SANS AVOIR FAIT CONFIGURER:o( DONC J'AI REFAIT CORRECTEMENT ET çA DONNE çA MAINTENANT

~ Rapport de ZHPDiag v2014.2.6.4 - Nicolas Coolman (06/02/2014)

~ Lancé par martial (09/02/2014 10:41:27)

~ Adresse du Site Web http://nicolascoolman.webs.com

~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/

~ Traduit par Nicolas Coolman

~ Etat de la version :

~ Liste blanche : Activée par le programme

~ Elévation des Privilèges : OK

~ User Account Control (UAC): Activate by user

---\\ Navigateurs Internet

MSIE: Internet Explorer v10.0.9200.16750

GCIE: Google Chrome v32.0.1700.107 (Defaut)

---\\ Informations sur les produits Windows

~ Langage: Français

Windows 8, 64-bit (Build 9200)

Windows Server License Manager Script : OK

~ ion : Windows® Operating System, OEM_DM channel

Windows ID Activation : OK

~ Windows Partial Key : 4RDHT

Windows License : OK

~ Windows Remaining Initializations Number : 999

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ Logiciels de protection du système

AVG 2014 v14.0.3697

Windows Defender W8

---\\ Logiciels d'optimisation du système

CCleaner v4.10 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système

~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 8144 MB (72% free)

System Restore: Activé (Enable)

System drive C: has 399 GB (87%) free of 458 GB

---\\ Mode de connexion au système

~ Computer Name: PC-BALOU

~ User Name: martial

~ All Users Names: martial, HomeGroupUser$, Administrateur,

~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89

Logged in as Administrator

---\\ Variables d'environnement

~ System Unit : C:\

~ %AppZHP% : C:\Users\martial\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\martial\AppData\Roaming\

~ %Desktop% : C:\Users\martial\Desktop\

~ %Favorites% : C:\Users\martial\Favorites\

~ %LocalAppData% : C:\Users\martial\AppData\Local\

~ %StartMenu% : C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques

C: Hard drive, Flash drive, Thumb drive (Free 399 Go of 458 Go)

D: Hard drive, Flash drive, Thumb drive (Free 457 Go of 458 Go)

E: CD-ROM drive (Not Inserted)

---\\ Etat du Centre de Sécurité Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

~ Security Center: 41 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques

[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]

[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]

[MD5.E7099336BF7531B6FCC920DCB5101259] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/10/2013 - 07:19:22.) -- C:\Windows\System32\wininet.dll [2241536]

[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]

[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]

[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]

[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]

[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]

[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]

[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]

[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]

[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]

[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]

[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]

[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]

[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]

[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]

[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]

[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]

[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]

[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]

~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 2/5

~ Mes Videos (My Videos) : 1/2

~ Mes Favoris (My Favorites) : 1/14

~ Mes Documents (My Documents) : 1/15

~ Mon Bureau (My Desktop) : 2/46

~ Menu demarrer (Programs) : 1/76

~ Hidden Files: Scanned in 00mn 00s

---\\ Processus lancés

[MD5.85BCCCE4A932C1EFB08EA84444031491] - (...) -- C:\Program Files (x86)\View-Password\ViewPassword152_wd.exe [92672] [PID.3336] =>PUP.ViewPassword

[MD5.280B64F6BFCEDE6D67D261EB808AA617] - (.Acer Incorporated - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [524944] [PID.4464]

[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.2108]

[MD5.BEFFB2D021E7FA9E92249F3997930A68] - (.Acer - ArcServer.) -- C:\Program Files (x86)\Acer Remote\ArcServer.exe [522144] [PID.4392]

[MD5.C850CA110CB798851BFD47F60E8B4B2D] - (.OpenOffice.org - OpenOffice.org Writer.) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe [103936] [PID.4372]

[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.4400]

[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.4416]

[MD5.1DEE34C2698609FCA287D794BA29CE02] - (.Tlapia - sysTPL.) -- C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440] [PID.4192]

[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.1164]

[MD5.643F7A81B4FC27845886AB9650AD2C61] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176] [PID.1076]

[MD5.0CED501E811F5C4745415FCC000CE043] - (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.5232]

[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632] [PID.1196]

[MD5.47D7F5E049E3FAA24176FB92859C552B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8333824] [PID.2572]

~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:\Users\martial\AppData\Local\Google\Chrome\User Data\Default\Preferences

G1 - GCS: Preference [user Data\Default] http://search.conduit.com

G2 - GCE: Preference [user Data\Default] [licjnkifamhpbaefhdpacpmihicfbomb] PricePeep v.2.2.0.9 (Activé) =>Adware.PricePeep

G2 - GCE: Preference [user Data\Default] [nikdaiaidiiiogaidkkekcmokcgcdeac] Discount Dragon v.1.0, (Activé) =>PUP.DiscountDragon

G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [pbpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.6 (Activé) =>Spyware.SmartDisplay

~ Google Browser: 33 Legitimates Filtered in 00mn 06s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com =>PUP.DoSearches

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com =>PUP.DoSearches

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com =>PUP.DoSearches

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com =>PUP.DoSearches

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com =>PUP.DoSearches

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com =>PUP.DoSearches

~ IE Browser: 17 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8877 =>Hijacker.Proxy

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)

O1 - Hosts: 54.204.28.26 nikdaiaidiiiogaidkkekcmokcgcdeac =>PUP.DiscountDragon

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 23

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: RightSurf [64Bits] - {88be1aa9-6740-461c-9e3e-f35eb8fa741c} . (.RightSurf - RightSurf.) -- C:\Program Files (x86)\RightSurf\RightSurfbho.dll =>PUP.RightSurf

O2 - BHO: Discount Dragon BHO [64Bits] - {EA34C851-D481-49F5-A356-3A8B0A8F3B7E} . (.Pas de propriétaire - FrameworkBHO.) -- C:\Program Files (x86)\Discount Dragon\FrameworkBHO.dll =>PUP.DiscountDragon

~ BHO: 8 Legitimates Filtered in 00mn 00s

---\\ Autres liens utilisateurs (O4)

O4 - GS\Desktop [Public]: 3D Vision Photo Viewer.lnk . (.NVIDIA Corporation - NVIDIA 3D Vision Photo Viewer.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe

O4 - GS\Desktop [Public]: Acer Remote.lnk . (.Acer - ArcServer.) -- C:\Program Files (x86)\Acer Remote\ArcServer.exe

O4 - GS\Desktop [Public]: Advanced Disk Recovery.lnk . (.Systweak Software, (www.systweak.com) - Advanced Disk Recovery - UAC Launcher.) -- C:\Program Files (x86)\Advanced Disk Recovery\HighestAvailable.exe

O4 - GS\Desktop [Public]: Casino Classic.lnk . (.Microgaming Systems - Game Launcher.) -- C:\Microgaming\Casino\casinoclassic\casinogame.exe

O4 - GS\Desktop [Public]: Demo Acer Remote.lnk . (...) -- C:\Program Files (x86)\Acer Remote Demo\Acer Remote_demo.mp4

O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe

O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline

O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline

O4 - GS\QuickLaunch [martial]: Advanced Disk Recovery.lnk . (.Systweak Software, (www.systweak.com) - Advanced Disk Recovery - UAC Launcher.) -- C:\Program Files (x86)\Advanced Disk Recovery\HighestAvailable.exe

O4 - GS\QuickLaunch [martial]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\QuickLaunch [martial]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\TaskBar [martial]: Acer Docs.lnk . (...) -- C:\Program Files (x86)\Acer\AcerCloud Docs\AcerCloud Docs.exe

O4 - GS\TaskBar [martial]: Acer Media.lnk . (.Acer Incorporated - Acer Media.) -- C:\Program Files (x86)\Acer\clear.fi Media\ClearfiMedia.exe

O4 - GS\TaskBar [martial]: Acer Photo.lnk . (.Acer Incorporated - Acer Photo.) -- C:\Program Files (x86)\Acer\clear.fi Photo\ClearfiPhoto.exe

O4 - GS\TaskBar [martial]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\TaskBar [martial]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\TaskBar [martial]: Lanceur d'applications Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\Program [martial]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\Desktop [martial]: Lanceur d'applications Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\Desktop [martial]: Ludi.lnk - Clé orpheline

O4 - GS\Desktop [martial]: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe

~ Global Startup: 54 Legitimates Filtered in 00mn 00s

---\\ Applications lancées au démarrage du sytème (O4)

O4 - GS\Startup [Public]: Acer Remote.lnk . (.Acer - ArcServer.) -- C:\Program Files (x86)\Acer Remote\ArcServer.exe

O4 - GS\Startup [martial]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - GS\Startup [martial]: PricePeepUpdater.lnk . (...) -- C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (.not file.) =>Adware.PricePeep

O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp

O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIKE.exe =>.Epson Seiko Corporation

O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.

O4 - HKLM\..\Wow6432Node\Run: [sysTPL] . (.Tlapia - sysTPL.) -- C:\Program Files (x86)\sysTPL\sysTPL.exe

O4 - HKLM\..\Wow6432Node\Run: [fst_fr_78] Clé orpheline =>PUA.FSTfr9

O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe

O4 - HKLM\..\Wow6432Node\RunOnce: [Discount Dragon-repairJob] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>PUP.DiscountDragon

O4 - HKUS\S-1-5-21-3778166341-1465188008-936229986-1001\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIKE.exe =>.Epson Seiko Corporation

O4 - HKUS\S-1-5-21-3778166341-1465188008-936229986-1001\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.

~ Application: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{3EAD6CDF-D505-4FFC-B3C8-31B02CB49FF0}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{3EAD6CDF-D505-4FFC-B3C8-31B02CB49FF0}: DhcpDomain = bouyguesbox.fr

O17 - HKLM\System\CS1\Services\Tcpip\..\{3EAD6CDF-D505-4FFC-B3C8-31B02CB49FF0}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{3EAD6CDF-D505-4FFC-B3C8-31B02CB49FF0}: DhcpDomain = bouyguesbox.fr

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation

O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) . (.SaveSense - SaveSenseLive Update.) - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense

O23 - Service: Update RightSurf (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf

O23 - Service: Util RightSurf (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe =>PUP.RightSurf

O23 - Service: View Password (ViewPassword) . (...) - C:\Program Files (x86)\View-Password\ViewPassword152.exe =>PUP.ViewPassword

O23 - Service: WajamUpdaterV3 (WajamUpdaterV3) . (...) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (.not file.) =>PUP.Wajam

~ Services: 24 Legitimates Filtered in 00mn 02s

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-S-1-5-21-3778166341-1465188008-936229986-1001.job [366] =>PUP.GiganticSavings

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-sys.job [366] =>PUP.GiganticSavings

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SaveSense.job [318] =>Hijacker.iHaveNet

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job [948] =>PUP.SaveSense

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job [952] =>PUP.SaveSense

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\View Password Update.job [426]

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\View Password_wd.job [420]

[MD5.2064E97CF3396C4EC5A497CE49E4515F] [APT] [bench-S-1-5-21-3778166341-1465188008-936229986-1001] (...) -- C:\Program Files (x86)\Bench\Updater\updater.exe [254456] =>PUP.GiganticSavings

[MD5.2064E97CF3396C4EC5A497CE49E4515F] [APT] [bench-sys] (...) -- C:\Program Files (x86)\Bench\Updater\updater.exe [254456] =>PUP.GiganticSavings

[MD5.00000000000000000000000000000000] [APT] [saveSense] (...) -- C:\Users\martial\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.SaveSense

[MD5.C495D8665A32539660625182D23D5C59] [APT] [saveSenseLiveUpdateTaskMachineCore] (.SaveSense.) -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920] =>PUP.SaveSense

[MD5.C495D8665A32539660625182D23D5C59] [APT] [saveSenseLiveUpdateTaskMachineUA] (.SaveSense.) -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920] =>PUP.SaveSense

[MD5.4D6ECC299B8D1E62FB993111F32E53A8] [APT] [View Password Update] (...) -- C:\Program Files (x86)\View-Password\View-Password.exe [245248]

[MD5.85BCCCE4A932C1EFB08EA84444031491] [APT] [View Password_wd] (...) -- C:\Program Files (x86)\View-Password\ViewPassword152_wd.exe [92672] =>PUP.ViewPassword

[MD5.00000000000000000000000000000000] [APT] [{7D9DB445-CDF2-402D-8C76-408B14284FAD}] (...) -- C:\Users\martial\Desktop\avira_free_antivirus_fr.exe (.not file.) [0]

~ Scheduled Task: 60 Legitimates Filtered in 00mn 01s

---\\ Logiciels installés (O42)

O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore

O42 - Logiciel: Casino Classic - (...) [HKLM][64Bits] -- casinoclassic

O42 - Logiciel: Discount Dragon - (.Smart Apps.) [HKLM][64Bits] -- 38900_Discount Dragon =>PUP.DiscountDragon

O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr

O42 - Logiciel: RightSurf - (.RightSurf.) [HKLM][64Bits] -- RightSurf =>PUP.RightSurf

O42 - Logiciel: SaveSense - (.SaveSense.) [HKCU][64Bits] -- SaveSense =>PUP.SaveSense

O42 - Logiciel: View Password - (.View Password.) [HKLM][64Bits] -- 76c4cae9-491a-4726-b03c-2402f21abf4a

~ Logic: 35 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\Ecommfactory]

[HKCU\Software\MGS]

[HKCU\Software\RightSurf] =>PUP.RightSurf

[HKCU\Software\SaveSenseLive] =>PUP.SaveSense

[HKLM\Software\Wow6432Node\Discount Dragon] =>PUP.DiscountDragon

[HKLM\Software\Wow6432Node\RightSurf] =>PUP.RightSurf

[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense

~ Key Software: 251 Legitimates Filtered in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 21/12/2013 - 19:53:24 - [1,964] ----D C:\Program Files (x86)\AskPartnerNetwork

O43 - CFD: 07/02/2014 - 20:29:22 - [1,038] ----D C:\Program Files (x86)\Discount Dragon =>PUP.DiscountDragon

O43 - CFD: 06/02/2014 - 21:44:24 - [119,341] ----D C:\Program Files (x86)\PokerStars.FR

O43 - CFD: 07/02/2014 - 20:38:02 - [2,728] ----D C:\Program Files (x86)\RightSurf =>PUP.RightSurf

O43 - CFD: 07/02/2014 - 19:50:02 - [3,431] ----D C:\Program Files (x86)\SaveSenseLive =>PUP.SaveSense

O43 - CFD: 07/02/2014 - 19:53:01 - [0,667] ----D C:\Program Files (x86)\View-Password

O43 - CFD: 21/12/2013 - 19:53:16 - [0] ----D C:\ProgramData\APN

O43 - CFD: 18/10/2013 - 17:03:20 - [-890,689] ----D C:\ProgramData\MGS

O43 - CFD: 05/10/2013 - 08:15:08 - [0] ----D C:\ProgramData\OEM_YAHOO

O43 - CFD: 07/02/2014 - 19:50:01 - [0] ----D C:\ProgramData\SaveSenseLive =>PUP.SaveSense

O43 - CFD: 07/02/2014 - 20:29:23 - [1,083] ----D C:\Users\martial\AppData\Local\Discount Dragon =>PUP.DiscountDragon

O43 - CFD: 09/10/2013 - 19:51:04 - [35,079] ----D C:\Users\martial\AppData\Local\Doc

O43 - CFD: 08/02/2014 - 20:40:54 - [3,975] ----D C:\Users\martial\AppData\Local\PokerStars.FR

O43 - CFD: 05/10/2013 - 20:23:04 - [0,003] ----D C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.FR

O43 - CFD: 07/02/2014 - 19:49:50 - [0,001] ----D C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.SaveSense

O43 - CFD: 07/02/2014 - 19:53:15 - [0,002] ----D C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop

~ Program Folder: 148 Legitimates Filtered in 00mn 00s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.06BFB1C90F001458F8D39C1879076597] - 09/02/2014 - 10:20:25 ---A- . (...) -- C:\Windows\win.ini [618]

~ Files: 12 Legitimates Filtered in 00mn 01s

---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)

O51 - MPSK:{d76a96c1-3c02-11e3-be78-7427ea4db901}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)

~ Keys: Scanned in 00mn 00s

---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1

~ MWPS: 20 Legitimates Filtered in 00mn 00s

---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Liste des pilotes du système (SDL) (O58)

O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]

~ Drivers: 20 Legitimates Filtered in 00mn 00s

---\\ Liste des outils de désinfection (LATC) (O63)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ Associations Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de démarrage Internet (SMI) (O68)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Enumère les codes produits des logiciels (PUC) (O90)

O90 - PUC: "2A8EBFD6FBDCE3543BC4232F20CFEEC4" . (.Software Updater.) -- C:\Windows\Installer\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}\icon.ico

O90 - PUC: "33B1C8585D3C77347BB7E1F233C8F766" . (..) -- C:\Windows\Installer\{858C1B33-C3D5-4377-B77B-1E2F338C7F66}\ARPPRODUCTICON.exe

O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\Windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore

~ Update Products: 44 Legitimates Filtered in 00mn 00s

---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)

[MD5.A3AEEC9A9B6984F2E22B90FDC9A23AB8] [WIS][21/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\1151bb.msi [24993792]

[MD5.FD27033962C87183E39F38DB982AB9A3] [WIS][07/02/2014] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\60aa9.msi [1896448] =>Adware.Boxore

~ WIS: 46 Legitimates Filtered in 00mn 01s

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Disabled 09/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

SS - | Auto 06/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 06/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Auto 07/02/2014 146920 | (savesenselive) . (.SaveSense.) - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense

SS - | Demand 07/02/2014 146920 | (savesenselivem) . (.SaveSense.) - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense

SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SS - | Auto 10/07/1658 0 | (WajamUpdaterV3) . (...) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe =>PUP.Wajam

SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 09/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

SR - | Auto 09/12/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 24/09/2013 1358944 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe

SR - | Auto 11/11/2013 3478544 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

SR - | Auto 24/09/2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

SR - | Auto 10/07/2013 2650696 | (CCDMonitorService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

SR - | Demand 18/01/2013 660040 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

SR - | Auto 12/12/2011 135824 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe

SR - | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

SR - | Auto 20/04/2012 635104 | (Intel® Capability Licensing Service Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe

SR - | Auto 05/06/2012 190824 | (Intel® PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe

SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

SR - | Auto 14/07/2012 769432 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe

SR - | Auto 30/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 30/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SR - | Auto 29/01/2014 399640 | (sysTPLMonitor.exe) . (.Tlapia.) - C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe

SR - | Auto 29/01/2014 400664 | (sysTPLService.exe) . (.Tlapia.) - C:\Program Files (x86)\sysTPL\sysTPLService.exe

SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

SR - | Auto 07/02/2014 80160 | (Update RightSurf) . (...) - C:\Program Files (x86)\RightSurf\updateRightSurf.exe =>PUP.RightSurf

SR - | Auto 07/02/2014 80160 | (Util RightSurf) . (...) - C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe =>PUP.RightSurf

SR - | Auto 07/02/2014 178176 | (ViewPassword) . (...) - C:\Program Files (x86)\View-Password\ViewPassword152.exe =>PUP.ViewPassword

SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe

SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

~ Services: Scanned in 00mn 01s

---\\ Scan Additionnel (O88)

Database Version : 13030 - (06/02/2014)

Clés trouvées (Keys found) : 19

Valeurs trouvées (Values found) : 3

Dossiers trouvés (Folders found) : 11

Fichiers trouvés (Files found) : 25

[HKLM\Software\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb] =>Adware.PricePeep^

[HKLM\Software\Google\Chrome\Extensions\nikdaiaidiiiogaidkkekcmokcgcdeac] =>PUP.DiscountDragon^

[HKLM\Software\Google\Chrome\Extensions\pbpohikckhbcljgombipcdoinkaedlfa] =>Spyware.SmartDisplay^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C}] =>PUP.RightSurf^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}] =>PUP.DiscountDragon^

[HKLM\SYSTEM\CurrentControlSet\Services\savesenselive) (savesenselive] =>PUP.SaveSense^

[HKLM\SYSTEM\CurrentControlSet\Services\Update RightSurf] =>PUP.RightSurf^

[HKLM\SYSTEM\CurrentControlSet\Services\Util RightSurf] =>PUP.RightSurf^

[HKLM\SYSTEM\CurrentControlSet\Services\ViewPassword] =>PUP.ViewPassword^

[HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdaterV3] =>PUP.Wajam^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\38900_Discount Dragon] =>PUP.DiscountDragon^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf] =>PUP.RightSurf^

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense] =>PUP.SaveSense^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_78 =>PUA.FSTfr9^

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:Discount Dragon-repairJob =>PUP.DiscountDragon^

C:\Users\martial\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb =>Adware.PricePeep^

C:\Users\martial\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikdaiaidiiiogaidkkekcmokcgcdeac =>PUP.DiscountDragon^

C:\Users\martial\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay^

C:\Program Files (x86)\Discount Dragon =>PUP.DiscountDragon^

C:\Program Files (x86)\RightSurf =>PUP.RightSurf^

C:\Program Files (x86)\SaveSenseLive =>PUP.SaveSense^

C:\ProgramData\SaveSenseLive =>PUP.SaveSense^

C:\Users\martial\AppData\Local\Discount Dragon =>PUP.DiscountDragon^

C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.SaveSense^

C:\Users\martial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^

C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask

C:\Program Files (x86)\View-Password\ViewPassword152_wd.exe =>PUP.ViewPassword^

C:\Windows\Tasks\bench-S-1-5-21-3778166341-1465188008-936229986-1001.job =>PUP.GiganticSavings^

C:\Windows\Tasks\bench-sys.job =>PUP.GiganticSavings^

C:\Windows\Tasks\SaveSense.job =>Hijacker.iHaveNet^

C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job =>PUP.SaveSense^

C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job =>PUP.SaveSense^

C:\Program Files (x86)\Bench\Updater\updater.exe =>PUP.GiganticSavings^

C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense^

[HKCU\Software\RightSurf] =>PUP.RightSurf^

[HKCU\Software\SaveSenseLive] =>PUP.SaveSense^

[HKLM\Software\Wow6432Node\Discount Dragon] =>PUP.DiscountDragon^

[HKLM\Software\Wow6432Node\RightSurf] =>PUP.RightSurf^

[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense^

C:\Windows\Installer\60aa9.msi =>Adware.Boxore^

C:\Users\martial\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore

C:\Users\martial\AppData\Local\Temp\nspCD20.exe =>Toolbar.Conduit

C:\Users\martial\AppData\Local\Temp\nspE638.exe =>Toolbar.Conduit

C:\Users\martial\AppData\Local\Temp\nsuCB6A.exe =>Toolbar.Conduit

C:\Users\martial\AppData\Local\Temp\nszE4A1.exe =>Toolbar.Conduit

C:\Users\martial\AppData\Local\Temp\Umbrella.exe173a2a =>Adware.IMBooster

~ Additionnel Scan: 184974 Items scanned in 00mn 11s

---\\ Récapitulatif des détections trouvées sur votre station

~ http://nicolascoolman.webs.com/apps/blog/show/35740148-pup-viewpassword =>PUP.ViewPassword

~ http://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay =>Spyware.SmartDisplay

~ http://nicolascoolman.webs.com/apps/blog/show/33477786-pup-dosearches =>PUP.DoSearches

~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy

~ http://nicolascoolman.webs.com/apps/blog/show/41196115-pup-rightsurf =>PUP.RightSurf

~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9

~ http://nicolascoolman.webs.com/apps/blog/show/36853930-pup-savesense =>PUP.SaveSense

~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>PUP.Wajam

~ http://nicolascoolman.webs.com/apps/blog/show/37514218-pup-giganticsavings =>PUP.GiganticSavings

~ http://nicolascoolman.webs.com/apps/blog/show/33336602-hijacker-ihavenet =>Hijacker.iHavenet

~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore

~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop

~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd

~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask

~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit

~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster

~ MSI: 16 link(s) detected in 00mn 11s

~ 936 Legitimates filtered by white list

End of the scan (521 lines in 00mn 32s)(0)

[zurlinden]

voilà je pense avoir fait ce que vous m aviez demandé:

j'attends de connaître votre"verdict" ), et s'il y a d'autres manip à faire:

pour info, je suis sous windows 8, et mon antivirus est AVG car je n'ai pas pu remettre AVIRA dont j'étais satisfait

en ts les cas, merci encore à vous :

bon dimanche

[zurlinden]

encore moi:o)

pour une raison que j'ignore, je me retrouve avec 2 antivirus

AVG et AVIRA;

j'ai désinstallé AV, et conservé AVIRA, que je pensais avoir désisntallé avant d'avoir mes problèmes:

mais chaque fois que je tente une mise à jour d'AVIRA, j'ai une mention d'erreur, et un rapport que je poste ci dessous: que dois je faire, et si pas possible de mettre à jour AVIRA(cause windows8??), quel antivirus gratui me conseillez vous, et depuis quel site le télécharger).

pour info, depuis que j'ai fait ce que vous m avez indiqué, tt semble être rentré ds l'ordre s'agissant des fenêtres de pub:

encore merci les champions!!

[bernard53]

ok ceci car il y a encore du monde.

ATTENTION: bien mettre les rapports en ligne comme demandé s.v.p et bien sur donné le lien de consultations.

 

* Copie tout le texte présent que tu télécharges dans le lien ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C)

 

http://cjoint.com/?DBjlBomWwrq

 

 

Puis Lance ZHPFix depuis le raccourci du bureau.

Valides l’icône IMPORTER

 

 

puis valide GO dans cette fenêtre.

 

 

Une fois terminée, un nouveau rapport s'affiche : copie/colle le contenu de ce dernier dans ta prochaine réponse ...

A la fin du scan le rapport est sauvegardé directement sur ton bureau. ZHPFixReport.txt

Mets le rapport ici car il prend bien de la place.

http://cjoint.com/

ou.

http://www.1fichier.com/

 

Si à tout hasard tu ne peux pas te connecter au net après Zhpfix fait ceci.

- Désactivez le proxy ajouté par l'infection pour cela :

- Sur Firefox, Outils /Options puis onglet Avancés.
- Cliquez sur Réseau et Paramètres.
- Choisissez "Pas de Proxy".

- Sur Internet Explorer , c'est le menu Outils / Options Internet.
- Onglet Connexions puis Paramètres réseau--> désactiver le proxy.

 

Vérifier que la case "Détecter automatiquement les paramètres de connections" soit cochée.

Redémarrez l'ordinateur.

 

 

Ensuite:

Installe Malewarebytes' Antimalware,

 

http://malwarebytes.org/products/malwarebytes_free

 

Prends bien la version FREE << et ne pas valider l'essai de la version PRO >> lors de l’installation.

*** Met-le à jour puis choisi, Exécuter un examen complet

 

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

 

Poste le rapport final En choisissant l'onglet Rapports/Logs dans MalwaresBytes

[zurlinden]

j'ai fait ce que tu m'as dit, mais pour le rapport, il y a dû y avoir un probl car ça donne ça:o((

j'ai supprimé 147 infections si j'ai bonne mémoire!

 

dernière question;

si je veux désinstaller AVIRa, je ne le vois nulle part (

j'ai essayé avec REVO

UNINSTALLER, et CCLEANER, mais je ne le vois pas; pourtant il est tjrs là, car l'icone parapluie est tjrs là, et il me donne des alertes par moment (

que faire??

s'il faut, je refais une analyse avec MALWARE BYTES et je copie le rapport avant de réparer??

merci

 

 

 

 

 

 

ÿþM#a#l#w#a#r#e#b#y#t#e#s# #A#n#t#i#-#M#a#l#w#a#r#e# #(#E#s#s#a#i#)# #1#.#7#5#.#0#.#1#3#0#0#r#l#.#9# #(#P#U#P#.#O#p#t#i#o#n#a#l#.#S#a#v#e#S#e#n#s#e#.#A#)# #-#># #M#i#s# #e#n# #q#u#a#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#t#e#.#P#r#o#c#e#s#s#L#a#u#n#c#h#e#r#.#1#.#0# #(#P#U#P#.#O#p#t#i#o#n#a#l#.#S#a#v#e#S#e#n#s#e#.#A#)# #-#># #M#i#s# #e#n# #q#u#a#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#

 #-#># #M#i#s# #e#n# #q#u#a#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#e#r#\#1#.#7#.#0#.#0# #(#P#U#P#.#O#p#t#i#o#n#a#l#.#A#d#w#a#r#e#P#l#u#g#i#n#)# #-#># #M#i#s# #e#n# #q#u#a#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.# #s#u#c#c#è#s#.#x#e#.#v#i#r# #(#P#U#P#.#O#p#t#i#o#n#a#l#.#C#o#n#d#u#i#t#.#A#)# #-#># #M#i#s# #e#n# #q#u#a#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#e#k#c#m#o#k#c#g#c#d#e#a#c#\#1#.#0#_#0#\#b#a#c#k#g#r#o#u#n#d#.#h#t#m#l# #(#P#U#P#.#O#p#t#i#o#n#a#l#.#D#i#s#c#o#u#n#t#D#r#a#g#o#n#)# #-#># #M#i#s# #e#n# #q#u#a#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#p#A#P#I#_#b#g#.#j#s# #(#P#U#P#.#O#p#t#i#o#n#a#l#.#D#i#s#c#o#u#n#t#D#r#a#g#o#n#)# #-#># #M#i#s# #e#n# #q#u#a#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#a#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#f#a#u#l#t#\#E#x#t#e#n#s#i#o#n#s#\#n#i#k#d#a#i#a#i#d#i#i#i#o#g#a#i#d#k#k#e#k#c#m#o#k#c#g#c#d#e#a#c#\#1#.#0#_#0#\#f#r#a#m#e#w#o#r#k#\#i#n#i#t#i#a#l#i#z#e#.#j#s# #(#P#U#P#.#O#p#t#i#o#n#a#l#.#D#i#s#c#o#u#n#t#D#r#a#g#o#n#)# #-#># #M#i#s# #e#n# #q#u#a#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.# #(#P#U#P#.#O#p#t#i#o#n#a#l#.#D#i#s#c#o#u#n#t#D#r#a#g#o#n#)# #-#># #M#i#s# #e#n# #q#u#a#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#a#t#a#\#D#e#f#a#u#l#t#\#E#x#t#e#n#s#i#o#n#s#\#n#i#k#d#a#i#a#i#d#i#i#i#o#g#a#i#d#k#k#e#k#c#m#o#k#c#g#c#d#e#a#c#\#1#.#0#_#0#\#f#r#a#m#e#w#o#r#k#-#u#i#\#r#e#m#o#t#e#_#p#o#p#u#p#_#h#o#s#t#.#j#s# #(#P#U#P#.#O#p#t#i#o#n#a#l#.#D#i#s#c#o#u#n#t#D#r#a#g#o#n#)# #-#># #M#i#s# #e#n# #q#u#a#r#a#n#t#a#i#n#e# #e#t# #s#u#p#p#r#i#m#é# #a#v#e#c# #s#u#c#c#è#s#.#

2#0#1#4#/#0#2#/#0#9# #1#1#:#4#1#:#0#3# #+#0#1#0#0# #P#C#-#B#A#L#O#U# #m#a#r#t#i#a#l# #M#E#S#S#A#G#E# #S#t#a#r#t#i#n#g# #p#r#o#t#e#c#t#i#o#n#