[Résolu] Infection navigateurs (Bueno Search - WebSearch)

[artbroken]

Bonjour à tous,

 

MOn grand étant en panne d'affichage avec son portable (fera l'objet d'un autre post) s'est laissé tenté par un copie de msn (il n'y a que ces 3 lettres de comparables), un espèce de tchat mais en l'installant il a pourri la machine familiale qui me sert aussi pour le boulot.

Il a cherché après, cette machine est rarement içonfectée...

 

Je possède Mbam Pro 1.45.0.1300 ilm me trouve 75 infections que je nettoie mais cela est inefficace. Je n'ai pas installé Avira car lors d'une discussion on m'avait dit que les outils win7 étaient suffisant.... je repose la question, est ce vrai ??

 

Pourriez vous m'aider à désinfecter ma machine s'il vous plaît et me dire quels sont les outils qu'ils me faut passer pour y parvenir.

 

Merci par avance et une année de plus pour Zebulon alors Happy Birthday à tous les intervenant admin et modos (1999 - 2014)

 

Ma config est dans mon profil.

===================================================================

~ Rapport de ZHPDiag v2014.3.28.35 - Nicolas Coolman (2014-03-28)

~ Lancé par Hervé (2014-03-30 13:02:13)

~ Adresse du Site Web http://nicolascoolman.webs.com

~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/

~ Traduit par Nicolas Coolman

~ Etat de la version :

~ Liste blanche : Activée par le programme

~ Elévation des Privilèges : OK

~ User Account Control (UAC): Deactivate by user

---\\ Navigateurs Internet

MSIE: Internet Explorer v11.0.9600.16518

---\\ Informations sur les produits Windows

~ Langage: Français

Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

~ Windows® 7, OEM_COA_NSLP channel

Windows ID Activation : OK

~ Windows Partial Key : QG8XD

Windows License : OK

~ Windows Remaining Initializations Number : 2

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ Logiciels de protection du système

Microsoft Security Client v4.4.0304.0

Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système

~ Processor: AMD64 Family 16 Model 10 Stepping 0, AuthenticAMD

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 8188 MB (72% free)

System Restore: Activé (Enable)

System drive C: has 8 GB (13%) free of 60 GB

---\\ Mode de connexion au système

~ Computer Name: AVALANCHE

~ User Name: Hervé

~ All Users Names: HomeGroupUser$, Hervé, Administrateur,

~ Unselected Option: O45

Logged in as Administrator

---\\ Variables d'environnement

~ System Unit : C:\

~ %AppZHP% : C:\Users\Hervé\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Hervé\AppData\Roaming\

~ %Desktop% : C:\Users\Hervé\Desktop\

~ %Favorites% : C:\Users\Hervé\Favorites\

~ %LocalAppData% : C:\Users\Hervé\AppData\Local\

~ %StartMenu% : C:\Users\Hervé\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques

C: Hard drive, Flash drive, Thumb drive (Free 8 Go of 60 Go)

D: CD-ROM drive (Not Inserted)

E: Hard drive, Flash drive, Thumb drive (Free 17 Go of 60 Go)

F: Hard drive, Flash drive, Thumb drive (Free 399 Go of 440 Go)

G: CD-ROM drive (Not Inserted)

H: Hard drive, Flash drive, Thumb drive (Free 101 Go of 432 Go)

I: CD-ROM drive (Not Inserted)

K: Hard drive, Flash drive, Thumb drive (Free 348 Go of 931 Go)

---\\ Etat du Centre de Sécurité Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified

~ Security Center: 47 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-14 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2014-02-25 - 07:50:36.) -- C:\Windows\System32\wininet.dll [2334208]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2010-11-21 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-21 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2014-02-14 - 18:21:01.) -- C:\Windows\system32\Drivers\AFD.sys [497152]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-14 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-14 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-21 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-21 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-21 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-14 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-14 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-27 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-21 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-04-25 - 13:07:57.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-14 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010-11-21 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-14 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-21 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-21 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 1/3

~ Mes musiques (My Musics) : 19/444

~ Mes Videos (My Videos) : 2/4

~ Mes Favoris (My Favorites) : 1/77

~ Mes Documents (My Documents) : 2/1175

~ Mon Bureau (My Desktop) : 2/41

~ Menu demarrer (Programs) : 1/3

~ Hidden Files: Scanned in 00mn 00s

---\\ Processus lancés

[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.2692] =>Toolbar.Google

[MD5.CB60C7455AC362CAA58458A613908B7F] - (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe [476056] [PID.2800]

[MD5.AE797B72D85E87D403FC11135507922C] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288] [PID.3272]

[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- F:\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3296]

[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3392]

[MD5.C7F05A3FD4A8DC4EE7A7866876E1534C] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968] [PID.3400]

[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.4768]

[MD5.36C727491F1F934EF3CAEE686C946DE5] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [296392] [PID.4536]

[MD5.B978AE0D4FB1AFDFDEDBF45A2B3B6183] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8178176] [PID.5712]

[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1724]

[MD5.F518545E5B7623AD49ABE7F8776EFA46] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1984]

[MD5.BE531939BB6D153DB63DBBFBD398A713] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584] [PID.2184]

[MD5.33E9F08F675EF94633C8EF8A7C4EADF3] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608] [PID.2228]

[MD5.10DBAA1703253FB511D0F5C5F6064B00] - (.France Telecom SA - Pas de description.) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [77824] [PID.2320]

[MD5.E1095A89EB4BFCA2AB2F4E1F2BA56612] - (.Logitech Inc. - Logitech LVPrS64H Module..) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe [125464] [PID.2404]

[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- F:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2624]

[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- F:\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2780]

[MD5.2B29FD3AF7B4FEB272CD1F6EEC8FE4BA] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Users\Public\temp\TeamViewer\Version9\TeamViewer_Service.exe [4915040] [PID.3280]

[MD5.65DF135CBD6B061309D95B570B27FD10] - (.Xobni Corporation - XobniService.) -- C:\Program Files (x86)\Xobni\XobniService.exe [62184] [PID.3532]

~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:\Users\Hervé\AppData\Local\Google\Chrome\User Data\Default\Preferences

G1 - GCS: Preference [user Data\Default] http://www.buenosearch.com =>PUP.BuenoSearch

G0 - GCSP: Preference [user Data\Default][HomePage] http://www.buenosearch.com =>PUP.BuenoSearch

G2 - GCE: Preference [user Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)

G2 - GCE: Preference [user Data\Default] [chgdeabpmphfhkoemjjglmilajldekbp] Wondershare Video Converter Ultimate v.6.0.0 (Désactivé)

G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome

~ Google Lines Browser: 20 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\Hervé\AppData\Roaming\Mozilla\Firefox\Profiles\c96ns2wb.default\prefs.js

C:\Users\Hervé\AppData\Roaming\Mozilla\Firefox\Profiles\c96ns2wb.default\user.js

M3 - MFPP: Plugins - [Hervé] -- C:\Users\Hervé\AppData\Roaming\Mozilla\Firefox\Profiles\c96ns2wb.default\searchplugins\buenosearch.xml =>PUP.BuenoSearch

M0 - MFSP: prefs.js [Hervé - c96ns2wb.default] http://www.buenosearch.com =>PUP.BuenoSearch

M2 - MFEP: prefs.js [Hervé - c96ns2wb.default\2ab9302c-551a-4804-9971-9932d6d5b0f9@2bfa4cf8-298a-4792-80d5-75352ee81de1.com] [] Freeven pro 1.2 v (..)

M2 - MFEP: prefs.js [Hervé - c96ns2wb.default\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com] [] MediaPlayerplus v (..)

M2 - MFEP: prefs.js [Hervé - c96ns2wb.default\ffxtlbr@buenosearch.com] [] BuenoSearch v1.6.0 (..) =>PUP.BuenoSearch

M2 - MFEP: prefs.js [Hervé - c96ns2wb.default\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}] [] Personas Rotator v8.0 (..)

~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com =>Hijacker.WebsSearches

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com =>Hijacker.WebsSearches

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com =>Hijacker.WebsSearches

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches

~ IE Browser: 24 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 22

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: (no name) - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline

O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline

~ Toolbar: Scanned in 00mn 00s

---\\ Autres liens utilisateurs (O4)

O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- F:\Firefox\firefox.exe http://istart.webssearches.com =>Hijacker.WebsSearches

O4 - GS\QuickLaunch [Hervé]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com =>Hijacker.WebsSearches

O4 - GS\QuickLaunch [Hervé]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches

O4 - GS\QuickLaunch [Hervé]: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- F:\pokerstar\PokerStarsUpdate.exe

O4 - GS\QuickLaunch [Hervé]: Wondershare Video Converter Ultimate.lnk . (.Wondershare Software - Wondershare Video Converter Ultimate.) -- F:\Video Converter Ultimate\VideoConverterUltimate.exe

O4 - GS\TaskBar [Hervé]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com =>Hijacker.WebsSearches

O4 - GS\TaskBar [Hervé]: IL-2 Sturmovik 1946.lnk . (...) -- F:\Ubisoft\il2fb.exe

O4 - GS\TaskBar [Hervé]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches

O4 - GS\TaskBar [Hervé]: Magnify.lnk . (.Microsoft Corporation - Loupe Microsoft.) -- C:\Windows\system32\magnify.exe

O4 - GS\TaskBar [Hervé]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- F:\Firefox\firefox.exe http://istart.webssearches.com =>Hijacker.WebsSearches

O4 - GS\TaskBar [Hervé]: PlayerTuto.com.lnk . (.Weecast - PlayerTuto.com.) -- F:\PlayerTuto.com\PlayerTuto.exe

~ Global Startup: 71 Legitimates Filtered in 00mn 00s

---\\ Applications lancées au démarrage du sytème (O4)

O4 - GS\Startup [Public]: D-Link AirPlus.lnk . (.D-Link - WLAN Adapter Utility.) -- C:\Program Files (x86)\D-Link AirPlus\AirPlus.exe

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp

O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated

O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Hervé\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc

O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google

O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline

O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation

O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe

O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

O4 - HKLM\..\Wow6432Node\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc

O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation

O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-21-873311265-2648897643-4050429337-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Hervé\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc

O4 - HKUS\S-1-5-21-873311265-2648897643-4050429337-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google

O4 - HKUS\S-1-5-21-873311265-2648897643-4050429337-1001\..\Run: [AdobeBridge] Clé orpheline

O4 - HKUS\S-1-5-21-873311265-2648897643-4050429337-1001\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-21-873311265-2648897643-4050429337-1001\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe

~ Application: Scanned in 00mn 00s

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{52215F02-8811-44C5-B116-809E399B0986}: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{637787B5-201A-4C81-94A7-620DFC97C1BD}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{52215F02-8811-44C5-B116-809E399B0986}: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{637787B5-201A-4C81-94A7-620DFC97C1BD}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{52215F02-8811-44C5-B116-809E399B0986}: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{637787B5-201A-4C81-94A7-620DFC97C1BD}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1

~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation

O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SupTab\SEARCH~2.dll (.not file.) =>PUP.SupTab

~ AppInit DLL: Scanned in 00mn 00s

---\\ Tâches planifiées en automatique (O39)

[MD5.00000000000000000000000000000000] [APT] [{07811BC6-60EE-46C1-96E8-BA35A6807D3B}] (...) -- D:\Setup.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{1E8C2FBB-E047-48AF-A609-1415F75ACE1E}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{4E16F96A-FD4D-41C8-ADFD-D3738FF3AD82}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{823E8C9D-C9DF-4F76-BD96-8509960DB4AD}] (...) -- D:\setup.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{A1FF5B2C-B2CC-4877-A66F-C26710D75506}] (...) -- C:\Users\Hervé\Desktop\Il2_412_DS.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{DD531431-247B-40B3-8F9A-C80227182DD0}] (...) -- H:\Program Files\archi3D\Architecte3D_ContentPack.exe (.not file.) [0]

~ Scheduled Task: 19 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\ACXPROFILE]

[HKCU\Software\BabSolution] =>Hijacker.BabSolution

[HKCU\Software\Conduit] =>Toolbar.Conduit

[HKCU\Software\Cr_Installer] =>PUP.CrossRider

[HKCU\Software\Door]

[HKCU\Software\ELIGCHK]

[HKCU\Software\GLOBAL]

[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver

[HKCU\Software\Softonic] =>Toolbar.Conduit

[HKCU\Software\TutoTag] =>Spyware.AgenceExclusive

[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive

[HKCU\Software\YahooPartnerToolbar]

[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver

[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit

[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver

[HKLM\Software\Wow6432Node\TENCENT] =>Adware.TencentAddressBar

[HKLM\Software\Wow6432Node\Taronja]

[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive

[HKLM\Software\Wow6432Node\Vittalia] =>Adware.Vittalia

[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager

[HKLM\Software\Wow6432Node\free_soft_to_day] =>Adware.FreeSoftToday

[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab

[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager

~ Key Software: 304 Legitimates Filtered in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 2014-03-29 - 02:22:52 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon

O43 - CFD: 2013-05-18 - 18:06:07 - [0,057] ----D C:\ProgramData\Conduit

O43 - CFD: 2014-03-29 - 14:41:15 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager

O43 - CFD: 2012-11-20 - 19:56:03 - [0] ----D C:\ProgramData\xml_param

O43 - CFD: 2014-03-29 - 17:31:03 - [0,985] ----D C:\Users\Hervé\AppData\Roaming\BabSolution =>Hijacker.BabSolution

O43 - CFD: 2014-03-29 - 02:40:46 - [0] ----D C:\Users\Hervé\AppData\Roaming\SupTab =>PUP.SupTab

O43 - CFD: 2011-08-09 - 06:20:58 - [0,128] ----D C:\Users\Hervé\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1

O43 - CFD: 2013-06-05 - 00:03:07 - [0,679] ----D C:\Users\Hervé\AppData\Local\PokerStars.FR

~ Program Folder: 240 Legitimates Filtered in 00mn 02s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.60B5B75F3095EED44CC84FBF355675CD] - 2014-03-24 - 13:33:49 ---A- . (...) -- C:\Windows\DirectX.log [546484]

~ Files: 10 Legitimates Filtered in 00mn 00s

---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)

O51 - MPSK:{4c2d15a2-8c42-11e3-9baf-1c6f65c06866}\AutoRun\command. (...) -- K:\AutoRunCardDetector.exe (.not file.)

~ Keys: Scanned in 00mn 00s

---\\ Enumération des clés de registre StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\BEWINTERNET-FR-DMGP-V2SessionManager [Key] . (...) -- F:\SessionManager\SessionManager.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\boincmgr [Key] . (...) -- F:\BOINC\boincmgr.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\BrowserPlugInHelper [Key] . (.Wondershare Software - Wondershare Browser Plugin Helper.) -- F:\Video Converter Ultimate\BrowserPlugInHelper.exe

O53 - SMSR:HKLM\...\startupreg\DriverTurbo [Key] . (...) -- F:\DriverTurbo\DriverTurbo.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\fst_fr_134 [Key] . (...) -- C:\Program Files (x86)\fst_fr_134\fst_fr_134.exe (.not file.) =>PUA.FSTfr9

O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (...) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\LGODDFU [Key] . (.BL - Pas de description.) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe

O53 - SMSR:HKLM\...\startupreg\Megakey [Key] . (...) -- C:\Users\Hervé\AppData\Local\Megamedia\Megakey\Megakey.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\MegakeyUpdater [Key] . (...) -- C:\Users\Hervé\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Optimizer Pro [Key] . (...) -- C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (.not file.) =>PUP.OptimizerPro

O53 - SMSR:HKLM\...\startupreg\PMBVolumeWatcher [Key] . (...) -- F:\Caméscope\PMBVolumeWatcher.exe (.not file.)

~ SMSR Keys: 37 Legitimates Filtered in 00mn 00s

---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

~ MWPS: 14 Legitimates Filtered in 00mn 00s

---\\ Liste des pilotes du système (SDL) (O58)

O58 - SDL:[MD5.03B7145C889603537E9FFEABB1AD1089] - 2005-03-29 - 01:30:38 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]

O58 - SDL:[MD5.B4BDE3F758A34658A37DFED3D9783CD8] - 2011-07-26 - 14:45:02 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [88480]

O58 - SDL:[MD5.400582B09E0BB557D0EC28A945150EEB] - 2011-12-13 - 02:19:12 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [279616]

O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 2009-07-14 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]

O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 2009-06-10 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]

O58 - SDL:[MD5.955982BF4421B77722196552B62E8DC2] - 2011-07-26 - 14:45:02 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [46400]

O58 - SDL:[MD5.DED333DBDBBCC3555A6E6244522E2F1A] - 2009-10-07 - 01:45:50 ---A- . (...) -- C:\Windows\System32\Drivers\LVPr2M64.sys [30232]

O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 2009-07-14 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]

O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 2012-12-13 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]

~ Drivers: 14 Legitimates Filtered in 00mn 00s

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)

O61 - LFC: 2014-03-28 - 13:02:34 ---A- . (...) -- C:\Users\Hervé\AppData\Local\Google\Toolbar Cache\7.5.5111.1712\fr\translate_element.js.content [2385]

O61 - LFC: 2014-03-28 - 13:02:34 ---A- . (...) -- C:\Users\Hervé\AppData\Local\Google\Toolbar Cache\7.5.5111.1712\fr\translate_languages.json.content [2033]

O61 - LFC: 2014-03-28 - 13:04:24 ---A- . (...) -- C:\Users\Hervé\Documents\Optimizer Pro\CookiesException.txt [138] =>PUP.OptimizerPro

O61 - LFC: 2014-03-29 - 13:02:33 ---A- . (...) -- C:\Users\Hervé\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences [660561]

O61 - LFC: 2014-03-29 - 13:02:34 ---A- . (...) -- C:\Users\Hervé\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data [161792]

O61 - LFC: 2014-03-29 - 13:04:00 ---A- . (...) -- C:\Users\Hervé\AppData\Local\YesMessenger\.config [465]

O61 - LFC: 2014-03-29 - 13:04:28 ---A- . (...) -- C:\Users\Hervé\Downloads\adblock-plus_setup.exe [684768]

O61 - LFC: 2014-03-30 - 13:02:30 ---A- . (...) -- C:\Users\Hervé\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [273998]

O61 - LFC: 2014-03-30 - 13:02:31 ---A- . (...) -- C:\Users\Hervé\AppData\Local\Google\Chrome\User Data\Local State [63575]

O61 - LFC: 2014-03-30 - 13:04:23 ---A- . (...) -- C:\Users\Hervé\AppData\Roaming\ZHP\Log.txt [40472] =>.Nicolas Coolman

O61 - LFC: 2014-03-30 - 13:04:23 ---A- . (...) -- C:\Users\Hervé\AppData\Roaming\ZHP\TestsZHPDiag.txt [2878] =>.Nicolas Coolman

~ 59 Fichiers temporaires (Temporary files)

~ Files: 210 Legitimates Filtered in 02mn 01s

---\\ Liste des outils de désinfection (LATC) (O63)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ Associations Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de démarrage Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- Chrome.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)

O69 - SBI: prefs.js [Hervé - c96ns2wb.default] user_pref("extensions.crossrider.bic", "1450b3f5d7bf4e1e654c1f2cca9feeff"); =>PUP.CrossRider

O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snap.do =>Hijacker.SmartBar

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Bueno Search) - http://www.buenosearch.com =>PUP.BuenoSearch

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Recherche particulière à la racine du système (SPRF) (O84)

[MD5.96213449FE526C89A0DE6D814097F8B2] [sPRF][2013-11-14] (.Babylon Ltd. - CRX Installer.) -- C:\Program Files (x86)\CrxInstaller.dll [166384] =>PUP.Babylon

~ Files: 1 Legitimates Filtered in 00mn 00s

---\\ Liste des exceptions du parefeu (FirewallRules) (O87)

O87 - FAEL: "TCP Query User{ABBC51B7-25F6-49FC-B46A-91081DBA185E}F:\xampp\mysql\bin\mysqld.exe" | In - Private - P6 - TRUE | .(...) -- F:\xampp\mysql\bin\mysqld.exe

O87 - FAEL: "UDP Query User{63B3A5D9-9DED-4598-B1BA-AE96A49730D5}F:\xampp\mysql\bin\mysqld.exe" | In - Private - P17 - TRUE | .(...) -- F:\xampp\mysql\bin\mysqld.exe

O87 - FAEL: "{7423C8AC-7C24-433C-8C76-A5FDFC928AF1}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM

O87 - FAEL: "{E876FDD9-8A7C-4DB9-A737-8B99D83924FE}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM

O87 - FAEL: "{52CF1D0B-9EDF-4990-A966-163DB881B143}" |In - Private - P6 - TRUE | .(...) -- F:\boincmgr.exe (.not file.)

O87 - FAEL: "{38BFB3FA-E975-49E0-B3DE-2E3F5FC8602A}" |In - Private - P17 - TRUE | .(...) -- F:\boincmgr.exe (.not file.)

O87 - FAEL: "{117AE7EF-EC9D-4434-9CC0-A91DC5DDA91E}" |In - Domain - P6 - FALSE | .(...) -- F:\boincmgr.exe (.not file.)

O87 - FAEL: "{893E8AE7-687A-49D4-BFBE-5D2A8923D5F6}" |In - Domain - P17 - FALSE | .(...) -- F:\boincmgr.exe (.not file.)

~ Firewall: 279 Legitimates Filtered in 00mn 00s

---\\ Enumère les codes produits des logiciels (PUC) (O90)

O90 - PUC: "394E2E69484C3E34B9596DE27E4DD0A3" . (.Toolbar 4.7 by SweetPacks.) -- C:\Windows\Installer\{96E2E493-C484-43E3-9B95-D62EE7D40D3A}\ARPPRODUCTICON.exe =>PUP.SweetIM

O90 - PUC: "A6682956A53DEB44EAF8A2BA6E1C7D56" . (.HyperLobby client.) -- C:\Windows\Installer\{6592866A-D35A-44BE-AE8F-2AABE6C1D765}\hyperlobby.4.3.4.ico.exe

~ Update Products: 135 Legitimates Filtered in 00mn 00s

---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)

[MD5.3763C4BB2F3AA29B569898DDAEC29870] [WIS][2010-08-10] (.Mad Catz - Smart Technology Programming Software.) -- C:\Windows\Installer\1e72ec2.msi [781824]

[MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][2009-05-14] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\215ed3.msi [459264]

[MD5.3EAE634D3ACC787AA365062182AA3491] [WIS][2011-05-18] (.Xobni, Inc. - Xobni Core DLL Installer.) -- C:\Windows\Installer\225198.msi [111104]

~ WIS: 141 Legitimates Filtered in 00mn 04s

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 2014-03-12 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 2011-07-22 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 2011-07-22 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 2012-08-22 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

SS - | Demand 2014-02-06 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe

SS - | Demand 2014-02-15 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Disabled 2010-08-19 386344 | (RichVideo64) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe

SS - | Auto 2013-10-23 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SS - | Demand 2012-08-23 529744 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

SS - | Demand 2010-02-19 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

SS - | Demand 2009-07-14 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 2012-12-18 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 2011-07-28 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe

SR - | Auto 2011-07-28 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

SR - | Auto 2014-01-07 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

SR - | Auto 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SR - | Auto 2009-08-25 77824 | C:\Program Files (x86)\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

SR - | Demand 2009-07-14 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 2009-07-14 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 2009-07-14 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 2009-10-07 191000 | (LVPrcS64) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

SR - | Auto 2013-05-15 1144144 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe

SR - | Auto 2013-04-04 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - F:\Malwarebytes' Anti-Malware\mbamscheduler.exe

SR - | Auto 2013-04-04 701512 | (MBAMService) . (.Malwarebytes Corporation.) - F:\Malwarebytes' Anti-Malware\mbamservice.exe

SR - | Auto 2013-10-23 23808 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe

SR - | Auto 2009-07-14 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 2009-07-14 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 2014-02-17 4915040 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Users\Public\temp\TeamViewer\Version9\TeamViewer_Service.exe

SR - | Auto 1658-07-10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 2009-07-14 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 2011-05-18 62184 | (XobniService) . (.Xobni Corporation.) - C:\Program Files (x86)\Xobni\XobniService.exe

SR - | Auto 2010-12-08 146928 | ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp..) - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl

~ Services: Scanned in 00mn 04s

---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)

Run by Hervé at 2014-03-30 13:05:39

~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s

---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Hervé at 2014-03-30 13:05:41

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

---\\ Scan Additionnel (O88)

Database Version : 13031 - (2014-03-28)

Clés trouvées (Keys found) : 187

Valeurs trouvées (Values found) : 2

Dossiers trouvés (Folders found) : 7

Fichiers trouvés (Files found) : 14

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\fst_fr_134] =>PUA.FSTfr9^

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro] =>PUP.OptimizerPro^

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar

[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster

[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster

[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster

[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster

[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster

[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon

[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster

[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon

[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade

[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software

[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam

[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade

[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon

[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon

[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32] =>Hijacker.SmartBar

[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS] =>Hijacker.SmartBar

[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade

[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent

[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade

[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon

[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade

[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon

[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon

[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade

[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM

[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade

[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade

[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade

[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon

[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon

[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon

[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon

[HKCU\Software\Cr_Installer] =>PUP.CrossRider

[HKCU\Software\Softonic] =>Toolbar.Conduit

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM

[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive

[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive

[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo

[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo

[HKLM\Software\Classes\Installer\Features\394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM

[HKLM\Software\Classes\Installer\Products\394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM

[HKLM\Software\Wow6432Node\Classes\Installer\Features\394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM

[HKLM\Software\Wow6432Node\Classes\Installer\Products\394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM

[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider

[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf] =>Hijacker.TornTV

[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider

[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider

[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro

[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro

[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask

[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask

[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC

[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector

[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector

[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511421146}] =>PUP.CrossRider

[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511421153}] =>PUP.CrossRider

[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522422246}] =>PUP.CrossRider

[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522422253}] =>PUP.CrossRider

[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}] =>PUP.CrossRider

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421153}] =>PUP.CrossRider

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider

[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220522422246}] =>PUP.CrossRider

[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220522422253}] =>PUP.CrossRider

[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods

[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods

[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods

[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167}] =>PUP.CrossRider

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^

C:\Users\Hervé\AppData\Roaming\Mozilla\Firefox\Profiles\c96ns2wb.default\extensions\ffxtlbr@buenosearch.com =>PUP.BuenoSearch^

C:\ProgramData\Babylon =>PUP.Babylon^

C:\ProgramData\WPM =>PUP.WpManager^

C:\Users\Hervé\AppData\Roaming\BabSolution =>Hijacker.BabSolution^

C:\Users\Hervé\AppData\Roaming\SupTab =>PUP.SupTab^

C:\ProgramData\Conduit =>Toolbar.Conduit

C:\Users\Hervé\AppData\Local\SearchProtect =>Toolbar.Conduit

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^

[HKCU\Software\BabSolution] =>Hijacker.BabSolution^

[HKCU\Software\Conduit] =>Toolbar.Conduit^

[HKCU\Software\TutoTag] =>Spyware.AgenceExclusive^

[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^

[HKLM\Software\Wow6432Node\TENCENT] =>Adware.TencentAddressBar^

[HKLM\Software\Wow6432Node\Vittalia] =>Adware.Vittalia^

[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^

[HKLM\Software\Wow6432Node\free_soft_to_day] =>Adware.FreeSoftToday^

[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^

[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^

C:\Program Files (x86)\CrxInstaller.dll =>PUP.Babylon^

C:\Users\Hervé\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit

~ Additionnel Scan: 480304 Items scanned in 00mn 16s

---\\ Récapitulatif des détections trouvées sur votre station

http://nicolascoolman.webs.com/apps/blog/show/34153565-pup-buenosearch =>PUP.BuenoSearch

http://nicolascoolman.webs.com/apps/blog/show/41962428-hijacker-webssearches =>Hijacker.WebsSearches

http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab

http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution

http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit

http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider

http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver

http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>Spyware.AgenceExclusive

http://nicolascoolman.webs.com/apps/blog/show/27668065-adware-tencentaddressbar =>Adware.TencentAddressBar

http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager

http://nicolascoolman.webs.com/apps/blog/show/33340107-adware-freesofttoday =>Adware.FreeSoftToday

http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon

http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9

http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro

http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar

http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM

http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster

http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade

http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software

http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo

http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma

http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv =>Hijacker.TornTV

http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask

http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector

http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods

~ MSI: 25 link(s) detected in 00mn 00s

~ 1581 Legitimates filtered by white list

End of the scan (786 lines in 03mn 45s)(0)

 

 

[pear]

Bonjour,

 

Avant de commencer
La désinfection peut nécessiter l'utilisation de plusieurs procédures qui sont parfois longues.
Il serait préférable que vous ne preniez aucune initiative qui pourrait les contrarier.
Veullez retenir que la désinfection n'est pas achevée avant qu'on vous le dise

Suivez cette procédure attentivement, point par point, et postez en les rapports dans l'ordre
Comment poster les rapports
Aller sur le site :Ci-Joint
Appuyez sur Parcourir et chercher les rapports sur le disque,
Cliquer sur Ouvrir
Cliquer sur Créer le lien CJoint,
>> dans la page suivante --> ,,
une adresse http//.. sera créée
Copier /coller cette adresse dans votre prochain message.

1)Si vous avez Adwcleaner depuis quelque temps, désinstallez le et installez la dernière version

Télécharger AdwCleaner
Sous Vista et Windows 7_ 8-> Exécuter en tant qu'administrateur
Afin de ne pas fausser les rapports,Scanner et Nettoyer ne doivent être lancés qu'une seule fois
Cliquez sur Scanner et postez le rapport généré C:\AdwCleaner[R1].txt


Nettoyage A faire sans délai
Relancez AdwCleaner avec droits administrateur
Cliquez sur Nettoyer Une seule fois pour ne pas perturber la procédure
et postez le rapport C:\AdwCleaner[s1].txt

2)Télécharger Junkware Removal Tool de thisisu
OS:Windows XP/Vista/7/8
Utilisable sur systèmes 32-bits et 64-bits

Clquez sur Jrt.exe avec droits administrateur.
Si votre antvirus râle,Vous le signalez comme acceptable dans les exceptions de votre antivirus
Une fenêtre noire s'ouvre qui vous dit de cliquer une touche pour lancer le scan.

L'outil va prendre quelques minutes pour fouiller votre machine.
Patientez jusqu'à l'apparition de Jrt.txt dont vous posterez le contenu.

3)

Téléchargez Malwarebytes Anti-Malware et enregistrez-le sur le Bureau.
Faites un double clic sur mbam-setup-2.0.0.1000.exe et suivez les invites pour installer le programme.
Cliquer Setting pour le mettre en Français
vérifiez que cette cases Lancer Malwarebytes Anti-Malware est bien cochée.
Un essai gratuit de 14 jours des fonctions de la version Premium(payante) est pré-sélectionné, décochez le.
Cela ne diminuera pas les capacités d'analyse et de suppression du programme.
Cliquez sur Terminer.



Dans l'onglet Paramètres > Sous-onglet Détection et Protection, Options de détection, cochez la case située devant Recherche de Rootkits
Sur le Tableau de bord, cliquez sur le lien Mettre à jour .
Si , par la suite, vos bases de données sont obsolètes vous en serez averti et invtié à Corriger maintenant.

Après la mise à jour,Connecter les supports amovibles (USB) et cliquer sur Examen-> Examen personnalisé
Cochez tout
cliquez sur le bouton Examiner maintenant .

Si des élémentss ont détectés, cliquez sur Appliquer les actions pour que MBAM nettoye ce qu'il a détecté.
Dans la plupart des cas, un redémarrage sera nécessaire.
Attendez l'affichage du message vous invitant à faire redémarrer le PC, puis cliquez sur Oui

(Copier dans le Presse-papiers pour coller dans une réponse sur le forum)
Après le redémarrage, quand vous êtes de retour sur le Bureau, ouvrez de nouveau MBAM.
Cliquez sur l'onglet Historique > Journaux de l'application.
Faites un double clic sur le Journal d'examen dont les date et heure correspondent à l'analyse qui vient d'être effectuée.
Cliquez sur Afficher puis Copier dans le Presse-papiers
Collez le contenu du Presse-papiers dans votre prochaine réponse.

4)Il faut Réinitialiser votre Navigateur
en cliquant ici

Cela desinstallera plugins et extensions que vous pourrez réinstaller avec la prudence nécessaire

5) rapport Zhpdiag
Téchargement de Zhpdiag

Double-cliquer sur ZHPDiag.exe pour installer l'outil
Il devrait y avoir 2 icônes sur le bureau ou dans le fichier d'installation de Zhpdiag.

Sous XP, double clic sur l'icône ZhpDiag
Sous Vista/7, faire un clic droit et Exécuter en tant qu'administrateur


Cliquer Configurer

Cliquez sur le bouton

et choisissez Tous
Pour éviter un blocage , Décochez 045 et 061
Cliquer Rechercher
Le rapport ZhpDiag.txt apparait sur le bureau

Modifié le 30 mars 2014 par pear

[artbroken]

Bonjour Pear,

 

Tout d'abord, merci pour votre aide. Je jois les rapports demandés mais j'ai une question.

 

Je possède Mbam en version pro puis je l'utiliser (elle fonctionne tjs) pour l'étape Malwarebytes ou dois je télécharger la version que vous m'indiquez ???

 

mbam 1.75.0.1300 - v2014.03.30.02 ma version ne serait donc plus approprié ?????

 

++++++++++++++++++++++

 

AdwCleaner[R1]

http://cjoint.com/?DCEoWAvqkfp

 

AdwCleaner[s0]

http://cjoint.com/?DCEoXLN8Vyh

 

JRT

http://cjoint.com/?DCEpgfd0Sxa

[pear]

Important:
*- Si vous utilisez Malwarebytes Anti-Malware PRO, il faut le désinstaller et faire redémarrer le PC, avant d'installer la version 2.0

Mais les licences "à vie" de la version 1.x seront reportées sur la version 2.x.

Modifié le 30 mars 2014 par pear

[artbroken]

bonjour Pear,

 

Je ne parviens pas à trouver Mbam 2.0 quand je clique sur le lien j'ai ceci :

 

http://cjoint.com/?DCFo3cicdN6

 

ok, donc je pourrai garder la version 2 et entrer ma license par la suite. ?

Modifié le 31 mars 2014 par artbroken

[pear]

Il semble y avoir un problème sur lr site de Mbam.

Vous tenterez plus tard.

 

 

je pourrai garder la version 2 et entrer ma license par la suite. ?

Oui, c'est ce que j'en ai compris.

[artbroken]

J'ai réussi en passant par le site de fileHIppo => http://www.filehippo.com/fr/download_malwarebytes_anti_malware/tech/

Examen en cours.

J'ai bien l'impression qu'il m'a mit la clef tout seul ????????? Je viens de cliquer sur l'onglet "mon compte" du log et les chiffres correspondent à mon ID !!

Comment a t'il trouvé, mystère loll

 

voir ici : http://cjoint.com/?DCFpXYtPtFA

 

Ps: le temps que je suis un peu Hors sujet, j'ai remarqué que beaucoup de choses ne sont plus à jour, il y en a certaines comme pour la CG où il me semble il faille d'abord désinstaller le pilote précédent etc.

Je n'ai pas regardé mais il me semble même être repassé sous directx 9 ?? wow je vais finir par le coder ce pc que l'on y touche plus lollll nan mais !!

 

Je ne suis pas sur de moi je compte demander de l'aide en espérant que pour de simple MAJ ma demande sera prise en compte si je poste dans la section optimisation

Modifié le 31 mars 2014 par artbroken

[pear]

 

je compte demander de l'aide en espérant que pour de simple MAJ ma demande sera prise en compte si je poste dans la section optimisation

Ce sera pris en compte.

 

Vous pouvez vérifier votre machine avec http://www.ma-config.com/fr/

Modifié le 31 mars 2014 par pear

[artbroken]

Voilà examen terminé et... c'est décidé je vais écouter les conseils de ceux qui me disent de créer des comptes utilisateurs, j'ai trouvé (Mbam a trouvé) des fichiers style "facehacker" et bien d'autres cochoneries, ah les d'jeuns loll , je sais d'où ça vient grrrrrrrrr majeur mais aie aie le martinet va chauffer mdrrr (non je plaisante lol).

DOnc voici les rapports :

Mbam : http://cjoint.com/?DCFqRjrTxr7

ZHPDIag : http://cjoint.com/?DCFq63b1PDM

oui, merci pour le lien maconfig, c'est en faisant une détection que j'ai remarqué tout ce qui n'était pas à jour

Modifié le 31 mars 2014 par artbroken

[pear]

N'oubliez pas le point 4) de la procédure.

 

Vous devez trouver les 2 icônes Zhpdiag, Zhpfix. sur le bureau

ou sinon dans le dossier où vous avez installé Zhpdiag (Program files ->Zhpdiag ->Zhpfix)
Cliquer sur l'icône Zhpfix
Sous Vista/7 clic-droit, "Exécuter En tant qu'Administrateur
Copiez/Collez les lignes vertes dans le cadre ci dessous:
pour cela;
Clic gauche maintenu enfoncé, Balayer l'ensemble du texte à copier avec la souris pour le mettre en surbrillance ,de gauche à droite et de haut en bas
Ctrl+c mettre le tout en mémoire
Cliquer Importer
pour inscrire le texte dans la fenêtre vide qui s'ouvre

[

Script Zhpfix

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified
G0 - GCSP: Preference [user Data\Default][HomePage]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- F:\Firefox\firefox.exe
O4 - GS\QuickLaunch [Hervé]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Hervé]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Hervé]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Hervé]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Hervé]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- F:\Firefox\firefox.exe
[HKLM\Software\Wow6432Node\free_soft_to_day]
O53 - SMSR:HKLM\...\startupreg\fst_fr_134 [Key] . (...) -- C:\Program Files (x86)\fst_fr_134\fst_fr_134.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Optimizer Pro [Key] . (...) -- C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (.not file.)
[MD5.96213449FE526C89A0DE6D814097F8B2] [sPRF][2013-11-14] (.Babylon Ltd. - CRX Installer.) -- C:\Program Files (x86)\CrxInstaller.dll [166384]
O87 - FAEL: "{7423C8AC-7C24-433C-8C76-A5FDFC928AF1}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)
O87 - FAEL: "{E876FDD9-8A7C-4DB9-A737-8B99D83924FE}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)
O90 - PUC: "394E2E69484C3E34B9596DE27E4DD0A3" . (.Toolbar 4.7 by SweetPacks.) -- C:\Windows\Installer\{96E2E493-C484-43E3-9B95-D62EE7D40D3A}\ARPPRODUCTICON.exe
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\fst_fr_134]
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B]
[HKLM\Software\Classes\Installer\Features\394E2E69484C3E34B9596DE27E4DD0A3]
[HKLM\Software\Classes\Installer\Products\394E2E69484C3E34B9596DE27E4DD0A3]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\394E2E69484C3E34B9596DE27E4DD0A3]
[HKLM\Software\Wow6432Node\Classes\Installer\Features\394E2E69484C3E34B9596DE27E4DD0A3]
[HKLM\Software\Wow6432Node\Classes\Installer\Products\394E2E69484C3E34B9596DE27E4DD0A3]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836]
[HKLM\Software\Wow6432Node\free_soft_to_day]
C:\Program Files (x86)\CrxInstaller.dll
O4 - GS\QuickLaunch [Hervé]: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- F:\pokerstar\PokerStarsUpdate.exe
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
O4 - HKUS\S-1-5-21-873311265-2648897643-4050429337-1001\..\Run: [AdobeBridge] Clé orpheline
[MD5.00000000000000000000000000000000] [APT] [{A1FF5B2C-B2CC-4877-A66F-C26710D75506}] (...) -- C:\Users\Hervé\Desktop\Il2_412_DS.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DD531431-247B-40B3-8F9A-C80227182DD0}] (...) -- H:\Program Files\archi3D\Architecte3D_ContentPack.exe (.not file.) [0]
O43 - CFD: 2012-11-20 - 19:56:03 - [0] ----D C:\ProgramData\xml_param
O43 - CFD: 2011-08-09 - 06:20:58 - [0,128] ----D C:\Users\Hervé\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 2013-06-05 - 00:03:07 - [0,679] ----D C:\Users\Hervé\AppData\Local\PokerStars.FR
O44 - LFC:[MD5.60B5B75F3095EED44CC84FBF355675CD] - 2014-03-24 - 13:33:49 ---A- . (...) -- C:\Windows\DirectX.log [546484]
O53 - SMSR:HKLM\...\startupreg\BEWINTERNET-FR-DMGP-V2SessionManager [Key] . (...) -- F:\SessionManager\SessionManager.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\DriverTurbo [Key] . (...) -- F:\DriverTurbo\DriverTurbo.exe (.not file.)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- Chrome.exe (.not file.)
O87 - FAEL: "{52CF1D0B-9EDF-4990-A966-163DB881B143}" |In - Private - P6 - TRUE | .(...) -- F:\boincmgr.exe (.not file.)
O87 - FAEL: "{38BFB3FA-E975-49E0-B3DE-2E3F5FC8602A}" |In - Private - P17 - TRUE | .(...) -- F:\boincmgr.exe (.not file.)
O87 - FAEL: "{117AE7EF-EC9D-4434-9CC0-A91DC5DDA91E}" |In - Domain - P6 - FALSE | .(...) -- F:\boincmgr.exe (.not file.)
O87 - FAEL: "{893E8AE7-687A-49D4-BFBE-5D2A8923D5F6}" |In - Domain - P17 - FALSE | .(...) -- F:\boincmgr.exe (.not file.)
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3880]
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-873311265-2648897643-4050429337-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Hervé\AppData\Local\Temp\dlLogic.exe




EmptyPrefetch
EmptyTemp
EmptyClsid
Emptyflash
FirewallRaz
Ifeofix
Proxyfix
ShortcutFix
SysRestore




Cliquer sur "Go" en bas, à gauche

Redémarrer pour achever le nettoyage.

Copier-coller,dans la réponse, le contenu du rapport ZHPFixReport.txt qui s'affiche .
Si besoin; il est enregistré sous C:\ZHP\ZHPFixReport.txt



Télécharger SFTGC.exe
sur le Bureau, impérativement sous peine de risquer un plantage

Il peut être nécessaire de fermer ou désactiver tous les programmes Antivirus, Antispyware, Pare-feu actifs car ils pourraient perturber le fonctionnement de cet outil
Certains outils sont parfois detectés par votre Anti-virus ou votre Anti-Malware comme étant un "RiskTool", un virus ou un "Trojan", or ce n'est pas le cas.
Comment désactiver les protections résidentes
Bien évidemment, vous les rétablirez ensuite.

Sous XP, double cliquer sur le fichier.
Sous Vista/7/8, clic droit sur le fichier pour Exécuter en tant qu'administrateur.

Après l'initialisation, cliquer sur Gopour lancer le nettoyage.

Un rapport va s'ouvrir à la fin.
Ce rapport est sur le bureau (SFT.txt)