Pub Boxore sur Firefox

alonzo -  
Malekal_morte- Messages postés 184347 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,

J'ai une pub lors de mes recherches Google sur Firefox.
Awcleaner n'a pas résolu mon problème.

Voici mon scan ZHP: 

~ Rapport de ZHPDiag v2013.10.1.2 - Nicolas Coolman  (01/10/2013)
~ Lancé par hp (02/10/2013 09:21:37)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du système
CCleaner v3.10 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 485 GB (83%) free of 583 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-HP
~ User Name: hp
~ All Users Names: hp, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\hp\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\hp\AppData\Roaming\
~ %Desktop% : C:\Users\hp\Desktop\
~ %Favorites% : C:\Users\hp\Favorites\
~ %LocalAppData% : C:\Users\hp\AppData\Local\
~ %StartMenu% : C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 485 Go of 583 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.E959CB9D1B32386D48683969EFAA8C7D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.03/08/2013 - 05:31:10.) -- C:\Windows\System32\wininet.dll [1032192]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/01/2012 - 15:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.E68D9B3A3905619732F7FE039466A623] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 08:15:00.) -- C:\Windows\system32\Drivers\atapi.sys [20952]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/38
~ Mes musiques (My Musics) : 1/37
~ Mes Videos (My Videos) : 1/33
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 1/25
~ Mon Bureau (My Desktop) : 1/167
~ Menu demarrer (Programs) : 1/29
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processus lancés
[MD5.22D2E3728D473FED0B2C8B73C2207B88] - (.Microsoft Corporation - Tablet PC Input Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe   [10240] [PID.2084]
[MD5.3C4B9C6E0EB1BCB22992B9DDD16AAA67] - (.Hewlett-Packard - HP TouchSmart Calendar & Notes.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe   [26416] [PID.3416]
[MD5.9F37F219528DD026DCB195F653469DF0] - (.Analog Devices, Inc. - SoundMAX Audio Settings (32-bit).) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe   [3842048] [PID.2576]
[MD5.4D4577D203A7408A1F6A2C21F2C069FE] - (.Hewlett-Packard - SmartCenter.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe   [3658032] [PID.1832]
[MD5.7D63A536952AF62EE677BB5875A881B8] - (.Hewlett-Packard - Keyboard & Mouse Battery volume Detection.) -- C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.exe   [464384] [PID.2256]
[MD5.397D8E3E9B170B04FFB4D1C60DE44A24] - (...) -- C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe   [208896] [PID.4064]
[MD5.77F32D4D20DBE3CD74969FF8A1CB8DB2] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe   [210216] [PID.3960]
[MD5.1A8D16E71C8A080510FE0B84B934234C] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe   [1148200] [PID.3872]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4858968] [PID.3324]
[MD5.EB69002A84B7DE25578BB2F3E6EF203A] - (.Hewlett-Packard - OSD MFC Application.) -- C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\HWManager.exe   [2199552] [PID.2708]
[MD5.F50EC37C6396A2FA0D2283734D5D4BFF] - (...) -- C:\Windows\SysWOW64\OSDFORM.exe   [102400] [PID.3316]
[MD5.B021D9A009D449AF61422161E51CE98F] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe   [304128] [PID.4676]
[MD5.4B8D74EEED201335C5B9404E1BAD10C1] - (.CyberLink Corp. - HP TouchSmart Music Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe   [324904] [PID.2204]
[MD5.EC5768B729221C807D7080665039C97C] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe   [1140008] [PID.2368]
[MD5.16048FC365CDAF3F7C2D3FD79E4467C5] - (.Hewlett-Packard - HP TouchSmart Notes.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Notes\LifeCenterNotes.exe   [7451440] [PID.4008]
[MD5.88AE8105F9D14E952628E5BDA04CB79B] - (.CyberLink Corp. - HP TouchSmart Photo Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe   [324904] [PID.3936]
[MD5.48B1D11198390DFB021FAE6E009AA5D7] - (.Hewlett-Packard - HP TouchSmart Calendar.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\LifeCenterCalendar.exe   [3448112] [PID.5096]
[MD5.F04DE959DBA808680668616683D64B53] - (.Hewlett-Packard - Clock.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Clock\Clock.exe   [368432] [PID.1136]
[MD5.A035A7BF5132682F53F1E7B955690CE7] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe   [241734] [PID.2928]
[MD5.C35C60F188D9A4D8C1728994288A7F27] - (.Hewlett-Packard - Messages.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.exe   [80176] [PID.5208]
[MD5.6AA6BCA587AD4AB944A8EB3C8691EB63] - (.Hewlett-Packard - Controls.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.exe   [80176] [PID.5264]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\SysWOW64\conime.exe   [69120] [PID.4392]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [274840] [PID.4900]
[MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe   [17816] [PID.5296]
[MD5.18F20138A715E0677A24A0986BC9AEA2] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe   [1862024] [PID.6060]
[MD5.037BA4C6B4A569B23FD2BCC5152E5CF6] - (.Hewlett-Packard - HP.CPC.TS.) -- c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe   [65536] [PID.3568]
[MD5.C0ADE9E803D678DDA85ECA7CF8ACF1AF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8033792] [PID.4804]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65640] [PID.2760]
[MD5.64527A9EA9D4E8956FFD2B4AFA4C9131] - (.Hewlett-Packard - HP TouchSmart Calendar.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe   [21296] [PID.2956]
[MD5.6D45DCE299CC7B52CDDF2A6DC26C7BBC] - (.Hewlett-Packard - HP.CPC.TS.S.) -- c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.exe   [100864] [PID.2200]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [46808] [PID.2544]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [akdojefgphalhhkagafpcoakgboeokdl] Tiger Savings v.1.23.72, (Activé) =>PUP.SpecialSavings
G2 - GCE: Preference [User Data\Default] [gfhdkohbepelnfckgjinfddmecpngnpb] Lyric Star v.1.111 (Activé) =>Adware.AddLyrics
~ Google Browser: 13 Legitimates Filtered in 00mn 14s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\soc39s8n.default\prefs.js
M3 - MFPP: Plugins - [hp] -- C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\soc39s8n.default\searchplugins\bingp.xml
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Aide et support.lnk - Clé orpheline
O4 - GS\Desktop [Public]: HP TouchSmart.lnk . (.Hewlett-Packard - SmartCenter.)  -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.)  -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: Ulead Photo Explorer 8.0 SE Basic.lnk . (.Ulead Systems, Inc. - Ulead Photo Explorer.)  -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\pex.exe
O4 - GS\Program [Public]: HP MediaSmart DVD.lnk . (.CyberLink Corp. - HP DVDSmart Main Program.)  -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
O4 - GS\Program [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard - HP Advisor.)  -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\Program [Public]: Optimize for Mouse.lnk . (.Hewlett-Packard Development Company, L.P. - HPTouchTweaks.)  -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Optimizer\HPTouchTweaks.exe
O4 - GS\Program [Public]: Optimize for Touch.lnk . (.Hewlett-Packard Development Company, L.P. - HPTouchTweaks.)  -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Optimizer\HPTouchTweaks.exe
O4 - GS\Program [Public]: Windows Journal.lnk . (...)  -- C:\Program Files (x86)\Windows Journal\Journal.exe (.not file.)
O4 - GS\QuickLaunch [hp]: Ulead Photo Explorer 8.0 SE Basic.lnk . (.Ulead Systems, Inc. - Ulead Photo Explorer.)  -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\pex.exe
O4 - GS\Desktop [hp]: Mes numérisations.lnk . (...)  -- C:\Users\hp\Documents\Mes numérisations
O4 - GS\Desktop [hp]: photos mariage - Raccourci.lnk . (...)  -- C:\Users\hp\Desktop\photos mariage
O4 - GS\Desktop [hp]: Scanner et appareils photo - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [hp]: Solitaire.lnk . (...)  -- C:\Program Files (x86)\Microsoft Games\Solitaire\Solitaire.exe (.not file.)
O4 - GS\Desktop [hp]: Son - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [hp]: YouCam(Webcam).lnk . (.CyberLink Corp. - CyberLink YouCam.)  -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
~ Global Startup: 87 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [SoundMAX] . (.Analog Devices, Inc. - SoundMAX Audio Settings (32-bit).) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe  =>.Microsoft Corporation
O4 - HKCU\..\Run: [HPSmartCenterBoot] . (.Hewlett-Packard - SmartCenter.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems, Inc. - Adobe Flash Player Helper 10.0 r42.) -- C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
O4 - HKLM\..\Wow6432Node\Run: [OsdMaestro] . (.OsdMaestro - OsdMaestro main program.) -- c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Wow6432Node\Run: [HP KEYBOARD] . (.Hewlett-Packard - Keyboard & Mouse Battery volume Detection.) -- C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.exe
O4 - HKLM\..\Wow6432Node\Run: [Buttons & OSDs control application gen2] . (...) -- C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Wow6432Node\Run: [UCam_Menu] . (.CyberLink Corp. - StartMen Application.) -- c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer for HP TouchSmart] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [DVDAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [NPSStartup] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [tuto4pc_fr_51] Clé orpheline =>PUP.Eorezo
O4 - HKLM\..\Wow6432Node\Run: [tuto4pc_fr_30] Clé orpheline =>PUP.Eorezo
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe  =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\Windows\SMINST\launcher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]  oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter]  oobefldr.dll
O4 - HKUS\S-1-5-21-2134054756-2960757253-1771692848-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2134054756-2960757253-1771692848-1000\..\Run: [HPSmartCenterBoot] . (.Hewlett-Packard - SmartCenter.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
O4 - HKUS\S-1-5-21-2134054756-2960757253-1771692848-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems, Inc. - Adobe Flash Player Helper 10.0 r42.) -- C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F842EF7F-F35F-44F2-8CB2-D078D80CD330}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F842EF7F-F35F-44F2-8CB2-D078D80CD330}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO:  Scanned in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\Wallpaper\img22.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{7CB075E3-DC10-4F49-B6D5-47C4B22C8E46}] (...) -- E:\Install.exe (.not file.)   [0]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Buttons & OSDs control application gen2 - (...) [HKLM][64Bits] -- {5A627DFB-EA4C-4FFA-B711-69E849FB40D8}
~ Logic: 137 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\yahooinstall]
~ Key Software: 204 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/08/2013 - 21:48:34 - [0] ----D C:\Program Files (x86)\majtuto4pc_fr_a2 =>PUP.Eorezo
O43 - CFD: 11/09/2011 - 19:14:39 - [0,004] ----D C:\ProgramData\273E0
O43 - CFD: 22/05/2013 - 22:03:35 - [0] ----D C:\ProgramData\?
O43 - CFD: 21/09/2011 - 19:26:32 - [0] ----D C:\Users\hp\AppData\Local\PowerChallenge
O43 - CFD: 25/06/2013 - 23:06:07 - [0] ----D C:\Users\hp\AppData\Local\Updater12767 =>PUP.CrossRider
~ 1122 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1407 Legitimates Filtered in 00mn 19s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.926F83787E8275098FA5A2B544016C1F] - 02/10/2013 - 08:21:42 ---A- . (...) -- C:\Windows\SysNative\spsys.log   [11560]
O44 - LFC:[MD5.926F83787E8275098FA5A2B544016C1F] - 02/10/2013 - 08:21:42 ---A- . (...) -- C:\Windows\System32\spsys.log   [11560]
O44 - LFC:[MD5.9C35AFD4A524723CC1B1A005C161DA0E] - 23/09/2013 - 14:12:40 ---A- . (...) -- C:\Windows\ntbtlog.txt   [162912]
~ Files: 19 Legitimates Filtered in 00mn 02s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\SiteRanker  [Key] . (...) -- C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (.not file.)
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.A45E9103A83A88F9231F6E7EC7E01DE5] - 03/04/2008 - 16:30:44 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys   [499200]
O58 - SDL:[MD5.B573984F1AE1A0C6C158B73A30285A2D] - 26/04/2005 - 17:42:48 ---A- . (...) -- C:\Windows\SysWOW64\drivers\MPIXVID.SYS   [104593]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {A47B01BE-9929-4A39-B0B0-2EBEA084E86E} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {A6D6E1CE-B81F-4691-8A61-C91AA3BED4B9} - (Kelkoo) - http://fr.kelkoopartners.net
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.17D5010B8D4651A779CA8F026D964AF8] [SPRF][04/07/2013] (...) -- C:\ProgramData\nvModes.dat   [42274]
[MD5.659CFA189053DE3531DBFD7746CAF9FF] [SPRF][21/09/2013] (...) -- C:\Users\hp\AppData\Local\d3d9caps.dat   [680]
[MD5.CFB072CE8C7F5444A8A0DFA1665AB44F] [SPRF][23/12/2010] (...) -- C:\Users\hp\AppData\Local\fusioncache.dat   [90]
[MD5.8108782EBC0385F3E1482B65AAB8FAD4] [SPRF][20/09/2011] (.ALWIL Software - avast! v5 upgrade support library.) -- C:\Users\hp\AppData\Local\Temp\aswV5Hlp.dll   [5120]
[MD5.5980FAECF83024065D003A9E5F6FAF8F] [SPRF][23/03/2013] (...) -- C:\Users\hp\AppData\Local\Temp\defaultCache.reg   [1008052]
[MD5.31D1A69DCF8733C7F0C0BEC3ECB20D79] [SPRF][24/04/2013] (.Pas de propriétaire - Lyric Star.) -- C:\Users\hp\AppData\Local\Temp\happyl.exe   [285552]  =>Adware.AddLyrics
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][23/04/2013] (...) -- C:\Users\hp\AppData\Local\Temp\installerp.exe   [0]
[MD5.ED3C62E0A7ADD3A95AC6074581856CE4] [SPRF][22/03/2013] (...) -- C:\Users\hp\AppData\Local\Temp\itinstallerp.exe   [1758528]
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\hp\AppData\Local\Temp\Quarantine.exe   [344583]
[MD5.8DE9D8FDA8DF6DD2E1B99A1F297FAA8A] [SPRF][17/07/2013] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\hp\AppData\Local\Temp\tbSof2.dll   [5134624]  =>Toolbar.Conduit
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][04/03/2013] (...) -- C:\Users\hp\AppData\Local\Temp\TB_AE.exe   [0]
[MD5.F3A10836603E03A28CAF404B29328F92] [SPRF][07/04/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\hp\AppData\Local\Temp\uninst1.exe   [394320]  =>Toolbar.Babylon
[MD5.621DF5183023F9B926FA6EF07DE3BE00] [SPRF][22/09/2013] (...) -- C:\Users\hp\AppData\Roaming\wklnhst.dat   [4048]
~ Files: 19 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{B8996006-37F2-454A-A77E-87C13949D337}C:\users\hp\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\hp\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe (.not file.)
O87 - FAEL: "UDP Query User{8A16A6B5-DC5E-4E8E-B64A-27E79FA1FA14}C:\users\hp\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\hp\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe (.not file.)
O87 - FAEL: "{CC14B9F8-A966-4E06-A514-0853FBF4FE17}" |In - None - P17 - TRUE | .(...) -- E:\setup\hpznui40.exe (.not file.)
~ Firewall: 191 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "D21EC9447C2E79B41BE9551D36AE4953" . (.Bing Bar.) -- C:\Windows\Installer\{449CE12D-E2C7-4B97-B19E-55D163EA9435}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "DF42B2AC01EE9B240B94AA0862E8E712" . (.Boxore Client.) -- C:\Windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =>Adware.Boxore
~ Update Products: 112 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.6FA9BD53FB61CE9C2E6643EC166A63D8] [WIS][27/08/2010] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\17d181e.msi   [121344]
[MD5.3E7F633C2A40964A4CB96E8410B9B172] [WIS][27/08/2010] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\17d1847.msi   [648192]
[MD5.83C1E460B1CE7FDE3E9CDFD430F5E952] [WIS][27/08/2010] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\17d1867.msi   [121344]
[MD5.C62161DB088D8AFDCEB747A0291F8051] [WIS][27/08/2010] (.DocumentViewerQFolder - DocumentViewerQFolder.) -- C:\Windows\Installer\17d1877.msi   [121344]
[MD5.E94265E23E11BF800112AB10EBF8F722] [WIS][23/03/2013] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\23cf1c.msi   [24576]  =>Adware.Boxore
[MD5.2FE2C12824D4A3813BA1AD8E5888B160] [WIS][16/08/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\641e71.msi   [474624]  =>Adware.Boxore
[MD5.DD19AFD4E98B0385DA24196C0B59B46A] [WIS][01/08/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\811d7.msi   [1615360]
~ WIS: 115 Legitimates Filtered in 00mn 05s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 10/09/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 19/10/2007 89600 |  (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SR - | Auto 30/08/2013 46808 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 01/04/2011 183560 |  (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SR - | Auto 14/05/2008 796712 |  (btwdins) . (.Broadcom Corporation..) - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SR - | Auto 08/07/2008 21296 |  (CalendarSynchService) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
SS - | Demand 29/03/2008 165416 |  (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
SS - | Auto 25/03/2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/03/2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 02/06/2008 94208 |  (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 10/07/2008 100864 |  (HP Touch Screen Enhance) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.exe
SR - | Demand 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 17/12/2009 243056 |  (maconfservice) . (.CybelSoft.) - C:\Program Files (x86)\ma-config.com\maconfservice.exe
SS - | Demand 23/09/2013 118680 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 24/06/2008 51200 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/03/2011 249648 |  (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SS - | Auto 21/06/2013 162408 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/05/2008 32240 |  ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.Cyberlink Corp..) - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
~ Services:  Scanned in 00mn 08s



---\\ Scan Additionnel (O88)
Database Version : 12932 - (01/10/2013)
Clés trouvées (Keys found) : 21
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 3
Fichiers trouvés  (Files found) : 12

[HKLM\Software\Google\Chrome\Extensions\akdojefgphalhhkagafpcoakgboeokdl]   =>PUP.SpecialSavings^
[HKLM\Software\Google\Chrome\Extensions\gfhdkohbepelnfckgjinfddmecpngnpb]   =>Adware.AddLyrics^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160]   =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24]   =>Adware.PredictAd
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\AppGraffiti]   =>PUP.AppGraffiti
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent]   =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Inbox Toolbar]   =>Adware.WebAdSystem
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Tuto4pc]   =>PUP.Eorezo
[HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8]   =>Adware.Boxore
[HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8]   =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8]   =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
[HKCU\Software\AppDataLow\Software\LyricStar]   =>Adware.AddLyrics
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220122272267}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167}]   =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C]   =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584]   =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA]   =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:tuto4pc_fr_51   =>PUP.Eorezo^
C:\Program Files (x86)\majtuto4pc_fr_a2   =>PUP.Eorezo^
C:\Users\hp\AppData\Local\Updater12767   =>PUP.CrossRider^
C:\Users\hp\AppData\Local\Software   =>Adware.Boxore
C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdojefgphalhhkagafpcoakgboeokdl   =>PUP.SpecialSavings^
C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhdkohbepelnfckgjinfddmecpngnpb   =>Adware.AddLyrics^
C:\Users\hp\AppData\Local\Temp\happyl.exe   =>Adware.AddLyrics^
C:\Users\hp\AppData\Local\Temp\tbSof2.dll   =>Toolbar.Conduit^
C:\Users\hp\AppData\Local\Temp\uninst1.exe   =>Toolbar.Babylon^
C:\Windows\Installer\{449CE12D-E2C7-4B97-B19E-55D163EA9435}\icon_installer_ico   =>Toolbar.Bing^
C:\Windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico   =>Adware.Boxore^
C:\Windows\Installer\23cf1c.msi   =>Adware.Boxore^
C:\Windows\Installer\641e71.msi   =>Adware.Boxore^
C:\Users\hp\AppData\Local\Temp\GoogleToolbarInstaller1.log  =>Toolbar.Babylon
~ Additionnel Scan: 406752 Items scanned in 01mn 28s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26686441-pup-specialsavings  ; =>PUP.SpecialSavings
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics ; =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo  ; =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider  ; =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch  ; =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit  ; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon ; =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing   ; =>Toolbar.Bing
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore ; =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad  ; =>Adware.PredictAd
~ http://nicolascoolman.webs.com/apps/blog/show/26611535-pup-appgraffiti ; =>PUP.AppGraffiti
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster ; =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27531758-adware-webadsystem  ; =>Adware.WebAdSystem
~ MSI: 13 link(s) detected in 01mn 28s



~ 2256 Legitimates filtered by white list
End of the scan (515 lines in 02mn 47s)(0)

Pouvez vous m'aider?
Merci beaucoup.
A voir également:

5 réponses

Réponse 1 / 5
Malekal_morte- Messages postés 184347 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 689
 
Salut,

Tu as des adwares sur ton PC.
Passe ces deux programmes dans l'ordre.
Lis bien les instructions, clics sur les liens et lis bien aussi.
Prends ton temps.

Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
!!! Malwarebyte doit être à jour avant de faire le scan !!!
Coche tout en faisant un clic droit / cocher tout
puis bouton supprimer sélection pour tout supprimer.

puis :

Télécharge https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
Sur la page d'AdwCleaner, à droite, clic sur la disquette grise avec la flèche verte pour lancer le téléchargement.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

0
Réponse 2 / 5
alonzo
 
Bonjour Malekal_Morte;

Merci pour ta réponse.
En fait, mon ZHP a été fait après Awcleaner et après MBAM. Cependant, j'ai supprimé ces rapports. Souhaites tu que je les repasse?

Merci beaucoup :-)
0
Réponse 3 / 5
Malekal_morte- Messages postés 184347 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 689
 
au moins AdwCleaner pour voir la version :)
0
Réponse 4 / 5
alonzo
 
OK pas de problème !

Voici:
# AdwCleaner v3.006 - Rapport créé le 03/10/2013 à 12:16:31
# Mis à jour le 01/10/2013 par Xplode
# Système d'exploitation : Windows Vista Home Premium Edition Service Pack 2 ( 64bits )
# Nom d'utilisateur : hp
# Exécuté depuis : C:\Users\hp\Downloads\adwcleaner.exe
# Option : Scanner

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (fr)

[ Fichier : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\kcd7tr63.default\prefs.js ]


-\\ Google Chrome v

[ Fichier : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************



++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Malekal_morte- Messages postés 184347 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 689
 
Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :



netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%windir%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
services.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
CREATERESTOREPOINT
nslookup https://www.google.fr/?gws_rd=ssl /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs



* Clique sur le bouton Analyse.

* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans une réponse.
Je répète : donne le lien du rapport pjjoint ici en réponse.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE


0

Discussions similaires

Ouvrir un fichier .pub sans Publisher
baissaoui -
baissaoui -

0 réponse
Méssage Firefox ''Couldn't load XPCOM''
pistouri -
pistouri -

0 réponse
Ouvrir document Publisher sans Publisher
Curtis Hayes -
Curtis Hayes -

7 réponses
lire un fichier .pub
xycoco -
Valou -

38 réponses