Pub Boxore sur Firefox

Fermé
alonzo - 2 oct. 2013 à 20:47
Malekal_morte- Messages postés 180242 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 3 oct. 2013 à 12:27
Bonjour,

J'ai une pub lors de mes recherches Google sur Firefox.
Awcleaner n'a pas résolu mon problème.

Voici mon scan ZHP:

~ Rapport de ZHPDiag v2013.10.1.2 - Nicolas Coolman (01/10/2013)
~ Lancé par hp (02/10/2013 09:21:37)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du système
CCleaner v3.10 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 485 GB (83%) free of 583 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-HP
~ User Name: hp
~ All Users Names: hp, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\hp\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\hp\AppData\Roaming\
~ %Desktop% : C:\Users\hp\Desktop\
~ %Favorites% : C:\Users\hp\Favorites\
~ %LocalAppData% : C:\Users\hp\AppData\Local\
~ %StartMenu% : C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 485 Go of 583 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.E959CB9D1B32386D48683969EFAA8C7D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.03/08/2013 - 05:31:10.) -- C:\Windows\System32\wininet.dll [1032192]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/01/2012 - 15:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.E68D9B3A3905619732F7FE039466A623] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 08:15:00.) -- C:\Windows\system32\Drivers\atapi.sys [20952]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/38
~ Mes musiques (My Musics) : 1/37
~ Mes Videos (My Videos) : 1/33
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 1/25
~ Mon Bureau (My Desktop) : 1/167
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.22D2E3728D473FED0B2C8B73C2207B88] - (.Microsoft Corporation - Tablet PC Input Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [10240] [PID.2084]
[MD5.3C4B9C6E0EB1BCB22992B9DDD16AAA67] - (.Hewlett-Packard - HP TouchSmart Calendar & Notes.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe [26416] [PID.3416]
[MD5.9F37F219528DD026DCB195F653469DF0] - (.Analog Devices, Inc. - SoundMAX Audio Settings (32-bit).) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe [3842048] [PID.2576]
[MD5.4D4577D203A7408A1F6A2C21F2C069FE] - (.Hewlett-Packard - SmartCenter.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe [3658032] [PID.1832]
[MD5.7D63A536952AF62EE677BB5875A881B8] - (.Hewlett-Packard - Keyboard & Mouse Battery volume Detection.) -- C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.exe [464384] [PID.2256]
[MD5.397D8E3E9B170B04FFB4D1C60DE44A24] - (...) -- C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe [208896] [PID.4064]
[MD5.77F32D4D20DBE3CD74969FF8A1CB8DB2] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216] [PID.3960]
[MD5.1A8D16E71C8A080510FE0B84B934234C] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200] [PID.3872]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3324]
[MD5.EB69002A84B7DE25578BB2F3E6EF203A] - (.Hewlett-Packard - OSD MFC Application.) -- C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\HWManager.exe [2199552] [PID.2708]
[MD5.F50EC37C6396A2FA0D2283734D5D4BFF] - (...) -- C:\Windows\SysWOW64\OSDFORM.exe [102400] [PID.3316]
[MD5.B021D9A009D449AF61422161E51CE98F] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe [304128] [PID.4676]
[MD5.4B8D74EEED201335C5B9404E1BAD10C1] - (.CyberLink Corp. - HP TouchSmart Music Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe [324904] [PID.2204]
[MD5.EC5768B729221C807D7080665039C97C] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1140008] [PID.2368]
[MD5.16048FC365CDAF3F7C2D3FD79E4467C5] - (.Hewlett-Packard - HP TouchSmart Notes.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Notes\LifeCenterNotes.exe [7451440] [PID.4008]
[MD5.88AE8105F9D14E952628E5BDA04CB79B] - (.CyberLink Corp. - HP TouchSmart Photo Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe [324904] [PID.3936]
[MD5.48B1D11198390DFB021FAE6E009AA5D7] - (.Hewlett-Packard - HP TouchSmart Calendar.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\LifeCenterCalendar.exe [3448112] [PID.5096]
[MD5.F04DE959DBA808680668616683D64B53] - (.Hewlett-Packard - Clock.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Clock\Clock.exe [368432] [PID.1136]
[MD5.A035A7BF5132682F53F1E7B955690CE7] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [241734] [PID.2928]
[MD5.C35C60F188D9A4D8C1728994288A7F27] - (.Hewlett-Packard - Messages.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.exe [80176] [PID.5208]
[MD5.6AA6BCA587AD4AB944A8EB3C8691EB63] - (.Hewlett-Packard - Controls.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.exe [80176] [PID.5264]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\SysWOW64\conime.exe [69120] [PID.4392]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [274840] [PID.4900]
[MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17816] [PID.5296]
[MD5.18F20138A715E0677A24A0986BC9AEA2] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe [1862024] [PID.6060]
[MD5.037BA4C6B4A569B23FD2BCC5152E5CF6] - (.Hewlett-Packard - HP.CPC.TS.) -- c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe [65536] [PID.3568]
[MD5.C0ADE9E803D678DDA85ECA7CF8ACF1AF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8033792] [PID.4804]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2760]
[MD5.64527A9EA9D4E8956FFD2B4AFA4C9131] - (.Hewlett-Packard - HP TouchSmart Calendar.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [21296] [PID.2956]
[MD5.6D45DCE299CC7B52CDDF2A6DC26C7BBC] - (.Hewlett-Packard - HP.CPC.TS.S.) -- c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.exe [100864] [PID.2200]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.2544]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [akdojefgphalhhkagafpcoakgboeokdl] Tiger Savings v.1.23.72, (Activé) =>PUP.SpecialSavings
G2 - GCE: Preference [User Data\Default] [gfhdkohbepelnfckgjinfddmecpngnpb] Lyric Star v.1.111 (Activé) =>Adware.AddLyrics
~ Google Browser: 13 Legitimates Filtered in 00mn 14s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\soc39s8n.default\prefs.js
M3 - MFPP: Plugins - [hp] -- C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\soc39s8n.default\searchplugins\bingp.xml
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Aide et support.lnk - Clé orpheline
O4 - GS\Desktop [Public]: HP TouchSmart.lnk . (.Hewlett-Packard - SmartCenter.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: Ulead Photo Explorer 8.0 SE Basic.lnk . (.Ulead Systems, Inc. - Ulead Photo Explorer.) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\pex.exe
O4 - GS\Program [Public]: HP MediaSmart DVD.lnk . (.CyberLink Corp. - HP DVDSmart Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
O4 - GS\Program [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\Program [Public]: Optimize for Mouse.lnk . (.Hewlett-Packard Development Company, L.P. - HPTouchTweaks.) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Optimizer\HPTouchTweaks.exe
O4 - GS\Program [Public]: Optimize for Touch.lnk . (.Hewlett-Packard Development Company, L.P. - HPTouchTweaks.) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Optimizer\HPTouchTweaks.exe
O4 - GS\Program [Public]: Windows Journal.lnk . (...) -- C:\Program Files (x86)\Windows Journal\Journal.exe (.not file.)
O4 - GS\QuickLaunch [hp]: Ulead Photo Explorer 8.0 SE Basic.lnk . (.Ulead Systems, Inc. - Ulead Photo Explorer.) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\pex.exe
O4 - GS\Desktop [hp]: Mes numérisations.lnk . (...) -- C:\Users\hp\Documents\Mes numérisations
O4 - GS\Desktop [hp]: photos mariage - Raccourci.lnk . (...) -- C:\Users\hp\Desktop\photos mariage
O4 - GS\Desktop [hp]: Scanner et appareils photo - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [hp]: Solitaire.lnk . (...) -- C:\Program Files (x86)\Microsoft Games\Solitaire\Solitaire.exe (.not file.)
O4 - GS\Desktop [hp]: Son - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [hp]: YouCam(Webcam).lnk . (.CyberLink Corp. - CyberLink YouCam.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
~ Global Startup: 87 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [SoundMAX] . (.Analog Devices, Inc. - SoundMAX Audio Settings (32-bit).) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [HPSmartCenterBoot] . (.Hewlett-Packard - SmartCenter.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems, Inc. - Adobe Flash Player Helper 10.0 r42.) -- C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
O4 - HKLM\..\Wow6432Node\Run: [OsdMaestro] . (.OsdMaestro - OsdMaestro main program.) -- c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Wow6432Node\Run: [HP KEYBOARD] . (.Hewlett-Packard - Keyboard & Mouse Battery volume Detection.) -- C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.exe
O4 - HKLM\..\Wow6432Node\Run: [Buttons & OSDs control application gen2] . (...) -- C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Wow6432Node\Run: [UCam_Menu] . (.CyberLink Corp. - StartMen Application.) -- c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer for HP TouchSmart] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [DVDAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [NPSStartup] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [tuto4pc_fr_51] Clé orpheline =>PUP.Eorezo
O4 - HKLM\..\Wow6432Node\Run: [tuto4pc_fr_30] Clé orpheline =>PUP.Eorezo
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\Windows\SMINST\launcher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-2134054756-2960757253-1771692848-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2134054756-2960757253-1771692848-1000\..\Run: [HPSmartCenterBoot] . (.Hewlett-Packard - SmartCenter.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
O4 - HKUS\S-1-5-21-2134054756-2960757253-1771692848-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems, Inc. - Adobe Flash Player Helper 10.0 r42.) -- C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F842EF7F-F35F-44F2-8CB2-D078D80CD330}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F842EF7F-F35F-44F2-8CB2-D078D80CD330}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\Wallpaper\img22.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{7CB075E3-DC10-4F49-B6D5-47C4B22C8E46}] (...) -- E:\Install.exe (.not file.) [0]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Buttons & OSDs control application gen2 - (...) [HKLM][64Bits] -- {5A627DFB-EA4C-4FFA-B711-69E849FB40D8}
~ Logic: 137 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\yahooinstall]
~ Key Software: 204 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/08/2013 - 21:48:34 - [0] ----D C:\Program Files (x86)\majtuto4pc_fr_a2 =>PUP.Eorezo
O43 - CFD: 11/09/2011 - 19:14:39 - [0,004] ----D C:\ProgramData\273E0
O43 - CFD: 22/05/2013 - 22:03:35 - [0] ----D C:\ProgramData\?
O43 - CFD: 21/09/2011 - 19:26:32 - [0] ----D C:\Users\hp\AppData\Local\PowerChallenge
O43 - CFD: 25/06/2013 - 23:06:07 - [0] ----D C:\Users\hp\AppData\Local\Updater12767 =>PUP.CrossRider
~ 1122 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1407 Legitimates Filtered in 00mn 19s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.926F83787E8275098FA5A2B544016C1F] - 02/10/2013 - 08:21:42 ---A- . (...) -- C:\Windows\SysNative\spsys.log [11560]
O44 - LFC:[MD5.926F83787E8275098FA5A2B544016C1F] - 02/10/2013 - 08:21:42 ---A- . (...) -- C:\Windows\System32\spsys.log [11560]
O44 - LFC:[MD5.9C35AFD4A524723CC1B1A005C161DA0E] - 23/09/2013 - 14:12:40 ---A- . (...) -- C:\Windows\ntbtlog.txt [162912]
~ Files: 19 Legitimates Filtered in 00mn 02s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\SiteRanker [Key] . (...) -- C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (.not file.)
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.A45E9103A83A88F9231F6E7EC7E01DE5] - 03/04/2008 - 16:30:44 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [499200]
O58 - SDL:[MD5.B573984F1AE1A0C6C158B73A30285A2D] - 26/04/2005 - 17:42:48 ---A- . (...) -- C:\Windows\SysWOW64\drivers\MPIXVID.SYS [104593]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {A47B01BE-9929-4A39-B0B0-2EBEA084E86E} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {A6D6E1CE-B81F-4691-8A61-C91AA3BED4B9} - (Kelkoo) - http://fr.kelkoopartners.net
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.17D5010B8D4651A779CA8F026D964AF8] [SPRF][04/07/2013] (...) -- C:\ProgramData\nvModes.dat [42274]
[MD5.659CFA189053DE3531DBFD7746CAF9FF] [SPRF][21/09/2013] (...) -- C:\Users\hp\AppData\Local\d3d9caps.dat [680]
[MD5.CFB072CE8C7F5444A8A0DFA1665AB44F] [SPRF][23/12/2010] (...) -- C:\Users\hp\AppData\Local\fusioncache.dat [90]
[MD5.8108782EBC0385F3E1482B65AAB8FAD4] [SPRF][20/09/2011] (.ALWIL Software - avast! v5 upgrade support library.) -- C:\Users\hp\AppData\Local\Temp\aswV5Hlp.dll [5120]
[MD5.5980FAECF83024065D003A9E5F6FAF8F] [SPRF][23/03/2013] (...) -- C:\Users\hp\AppData\Local\Temp\defaultCache.reg [1008052]
[MD5.31D1A69DCF8733C7F0C0BEC3ECB20D79] [SPRF][24/04/2013] (.Pas de propriétaire - Lyric Star.) -- C:\Users\hp\AppData\Local\Temp\happyl.exe [285552] =>Adware.AddLyrics
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][23/04/2013] (...) -- C:\Users\hp\AppData\Local\Temp\installerp.exe [0]
[MD5.ED3C62E0A7ADD3A95AC6074581856CE4] [SPRF][22/03/2013] (...) -- C:\Users\hp\AppData\Local\Temp\itinstallerp.exe [1758528]
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\hp\AppData\Local\Temp\Quarantine.exe [344583]
[MD5.8DE9D8FDA8DF6DD2E1B99A1F297FAA8A] [SPRF][17/07/2013] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\hp\AppData\Local\Temp\tbSof2.dll [5134624] =>Toolbar.Conduit
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][04/03/2013] (...) -- C:\Users\hp\AppData\Local\Temp\TB_AE.exe [0]
[MD5.F3A10836603E03A28CAF404B29328F92] [SPRF][07/04/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\hp\AppData\Local\Temp\uninst1.exe [394320] =>Toolbar.Babylon
[MD5.621DF5183023F9B926FA6EF07DE3BE00] [SPRF][22/09/2013] (...) -- C:\Users\hp\AppData\Roaming\wklnhst.dat [4048]
~ Files: 19 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{B8996006-37F2-454A-A77E-87C13949D337}C:\users\hp\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\hp\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe (.not file.)
O87 - FAEL: "UDP Query User{8A16A6B5-DC5E-4E8E-B64A-27E79FA1FA14}C:\users\hp\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\hp\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe (.not file.)
O87 - FAEL: "{CC14B9F8-A966-4E06-A514-0853FBF4FE17}" |In - None - P17 - TRUE | .(...) -- E:\setup\hpznui40.exe (.not file.)
~ Firewall: 191 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "D21EC9447C2E79B41BE9551D36AE4953" . (.Bing Bar.) -- C:\Windows\Installer\{449CE12D-E2C7-4B97-B19E-55D163EA9435}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "DF42B2AC01EE9B240B94AA0862E8E712" . (.Boxore Client.) -- C:\Windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =>Adware.Boxore
~ Update Products: 112 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.6FA9BD53FB61CE9C2E6643EC166A63D8] [WIS][27/08/2010] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\17d181e.msi [121344]
[MD5.3E7F633C2A40964A4CB96E8410B9B172] [WIS][27/08/2010] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\17d1847.msi [648192]
[MD5.83C1E460B1CE7FDE3E9CDFD430F5E952] [WIS][27/08/2010] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\17d1867.msi [121344]
[MD5.C62161DB088D8AFDCEB747A0291F8051] [WIS][27/08/2010] (.DocumentViewerQFolder - DocumentViewerQFolder.) -- C:\Windows\Installer\17d1877.msi [121344]
[MD5.E94265E23E11BF800112AB10EBF8F722] [WIS][23/03/2013] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\23cf1c.msi [24576] =>Adware.Boxore
[MD5.2FE2C12824D4A3813BA1AD8E5888B160] [WIS][16/08/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\641e71.msi [474624] =>Adware.Boxore
[MD5.DD19AFD4E98B0385DA24196C0B59B46A] [WIS][01/08/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\811d7.msi [1615360]
~ WIS: 115 Legitimates Filtered in 00mn 05s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 10/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 19/10/2007 89600 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 01/04/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SR - | Auto 14/05/2008 796712 | (btwdins) . (.Broadcom Corporation..) - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SR - | Auto 08/07/2008 21296 | (CalendarSynchService) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
SS - | Demand 29/03/2008 165416 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
SS - | Auto 25/03/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/03/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 02/06/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 10/07/2008 100864 | (HP Touch Screen Enhance) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.exe
SR - | Demand 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 17/12/2009 243056 | (maconfservice) . (.CybelSoft.) - C:\Program Files (x86)\ma-config.com\maconfservice.exe
SS - | Demand 23/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 24/06/2008 51200 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/03/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SS - | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/05/2008 32240 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.Cyberlink Corp..) - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
~ Services: Scanned in 00mn 08s



---\\ Scan Additionnel (O88)
Database Version : 12932 - (01/10/2013)
Clés trouvées (Keys found) : 21
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 12

[HKLM\Software\Google\Chrome\Extensions\akdojefgphalhhkagafpcoakgboeokdl] =>PUP.SpecialSavings^
[HKLM\Software\Google\Chrome\Extensions\gfhdkohbepelnfckgjinfddmecpngnpb] =>Adware.AddLyrics^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\AppGraffiti] =>PUP.AppGraffiti
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Inbox Toolbar] =>Adware.WebAdSystem
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Tuto4pc] =>PUP.Eorezo
[HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\AppDataLow\Software\LyricStar] =>Adware.AddLyrics
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220122272267}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:tuto4pc_fr_51 =>PUP.Eorezo^
C:\Program Files (x86)\majtuto4pc_fr_a2 =>PUP.Eorezo^
C:\Users\hp\AppData\Local\Updater12767 =>PUP.CrossRider^
C:\Users\hp\AppData\Local\Software =>Adware.Boxore
C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdojefgphalhhkagafpcoakgboeokdl =>PUP.SpecialSavings^
C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhdkohbepelnfckgjinfddmecpngnpb =>Adware.AddLyrics^
C:\Users\hp\AppData\Local\Temp\happyl.exe =>Adware.AddLyrics^
C:\Users\hp\AppData\Local\Temp\tbSof2.dll =>Toolbar.Conduit^
C:\Users\hp\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
C:\Windows\Installer\{449CE12D-E2C7-4B97-B19E-55D163EA9435}\icon_installer_ico =>Toolbar.Bing^
C:\Windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =>Adware.Boxore^
C:\Windows\Installer\23cf1c.msi =>Adware.Boxore^
C:\Windows\Installer\641e71.msi =>Adware.Boxore^
C:\Users\hp\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
~ Additionnel Scan: 406752 Items scanned in 01mn 28s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26686441-pup-specialsavings ; =>PUP.SpecialSavings
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics ; =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo ; =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider ; =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch ; =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit ; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon ; =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing ; =>Toolbar.Bing
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore ; =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad ; =>Adware.PredictAd
~ http://nicolascoolman.webs.com/apps/blog/show/26611535-pup-appgraffiti ; =>PUP.AppGraffiti
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster ; =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27531758-adware-webadsystem ; =>Adware.WebAdSystem
~ MSI: 13 link(s) detected in 01mn 28s



~ 2256 Legitimates filtered by white list
End of the scan (515 lines in 02mn 47s)(0)

Pouvez vous m'aider?
Merci beaucoup.
A voir également:

5 réponses

Malekal_morte- Messages postés 180242 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 587
2 oct. 2013 à 20:48
Salut,

Tu as des adwares sur ton PC.
Passe ces deux programmes dans l'ordre.
Lis bien les instructions, clics sur les liens et lis bien aussi.
Prends ton temps.

Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
!!! Malwarebyte doit être à jour avant de faire le scan !!!
Coche tout en faisant un clic droit / cocher tout
puis bouton supprimer sélection pour tout supprimer.

puis :

Télécharge https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
Sur la page d'AdwCleaner, à droite, clic sur la disquette grise avec la flèche verte pour lancer le téléchargement.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

0
Bonjour Malekal_Morte;

Merci pour ta réponse.
En fait, mon ZHP a été fait après Awcleaner et après MBAM. Cependant, j'ai supprimé ces rapports. Souhaites tu que je les repasse?

Merci beaucoup :-)
0
Malekal_morte- Messages postés 180242 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 587
3 oct. 2013 à 08:39
au moins AdwCleaner pour voir la version :)
0
OK pas de problème !

Voici:
# AdwCleaner v3.006 - Rapport créé le 03/10/2013 à 12:16:31
# Mis à jour le 01/10/2013 par Xplode
# Système d'exploitation : Windows Vista Home Premium Edition Service Pack 2 ( 64bits )
# Nom d'utilisateur : hp
# Exécuté depuis : C:\Users\hp\Downloads\adwcleaner.exe
# Option : Scanner

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (fr)

[ Fichier : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\kcd7tr63.default\prefs.js ]


-\\ Google Chrome v

[ Fichier : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************



++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Malekal_morte- Messages postés 180242 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 587
3 oct. 2013 à 12:27
Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :



netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%windir%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
services.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
CREATERESTOREPOINT
nslookup https://www.google.fr/?gws_rd=ssl /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs



* Clique sur le bouton Analyse.

* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans une réponse.
Je répète : donne le lien du rapport pjjoint ici en réponse.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE


0