Zhpdiag+aide
Fermé
alan3164
Messages postés
5
Date d'inscription
mardi 22 octobre 2013
Statut
Membre
Dernière intervention
25 octobre 2013
-
23 oct. 2013 à 18:21
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 23 oct. 2013 à 18:22
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 23 oct. 2013 à 18:22
Bonjour,
J'ai fais un scan zhpdiag mais je sais pas comment l'interpreter.
Merci pour votre aide
~ Rapport de ZHPDiag v2013.10.21.57 - Nicolas Coolman (21/10/2013)
~ Lancé par jean-pierre (22/10/2013 18:53:42)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 23.0
GCIE: Google Chrome v30.0.1599.101 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 8TFF7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v4.06 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Java 7 Update 17
Java 7 Update 45
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3939 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 828 GB (94%) free of 880 GB
---\\ Mode de connexion au système
~ Computer Name: JEAN-PIERRE-PC
~ User Name: jean-pierre
~ All Users Names: jean-pierre, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\jean-pierre\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jean-pierre\AppData\Roaming\
~ %Desktop% : C:\Users\jean-pierre\Desktop\
~ %Favorites% : C:\Users\jean-pierre\Favorites\
~ %LocalAppData% : C:\Users\jean-pierre\AppData\Local\
~ %StartMenu% : C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 828 Go of 880 Go)
D: Hard drive, Flash drive, Thumb drive (Free 25 Go of 50 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 02:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1968
~ Mes musiques (My Musics) : 1/49
~ Mes Videos (My Videos) : 1/90
~ Mes Favoris (My Favorites) : 1/133
~ Mes Documents (My Documents) : 2/2315
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.4F9236BE13917B89F7A03DEA85F220FA] - (.Pas de propriétaire - WebPlayer.) -- C:\Users\jean-pierre\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752] [PID.2548] =>Adware.SocialSkinz
[MD5.A6E68809BD3B6D0CE8F8782CC1626F12] - (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe [1011792] [PID.5084] =>Hijacker.22Find
[MD5.30312A75BE27ED57AC1F7D657108F016] - (...) -- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3173856] [PID.740] =>PUP.BitGuard
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.1836]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.1716]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.1444]
[MD5.C9FB758B994B96E8858D6F7D1F96142D] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680] [PID.2964] =>Toolbar.Ask
[MD5.D6B7DDB68436F13C3CAE2B92524F1FEC] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770648] [PID.6148]
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [233048] [PID.6908]
[MD5.BB4F6465EEB9ACAA5C60C36983740219] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [310352] [PID.5144] =>Toolbar.Google
[MD5.82E2FA029973DF797E3609021FDFDC0B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8116224] [PID.6036]
[MD5.D0A07092B61451556297EB9FE5CD51BD] - (.Wsys Co., Ltd. - Wsys Control 13.3.2.2610.) -- C:\ProgramData\eSafe\eGdpSvc.exe [305784] [PID.1456] =>PUP.eSafeSecurity
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1640]
[MD5.BEF294FFE5F40BE768BDCBE1837DFABE] - (.APN LLC. - APN Updater.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.996]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2392]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2624]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2828]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2204]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3612]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.4412]
[MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.5336]
[MD5.1584DEEAE5AA0E3FB045F3D0EAC585EA] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.5852]
[MD5.FC43877B4625F6EB773C98233EB625C5] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.5968]
[MD5.B1EC2CAA074A857BF98CA990E576BC2D] - (.Whilokii - Whilokii.) -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304] [PID.6700] =>PUP.Whilokii
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.searchgol.com/ =>Hijacker.SearchGol
~ Google Browser: 2 Legitimates Filtered in 00mn 34s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\xd1tkm86.default\prefs.js
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com =>Toolbar.DeltaSearch
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://isearch.nation.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://isearch.nation.com/
R3 - URLSearchHook: SearchHook Class [64Bits] - {D8278076-BC68-4484-9233-6E7F1628B56C} . (.APN LLC. - Search Hook.) (21.4.0.1982) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll
~ IE Browser: 21 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Whilokii [64Bits] - {204df522-9a96-4a72-abb0-60f7a216d6d2} . (.Whilokii - Whilokii.) -- C:\Program Files (x86)\Whilokii\Whilokiibho.dll =>PUP.Whilokii
O2 - BHO: Zula Games [64Bits] - {A9337080-7CBF-4E3E-80C1-3867BEDD88E0} . (.ZulaGames.com - ScriptHost.) -- C:\Program Files (x86)\Zula Games\ScriptHost.dll =>Adware.InstallBrain
O2 - BHO: BonanzaDeals [64Bits] - {fe063412-bea4-4d76-8ed3-183be6220d17} . (.BonanzaDeals - BonanzaDeals for IE.) -- C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll =>Adware.BonanzaDeals
O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Clé orpheline
O2 - BHO: Ask Toolbar [64Bits] - {4F524A2D-5637-006A-76A7-7A786E7484D7} . (...) -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll" (.not file.) =>Toolbar.Ask
~ BHO: 22 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: (no name) [64Bits] - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar: Ask Toolbar [64Bits] - [HKLM]{4F524A2D-5637-006A-76A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{977AE9CC-AF83-45E8-9E03-E2798216E2D5} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{4F524A2D-5637-006A-76A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Obtenir une assistance logicielle complète de Lexmark.LNK - Clé orpheline
O4 - GS\Desktop [Public]: RegClean Pro.lnk . (.Systweak Inc - RegClean Pro.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe =>Rogue.RegistryPowerCleaner
O4 - GS\Program [Public]: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation - Windows 7 Upgrade Advisor.) -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe
O4 - GS\Program [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\Program [Public]: Home Cinema.lnk . (.CyberLink Corp. - CyberLink PowerStarter Main Program.) -- C:\Program Files (x86)\CyberLink\Media Suite\PS.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [jean-pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\QuickLaunch [jean-pierre]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\TaskBar [jean-pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\TaskBar [jean-pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\Program [jean-pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\Program [jean-pierre]: Webplayer.lnk . (...) -- C:\Users\jean-pierre\AppData\Roaming\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_3F7CDAE07E1639C4AEA7A8.exe
O4 - GS\SystemTools [jean-pierre]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\SendTo [jean-pierre]: Desk 365.lnk . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =>Hijacker.22Find
O4 - GS\Desktop [jean-pierre]: Boot (C) - Raccourci.lnk . (...) -- C:\
O4 - GS\Desktop [jean-pierre]: Lecteur de CD - Raccourci.lnk . (...) -- E:\
O4 - GS\Desktop [jean-pierre]: Nettoyez votre registre gratuitement!.lnk - Clé orpheline
O4 - GS\Desktop [jean-pierre]: Ordinateur - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [jean-pierre]: Recover (D) - Raccourci.lnk . (...) -- D:\
~ Global Startup: 77 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [jean-pierre]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - HKLM\..\RunOnce: [MedionReminder] . (.CyberLink - PowerRecover.) -- C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [FLV Player] . (.Pas de propriétaire - WebPlayer.) -- C:\Users\jean-pierre\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe =>Adware.SocialSkinz
O4 - HKCU\..\Run: [Desk 365] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =>Hijacker.22Find
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean-pierre\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\RunOnce: [Del14424429] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKLM\..\Wow6432Node\RunOnce: [Del14424445] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [FLV Player] . (.Pas de propriétaire - WebPlayer.) -- C:\Users\jean-pierre\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe =>Adware.SocialSkinz
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [Desk 365] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =>Hijacker.22Find
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean-pierre\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\RunOnce: [Del14424429] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: eBay.fr [64Bits] - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} . (...) -- C:\Program Files\Internet Explorer\Custom\eBay.ico
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
O23 - Service: BitGuard (BitGuard) . (...) - C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard
O23 - Service: Service BonanzaDealsLive (bonanzadealsli (bonanzadealslive) . (.BonanzaDeals - BonanzaDealsLive Update.) - C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe =>Adware.BonanzaDeals
O23 - Service: Update Whilokii (Update Whilokii) . (.Whilokii - Whilokii.) - C:\Program Files (x86)\Whilokii\updateWhilokii.exe =>PUP.Whilokii
O23 - Service: Wsys Service (WsysSvc) . (.Wsys Co., Ltd. - Wsys Control 13.3.2.2610.) - C:\ProgramData\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity
~ Services: 17 Legitimates Filtered in 01mn 28s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job [932] =>Adware.BonanzaDeals
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job [936] =>Adware.BonanzaDeals
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Dealply.job [308] =>PUP.DealPly
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Pricora-chromeinstaller.job [1884] =>Adware.Pricora
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Pricora-codedownloader.job [1186] =>Adware.Pricora
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Pricora-enabler.job [1086] =>Adware.Pricora
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_DEFAULT.job [288] =>Rogue.RegistryPowerCleaner
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_UPDATES.job [296] =>Rogue.RegistryPowerCleaner
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\UpdaterEX.job [310] =>Hijacker.iHaveNet
[MD5.00000000000000000000000000000000] [APT] [4767] (...) -- C:\Users\jean-pierre\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.8FAACF0D634C999758A010F6D06D04BF] [APT] [Advanced System Protector] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\SystweakASP.exe [610544] =>PUP.AdvancedSystemProtector
[MD5.9F2041F1EC121713D0BD9996CE97D03E] [APT] [BonanzaDealsLiveUpdateTaskMachineCore] (.BonanzaDeals.) -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976] =>Adware.BonanzaDeals
[MD5.9F2041F1EC121713D0BD9996CE97D03E] [APT] [BonanzaDealsLiveUpdateTaskMachineUA] (.BonanzaDeals.) -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976] =>Adware.BonanzaDeals
[MD5.5826462E5834594A81E0397A097B5D3E] [APT] [BonanzaDealsUpdate] (.BonanzaDealsUpdate.) -- C:\Program Files (x86)\BonanzaDeals\BonanzaDealsUpdate.exe [78384] =>Adware.BonanzaDeals
[MD5.311BCE25242D9D00CBD7BB9D8B6E1315] [APT] [DealPly] (...) -- C:\Users\jean-pierre\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.exe [102968] =>PUP.DealPly
[MD5.A6E68809BD3B6D0CE8F8782CC1626F12] [APT] [Desk 365 RunAsStdUser] (.337 Technology Limited..) -- C:\Program Files (x86)\Desk 365\desk365.exe [1011792] =>Hijacker.22Find
[MD5.F64487396AB10165DC80BC15CF854D31] [APT] [EPUpdater] (...) -- C:\Users\jean-pierre\AppData\Roaming\BabSolution\Shared\BabMaint.exe [10320] =>Hijacker.BabSolution
[MD5.8AC07485A7473392EEA6489F31747AE8] [APT] [LaunchApp] (.MyPCBackup.com.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [1953320] =>PUP.MyPCBackup
[MD5.59BE5C8AD4758A4405E13BCE1D3BE665] [APT] [Pricora-chromeinstaller] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-chromeinstaller.exe [460800] =>Adware.Pricora
[MD5.DAA7EAAEEB67125192A16FCCE7EEDD9D] [APT] [Pricora-codedownloader] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-codedownloader.exe [476672] =>Adware.Pricora
[MD5.1696645FDB0519682C3D79DACA321A71] [APT] [Pricora-enabler] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-enabler.exe [342528] =>Adware.Pricora
[MD5.528E572D2C91051920F43208A91E7260] [APT] [RegClean Pro] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7871832] =>Rogue.RegistryPowerCleaner
[MD5.528E572D2C91051920F43208A91E7260] [APT] [RegClean Pro_DEFAULT] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7871832] =>Rogue.RegistryPowerCleaner
[MD5.528E572D2C91051920F43208A91E7260] [APT] [RegClean Pro_UPDATES] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7871832] =>Rogue.RegistryPowerCleaner
[MD5.8272D32ACE355E4D4E85CB78530AE962] [APT] [UpdaterEX] (...) -- C:\Users\jean-pierre\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.exe [106496] =>PUP.Dealply
~ Scheduled Task: 59 Legitimates Filtered in 00mn 02s
---\\ Logiciels installés (O42)
O42 - Logiciel: AppsHat Mobile Apps - (.Somoto Ltd..) [HKCU][64Bits] -- AppsHat Mobile Apps =>Adware.MegaSearch
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-006A-76A7-A758B70C0600} =>Toolbar.Ask
O42 - Logiciel: BitGuard - (.MediaTechSoft Inc..) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>PUP.BitGuard
O42 - Logiciel: Bonanza Deals (remove only) - (.Bonanza Deals.) [HKLM][64Bits] -- Bonanza Deals =>Adware.BonanzaDeals
O42 - Logiciel: Desk 365 - (.337 Technology Limited..) [HKLM][64Bits] -- Desk 365 =>Hijacker.22Find
O42 - Logiciel: Extended Update - (...) [HKCU][64Bits] -- UpdaterEX =>PUP.Dealply
O42 - Logiciel: Movies Toolbar for Firefox (Dist. by Somoto Ltd.) - (.APN LLC.) [HKLM][64Bits] -- somotomoviestoolbar1FF =>Adware.Bandoo
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup
O42 - Logiciel: Pricora - (.Corporate Inc.) [HKLM][64Bits] -- Pricora =>Adware.Pricora
O42 - Logiciel: Qtrax Music Downloader Packages - (...) [HKCU][64Bits] -- Qtrax Music Downloader Packages
O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM][64Bits] -- RegClean Pro_is1 =>Rogue.RegistryPowerCleaner
O42 - Logiciel: SweetIM Bundle by SweetPacks - (.SweetPacks LTD.) [HKLM][64Bits] -- SweetIM Bundle by SweetPacks =>PUP.SweetIM
O42 - Logiciel: SweetPacks Updater Service - (...) [HKLM][64Bits] -- WNLT =>Adware.IncrediBar
O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM][64Bits] -- {9937E55B-6331-4804-93EF-77E992F204BD} =>Adware.SocialSkinz
O42 - Logiciel: Whilokii 1.0.0 - (.Whilokii.) [HKLM][64Bits] -- Whilokii =>PUP.Whilokii
O42 - Logiciel: Zula Games - (.ZulaGames.com.) [HKLM][64Bits] -- Zula Games =>Adware.InstallBrain
~ Logic: 130 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\596da8ab76fbf41]
[HKCU\Software\APN DTX]
[HKCU\Software\Alexa Internet]
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\BI]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKCU\Software\BonanzaDeals] =>Adware.BonanzaDeals
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\DealPlyLive] =>PUP.DealPly
[HKCU\Software\Delta]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\V9]
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKCU\Software\Whilokii] =>PUP.Whilokii
[HKCU\Software\iLivid] =>Adware.Bandoo
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\596da8ab76fbf41]
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\BearShareSRTB] =>PUP.BearShare
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKLM\Software\Wow6432Node\BonanzaDeals] =>Adware.BonanzaDeals
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Datamngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\DealPlyLive] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\MDNF]
[HKLM\Software\Wow6432Node\Minibar]
[HKLM\Software\Wow6432Node\SafetyNut]
[HKLM\Software\Wow6432Node\Services x86] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\Whilokii] =>PUP.Whilokii
[HKLM\Software\Wow6432Node\deskSvc]
[HKLM\Software\Wow6432Node\eSafeSecControl] =>PUP.eSafeSecurity
~ Key Software: 255 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/10/2013 - 16:57:27 - [9,430] ----D C:\Program Files (x86)\AskPartnerNetwork
O43 - CFD: 22/10/2013 - 18:48:15 - [1,165] ----D C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 22/10/2013 - 18:48:29 - [3,750] ----D C:\Program Files (x86)\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 15/07/2013 - 18:10:25 - [0,851] ----D C:\Program Files (x86)\DealPly =>PUP.DealPly
O43 - CFD: 15/07/2013 - 18:57:10 - [0] ----D C:\Program Files (x86)\DealPlyLive =>PUP.DealPly
O43 - CFD: 28/09/2013 - 11:21:40 - [10,389] ----D C:\Program Files (x86)\Desk 365 =>Hijacker.22Find
O43 - CFD: 05/02/2013 - 16:15:17 - [0,293] ----D C:\Program Files (x86)\File Scout =>PUP.FileScout
O43 - CFD: 01/03/2013 - 20:56:22 - [1,053] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster
O43 - CFD: 25/09/2013 - 20:17:12 - [0,384] ----D C:\Program Files (x86)\Minibar
O43 - CFD: 22/10/2013 - 18:49:49 - [34,810] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 19/10/2013 - 11:31:13 - [5,464] ----D C:\Program Files (x86)\Pricora =>Adware.Pricora
O43 - CFD: 22/10/2013 - 18:48:26 - [14,401] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner
O43 - CFD: 08/10/2013 - 20:52:11 - [0,615] ----D C:\Program Files (x86)\Savings Wave =>PUP.CrossRider
O43 - CFD: 15/07/2013 - 17:45:11 - [0,359] ----D C:\Program Files (x86)\sweetpacks bundle uninstaller =>PUP.SweetIM
O43 - CFD: 28/09/2013 - 11:49:10 - [26,521] ----D C:\Program Files (x86)\Video Performer
O43 - CFD: 22/10/2013 - 18:48:25 - [0,753] ----D C:\Program Files (x86)\Whilokii =>PUP.Whilokii
O43 - CFD: 01/03/2013 - 18:42:17 - [0,191] ----D C:\Program Files (x86)\Yontoo =>Adware.Yontoo
O43 - CFD: 28/09/2013 - 11:48:52 - [2,355] ----D C:\Program Files (x86)\Zula Games =>Adware.InstallBrain
O43 - CFD: 15/06/2013 - 14:16:33 - [33,331] ----D C:\Program Files (x86)\Common Files\337
O43 - CFD: 07/10/2013 - 16:08:45 - [0] ----D C:\ProgramData\APN
O43 - CFD: 20/10/2013 - 16:57:27 - [0,533] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 04/02/2013 - 18:31:02 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 01/10/2013 - 15:57:49 - [16,798] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 22/10/2013 - 18:48:29 - [0,040] ----D C:\ProgramData\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 23/10/2012 - 17:37:33 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 18/07/2013 - 15:45:43 - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 15/07/2013 - 17:52:14 - [0,059] ----D C:\ProgramData\DealPlyLive =>PUP.DealPly
O43 - CFD: 29/09/2013 - 10:03:41 - [0,147] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
O43 - CFD: 22/10/2013 - 14:56:33 - [1,098] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity
O43 - CFD: 28/09/2013 - 11:48:09 - [0,004] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 08/06/2012 - 18:38:08 - [0,001] ----D C:\ProgramData\Partner
O43 - CFD: 01/03/2013 - 18:42:25 - [0,281] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 03/12/2012 - 18:55:34 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 15/06/2013 - 13:50:48 - [1,063] ----D C:\Users\jean-pierre\AppData\Roaming\0F0C1V0F1L1I1P0E2V2Z1C1T1R2Z1F1C
O43 - CFD: 22/10/2013 - 18:48:35 - [0] ----D C:\Users\jean-pierre\AppData\Roaming\Advanced System Protector =>PUP.AdvancedSystemProtector
O43 - CFD: 28/09/2013 - 11:48:38 - [1,265] ----D C:\Users\jean-pierre\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 04/02/2013 - 18:31:02 - [0,035] ----D C:\Users\jean-pierre\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 15/06/2013 - 14:16:39 - [0,098] ----D C:\Users\jean-pierre\AppData\Roaming\DealPly =>PUP.DealPly
O43 - CFD: 13/08/2013 - 16:13:50 - [31,147] ----D C:\Users\jean-pierre\AppData\Roaming\Desk 365 =>Hijacker.22Find
O43 - CFD: 15/06/2013 - 14:14:48 - [5,183] ----D C:\Users\jean-pierre\AppData\Roaming\eIntaller
O43 - CFD: 03/03/2013 - 10:42:25 - [0,308] ----D C:\Users\jean-pierre\AppData\Roaming\File Scout =>PUP.FileScout
O43 - CFD: 03/12/2012 - 18:45:32 - [26,555] ----D C:\Users\jean-pierre\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 05/02/2013 - 16:15:32 - [0,023] ----D C:\Users\jean-pierre\AppData\Roaming\SpecialSavings =>PUP.SpecialSavings
O43 - CFD: 29/09/2013 - 10:03:43 - [0,081] ----D C:\Users\jean-pierre\AppData\Roaming\SpeedAnalysis2 =>PUP.SpeedAnalysis
O43 - CFD: 22/10/2013 - 18:50:22 - [0,102] ----D C:\Users\jean-pierre\AppData\Roaming\UpdaterEX =>PUP.Dealply
O43 - CFD: 25/09/2013 - 20:17:16 - [0,078] ----D C:\Users\jean-pierre\AppData\Local\AppsHat Mobile Apps =>Adware.MegaSearch
O43 - CFD: 22/10/2013 - 18:48:29 - [0] ----D C:\Users\jean-pierre\AppData\Local\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 15/07/2013 - 17:52:15 - [0] ----D C:\Users\jean-pierre\AppData\Local\DealPlyLive =>PUP.DealPly
O43 - CFD: 25/09/2013 - 20:17:13 - [0,941] ----D C:\Users\jean-pierre\AppData\Local\Minibar
O43 - CFD: 25/06/2013 - 14:24:33 - [0] ----D C:\Users\jean-pierre\AppData\Local\Updater12765 =>PUP.CrossRider
O43 - CFD: 25/09/2013 - 20:17:15 - [0,004] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat =>Adware.MegaSearch
O43 - CFD: 01/10/2013 - 15:57:53 - [0,001] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
O43 - CFD: 22/10/2013 - 18:48:15 - [0,001] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 22/10/2013 - 18:49:49 - [0,002] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 28/09/2013 - 11:49:10 - [0,002] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Performer
O43 - CFD: 30/11/2011 - 22:43:55 - [0,001] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
~ 354 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 601 Legitimates Filtered in 00mn 14s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.A34415C324483C459F4D44CEAB52B252] - 21/10/2013 - 21:55:58 ---A- - C:\Windows\Prefetch\BITGUARD.EXE-9B5072C7.pf =>PUP.BitGuard
O45 - LFCP:[MD5.1B00DF1CB2F51BE457F5A00D3CC8C1A8] - 22/10/2013 - 13:53:21 ---A- - C:\Windows\Prefetch\PRICORA-ENABLER.EXE-E7B6DCD7.pf =>Adware.Pricora
O45 - LFCP:[MD5.3E3DD46AB0C55B2470361CEBB52EE7EB] - 22/10/2013 - 14:00:38 ---A- - C:\Windows\Prefetch\OLICENSEHEARTBEAT.EXE-3846C330.pf
O45 - LFCP:[MD5.35B37B1AC2B00A941017851485755EDE] - 22/10/2013 - 17:47:08 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-8E13522B.pf =>Toolbar.Wajam
O45 - LFCP:[MD5.B6A2CC158614354029DE71EC558DE4A8] - 22/10/2013 - 17:47:52 ---A- - C:\Windows\Prefetch\BACKGROUNDHOST64.EXE-54A544F6.pf
O45 - LFCP:[MD5.819E51EF8879A4E11358DB674E797693] - 22/10/2013 - 17:47:53 ---A- - C:\Windows\Prefetch\DOKOTB.EXE-1F907999.pf
O45 - LFCP:[MD5.8064F58F4AD242FE272EFBC96EB1F066] - 22/10/2013 - 17:47:53 ---A- - C:\Windows\Prefetch\WHILOKII_IS.EXE-88E7D85B.pf =>PUP.Whilokii
O45 - LFCP:[MD5.ECC7FA0EE3AA2DA1FB65D8AE1298E38E] - 22/10/2013 - 17:48:20 ---A- - C:\Windows\Prefetch\SQLITE3.EXE-66C8E782.pf
O45 - LFCP:[MD5.3181C8966307FDD2C2C3334714ACF3FE] - 22/10/2013 - 17:48:23 ---A- - C:\Windows\Prefetch\BD.EXE-635B71FA.pf
O45 - LFCP:[MD5.1DEC2CBAE6258A327527FAAAE35D5D14] - 22/10/2013 - 17:48:24 ---A- - C:\Windows\Prefetch\UNINST.EXE-E3739075.pf
O45 - LFCP:[MD5.3D52CF48B0F26A73BBB1019C7D4619DC] - 22/10/2013 - 17:48:28 ---A- - C:\Windows\Prefetch\RCPSETUP_ADPPI_ADPPI.EXE-E42EDFB7.pf
O45 - LFCP:[MD5.FABEDC58130370182D19D1EAAE8191AF] - 22/10/2013 - 17:48:28 ---A- - C:\Windows\Prefetch\RCPSETUP_ADPPI_ADPPI.TMP-243BDFB7.pf
O45 - LFCP:[MD5.E25B3EE030B94E154E79754D2A1A5D37] - 22/10/2013 - 17:48:34 ---A- - C:\Windows\Prefetch\UPDATEWHILOKII.EXE-DA3ED350.pf =>PUP.Whilokii
O45 - LFCP:[MD5.317D858510F552D91538F14CBC4C3BAD] - 22/10/2013 - 17:48:37 ---A- - C:\Windows\Prefetch\CLOUD_BACKUP_SETUP_INTL.EXE-67247175.pf
O45 - LFCP:[MD5.75C2C8944CD1742C0BCC86B3475572DC] - 22/10/2013 - 17:48:38 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVE.EXE-55F502D6.pf =>Adware.BonanzaDeals
O45 - LFCP:[MD5.C377771CDC75D54E8F9AC2A5BE53E306] - 22/10/2013 - 17:48:39 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVE.EXE-9DC927CB.pf =>Adware.BonanzaDeals
O45 - LFCP:[MD5.A6699E05BEC5D79291E3C2BD0DC437F7] - 22/10/2013 - 17:49:53 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-98FB306F.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.FCC6A0BEA3D9ADF01C24B3F101C7621D] - 22/10/2013 - 17:52:40 ---A- - C:\Windows\Prefetch\FIREFOX_SETUP [1].EXE-552E9772.pf
O45 - LFCP:[MD5.1EF7A306D54BDA9CE8D0DFEA09BDCD27] - 22/10/2013 - 17:53:00 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVEHANDLER.EXE-D4DB8421.pf =>Adware.BonanzaDeals
O45 - LFCP:[MD5.59224620910E6DF0B20B6E7BD728391A] - 22/10/2013 - 17:53:10 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVE.EXE-B181B230.pf =>Adware.BonanzaDeals
~ Prefetcher: 133 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Desk 365 [Key] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =>Hijacker.22Find
~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] - 30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 20/10/2013 - 18:56:29 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 20/10/2013 - 18:56:42 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Local State [44585]
O61 - LFC: 20/10/2013 - 18:56:53 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\AcroRd32_fcfb5f565deaea2a72249bc84ac6500c.ico [23118] =>Hijacker.22Find
O61 - LFC: 20/10/2013 - 18:56:53 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\chrome_cdd794085a56557576a651056d71e3fd.ico [55773] =>Hijacker.22Find
O61 - LFC: 20/10/2013 - 18:56:54 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\iexplore_296850674ad9ba612c74e8a3c2ff5efe.ico [82151] =>Hijacker.22Find
O61 - LFC: 20/10/2013 - 18:56:55 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\SkyDrive_0afae65cabda6a207632ce1bb56183c6.ico [37288] =>Hijacker.22Find
O61 - LFC: 20/10/2013 - 18:57:03 ---A- . (...) -- C:\Users\jean-pierre\Documents\Programme tv jp.ods [5142]
O61 - LFC: 20/10/2013 - 18:57:05 ---A- . (...) -- C:\Users\jean-pierre\Documents\TELETHON\TELETHON CIBOURE 2013.odt [6331]
O61 - LFC: 20/10/2013 - 18:57:05 ---A- . (...) -- C:\Users\jean-pierre\Documents\TELETHON\TELETHON CIBOURE.odt [6091]
O61 - LFC: 21/10/2013 - 18:56:42 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Toolbar Cache\7.5.4601.54\fr\translate_languages.json.content [1497]
O61 - LFC: 21/10/2013 - 18:56:52 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\BabSolution\Shared\chu.js [2] =>Hijacker.BabSolution
O61 - LFC: 22/10/2013 - 18:56:28 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\avgchrome\avgp [101708]
O61 - LFC: 22/10/2013 - 18:56:42 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Toolbar Cache\7.5.4601.54\fr\translate_element.js.content [2381]
O61 - LFC: 22/10/2013 - 18:56:52 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\DealPly\UpdateProc\TTL.DAT [5] =>PUP.DealPly
O61 - LFC: 22/10/2013 - 18:56:53 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\desk_list.xml [72926] =>Hijacker.22Find
O61 - LFC: 22/10/2013 - 18:56:53 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\firefox_7f6c31235f2470042b7c737e39ba6023.ico [85989] =>Hijacker.22Find
O61 - LFC: 22/10/2013 - 18:56:54 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\ICReinstall_Firefox_Setup_65b2a605c70fc270d42ed753fbc8094f.ico [20350] =>Hijacker.22Find
O61 - LFC: 22/10/2013 - 18:56:55 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\RegCleanPro_98790a3b17cb689fb4e09f1856ed1029.ico [26694] =>Hijacker.22Find
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp [6] =>Rogue.RegistryPowerCleaner
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\French_rcp.dat [51966] =>Rogue.RegistryPowerCleaner
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp [6] =>Rogue.RegistryPowerCleaner
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp [196412] =>Rogue.RegistryPowerCleaner
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\ZHP\Log.txt [22621] =>.Nicolas Coolman
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\ZHP\TestsZHPDiag.txt [3042] =>.Nicolas Coolman
~ 160 Fichiers temporaires (Temporary files)
~ Files: 417 Legitimates Filtered in 00mn 37s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O68 - StartMenuInternet: <Torch> <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 5DAABE9A817E426D9FE4DE13FB20D371 - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] F568FB0C2A354EF48EA23B30A741A761 - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] Live Search - (Live Search) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (SearchGol) - https://www.searchgol.com/ =>Hijacker.SearchGol
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (delta-homes) - http://search.delta-homes.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {52db1893-8a90-4192-aede-08e00b8f8473} - (Ask.com) - https://www.search.ask.com/web?l=dis&q=&o=APN10655A&apn_dtid=%5EBND101%5EYY%5EFR&shad=s_0048&gct=hp&apn_ptnrs=%5EAG5&d=101-0&lang=en&atb=sysid%3D101%3Auid%3De71e508e6f0b6f35%3Asrc%3Dhmp%3Ao%3DAPN10655A%3Atg%3D&p2=%5EAG5%5EBND101%5EYY%5EFR
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {812F8ACE-62BC-4CB3-8A81-2F352FAEDE23} - (Ask Search) - http://www.search.ask.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} - (Search Results) - https://www.search.ask.com/web?l=dis&q=&o=APN10655A&apn_dtid=%5EBND101%5EYY%5EFR&shad=s_0048&gct=hp&apn_ptnrs=%5EAG5&d=101-0&lang=en&atb=sysid%3D101%3Auid%3D58c9331d816657ac%3Asrc%3Dhmp%3Ao%3DAPN10655A%3Atg%3D&p2=%5EAG5%5EBND101%5EYY%5EFR =>PUP.SearchResults
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - https://www.search.ask.com/web?l=dis&q=&o=APN10655A&apn_dtid=%5EBND101%5EYY%5EFR&shad=s_0048&gct=hp&apn_ptnrs=%5EAG5&d=101-0&lang=en&atb=sysid%3D101%3Auid%3De71e508e6f0b6f35%3Asrc%3Dhmp%3Ao%3DAPN10655A%3Atg%3D&p2=%5EAG5%5EBND101%5EYY%5EFR
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (SweetIM Search) - https://search.sweetim.com/ =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Nation Search) - https://isearch.nation.com/
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.49F3F96A236521578C6BBEECF05567B9] [SPRF][20/10/2013] (.Ask Partner Network - Stub Installer.) -- C:\Users\jean-pierre\AppData\Local\Temp\APNSetup.exe [510928]
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][22/10/2013] (...) -- C:\Users\jean-pierre\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.B38F41F1B8AEC6B2173047DDC2A7E897] [SPRF][28/09/2013] (...) -- C:\Users\jean-pierre\AppData\LocalLow\SkwConfig.bin [6312]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{E447C503-ACB3-4E9D-B83E-9425271DE2C1}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{627D34F9-3C3C-4872-9465-5B40012B44FA}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "TCP Query User{0B02FB37-1896-4B33-B795-85AB6B2521FD}C:\users\jean-pierre\appdata\roaming\nosibay\bubble dock\bubble dock.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\jean-pierre\appdata\roaming\nosibay\bubble dock\bubble dock.exe (.not file.) =>PUP.BubbleDock
O87 - FAEL: "UDP Query User{8510EC31-9791-4C34-B8BE-C22792E5C140}C:\users\jean-pierre\appdata\roaming\nosibay\bubble dock\bubble dock.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\jean-pierre\appdata\roaming\nosibay\bubble dock\bubble dock.exe (.not file.) =>PUP.BubbleDock
O87 - FAEL: "{46EE1861-E4AF-4A1D-9BC2-54C2F3436862}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{528AB756-E3D0-47B8-A75D-27FD32F53397}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{86581957-0417-4B17-86C4-A5AE70D279E7}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{FEBDB0FD-ADC4-4270-A08E-B462C31F2818}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{1A23B4D6-E12A-4FD7-AC15-84F0F72FEBFE}" | In - Public - P6 - TRUE | .(.Wsys Co., Ltd. - Wsys Control 13.3.2.2610.) -- C:\ProgramData\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity
~ Firewall: 207 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "D2A425F47365A600677A7A857BC06000" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-006A-76A7-A758B70C0600}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 242 Legitimates Filtered in 00mn 00s
---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\596da8ab76fbf41\2.6.1339.144\upd]:="upd=1"
[HKCU\Software\596da8ab76fbf41\2.6.1519.190\upd]:="upd=1"
[HKCU\Software\596da8ab76fbf41\2.6.1673.238\upd]:="upd=1"
[HKCU\Software\596da8ab76fbf41\2.6.1694.246\upd]:="upd="
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Eazel
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238"
[HKCU\Software\596da8ab76fbf41]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8
J'ai fais un scan zhpdiag mais je sais pas comment l'interpreter.
Merci pour votre aide
~ Rapport de ZHPDiag v2013.10.21.57 - Nicolas Coolman (21/10/2013)
~ Lancé par jean-pierre (22/10/2013 18:53:42)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 23.0
GCIE: Google Chrome v30.0.1599.101 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 8TFF7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v4.06 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Java 7 Update 17
Java 7 Update 45
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3939 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 828 GB (94%) free of 880 GB
---\\ Mode de connexion au système
~ Computer Name: JEAN-PIERRE-PC
~ User Name: jean-pierre
~ All Users Names: jean-pierre, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\jean-pierre\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jean-pierre\AppData\Roaming\
~ %Desktop% : C:\Users\jean-pierre\Desktop\
~ %Favorites% : C:\Users\jean-pierre\Favorites\
~ %LocalAppData% : C:\Users\jean-pierre\AppData\Local\
~ %StartMenu% : C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 828 Go of 880 Go)
D: Hard drive, Flash drive, Thumb drive (Free 25 Go of 50 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 02:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1968
~ Mes musiques (My Musics) : 1/49
~ Mes Videos (My Videos) : 1/90
~ Mes Favoris (My Favorites) : 1/133
~ Mes Documents (My Documents) : 2/2315
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.4F9236BE13917B89F7A03DEA85F220FA] - (.Pas de propriétaire - WebPlayer.) -- C:\Users\jean-pierre\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752] [PID.2548] =>Adware.SocialSkinz
[MD5.A6E68809BD3B6D0CE8F8782CC1626F12] - (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe [1011792] [PID.5084] =>Hijacker.22Find
[MD5.30312A75BE27ED57AC1F7D657108F016] - (...) -- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3173856] [PID.740] =>PUP.BitGuard
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.1836]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.1716]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.1444]
[MD5.C9FB758B994B96E8858D6F7D1F96142D] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680] [PID.2964] =>Toolbar.Ask
[MD5.D6B7DDB68436F13C3CAE2B92524F1FEC] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770648] [PID.6148]
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [233048] [PID.6908]
[MD5.BB4F6465EEB9ACAA5C60C36983740219] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [310352] [PID.5144] =>Toolbar.Google
[MD5.82E2FA029973DF797E3609021FDFDC0B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8116224] [PID.6036]
[MD5.D0A07092B61451556297EB9FE5CD51BD] - (.Wsys Co., Ltd. - Wsys Control 13.3.2.2610.) -- C:\ProgramData\eSafe\eGdpSvc.exe [305784] [PID.1456] =>PUP.eSafeSecurity
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1640]
[MD5.BEF294FFE5F40BE768BDCBE1837DFABE] - (.APN LLC. - APN Updater.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.996]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2392]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2624]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2828]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2204]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3612]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.4412]
[MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.5336]
[MD5.1584DEEAE5AA0E3FB045F3D0EAC585EA] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.5852]
[MD5.FC43877B4625F6EB773C98233EB625C5] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.5968]
[MD5.B1EC2CAA074A857BF98CA990E576BC2D] - (.Whilokii - Whilokii.) -- C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304] [PID.6700] =>PUP.Whilokii
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.searchgol.com/ =>Hijacker.SearchGol
~ Google Browser: 2 Legitimates Filtered in 00mn 34s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\xd1tkm86.default\prefs.js
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com =>Toolbar.DeltaSearch
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://isearch.nation.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://isearch.nation.com/
R3 - URLSearchHook: SearchHook Class [64Bits] - {D8278076-BC68-4484-9233-6E7F1628B56C} . (.APN LLC. - Search Hook.) (21.4.0.1982) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll
~ IE Browser: 21 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Whilokii [64Bits] - {204df522-9a96-4a72-abb0-60f7a216d6d2} . (.Whilokii - Whilokii.) -- C:\Program Files (x86)\Whilokii\Whilokiibho.dll =>PUP.Whilokii
O2 - BHO: Zula Games [64Bits] - {A9337080-7CBF-4E3E-80C1-3867BEDD88E0} . (.ZulaGames.com - ScriptHost.) -- C:\Program Files (x86)\Zula Games\ScriptHost.dll =>Adware.InstallBrain
O2 - BHO: BonanzaDeals [64Bits] - {fe063412-bea4-4d76-8ed3-183be6220d17} . (.BonanzaDeals - BonanzaDeals for IE.) -- C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll =>Adware.BonanzaDeals
O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Clé orpheline
O2 - BHO: Ask Toolbar [64Bits] - {4F524A2D-5637-006A-76A7-7A786E7484D7} . (...) -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll" (.not file.) =>Toolbar.Ask
~ BHO: 22 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: (no name) [64Bits] - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar: Ask Toolbar [64Bits] - [HKLM]{4F524A2D-5637-006A-76A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{977AE9CC-AF83-45E8-9E03-E2798216E2D5} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{4F524A2D-5637-006A-76A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Obtenir une assistance logicielle complète de Lexmark.LNK - Clé orpheline
O4 - GS\Desktop [Public]: RegClean Pro.lnk . (.Systweak Inc - RegClean Pro.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe =>Rogue.RegistryPowerCleaner
O4 - GS\Program [Public]: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation - Windows 7 Upgrade Advisor.) -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe
O4 - GS\Program [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\Program [Public]: Home Cinema.lnk . (.CyberLink Corp. - CyberLink PowerStarter Main Program.) -- C:\Program Files (x86)\CyberLink\Media Suite\PS.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [jean-pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\QuickLaunch [jean-pierre]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\TaskBar [jean-pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\TaskBar [jean-pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\Program [jean-pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\Program [jean-pierre]: Webplayer.lnk . (...) -- C:\Users\jean-pierre\AppData\Roaming\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_3F7CDAE07E1639C4AEA7A8.exe
O4 - GS\SystemTools [jean-pierre]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Toolbar.DeltaSearch
O4 - GS\SendTo [jean-pierre]: Desk 365.lnk . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =>Hijacker.22Find
O4 - GS\Desktop [jean-pierre]: Boot (C) - Raccourci.lnk . (...) -- C:\
O4 - GS\Desktop [jean-pierre]: Lecteur de CD - Raccourci.lnk . (...) -- E:\
O4 - GS\Desktop [jean-pierre]: Nettoyez votre registre gratuitement!.lnk - Clé orpheline
O4 - GS\Desktop [jean-pierre]: Ordinateur - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [jean-pierre]: Recover (D) - Raccourci.lnk . (...) -- D:\
~ Global Startup: 77 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [jean-pierre]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - HKLM\..\RunOnce: [MedionReminder] . (.CyberLink - PowerRecover.) -- C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [FLV Player] . (.Pas de propriétaire - WebPlayer.) -- C:\Users\jean-pierre\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe =>Adware.SocialSkinz
O4 - HKCU\..\Run: [Desk 365] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =>Hijacker.22Find
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean-pierre\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\RunOnce: [Del14424429] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKLM\..\Wow6432Node\RunOnce: [Del14424445] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [FLV Player] . (.Pas de propriétaire - WebPlayer.) -- C:\Users\jean-pierre\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe =>Adware.SocialSkinz
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [Desk 365] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =>Hijacker.22Find
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean-pierre\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\RunOnce: [Del14424429] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: eBay.fr [64Bits] - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} . (...) -- C:\Program Files\Internet Explorer\Custom\eBay.ico
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
O23 - Service: BitGuard (BitGuard) . (...) - C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard
O23 - Service: Service BonanzaDealsLive (bonanzadealsli (bonanzadealslive) . (.BonanzaDeals - BonanzaDealsLive Update.) - C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe =>Adware.BonanzaDeals
O23 - Service: Update Whilokii (Update Whilokii) . (.Whilokii - Whilokii.) - C:\Program Files (x86)\Whilokii\updateWhilokii.exe =>PUP.Whilokii
O23 - Service: Wsys Service (WsysSvc) . (.Wsys Co., Ltd. - Wsys Control 13.3.2.2610.) - C:\ProgramData\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity
~ Services: 17 Legitimates Filtered in 01mn 28s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job [932] =>Adware.BonanzaDeals
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job [936] =>Adware.BonanzaDeals
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Dealply.job [308] =>PUP.DealPly
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Pricora-chromeinstaller.job [1884] =>Adware.Pricora
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Pricora-codedownloader.job [1186] =>Adware.Pricora
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Pricora-enabler.job [1086] =>Adware.Pricora
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_DEFAULT.job [288] =>Rogue.RegistryPowerCleaner
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_UPDATES.job [296] =>Rogue.RegistryPowerCleaner
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\UpdaterEX.job [310] =>Hijacker.iHaveNet
[MD5.00000000000000000000000000000000] [APT] [4767] (...) -- C:\Users\jean-pierre\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.8FAACF0D634C999758A010F6D06D04BF] [APT] [Advanced System Protector] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\SystweakASP.exe [610544] =>PUP.AdvancedSystemProtector
[MD5.9F2041F1EC121713D0BD9996CE97D03E] [APT] [BonanzaDealsLiveUpdateTaskMachineCore] (.BonanzaDeals.) -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976] =>Adware.BonanzaDeals
[MD5.9F2041F1EC121713D0BD9996CE97D03E] [APT] [BonanzaDealsLiveUpdateTaskMachineUA] (.BonanzaDeals.) -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976] =>Adware.BonanzaDeals
[MD5.5826462E5834594A81E0397A097B5D3E] [APT] [BonanzaDealsUpdate] (.BonanzaDealsUpdate.) -- C:\Program Files (x86)\BonanzaDeals\BonanzaDealsUpdate.exe [78384] =>Adware.BonanzaDeals
[MD5.311BCE25242D9D00CBD7BB9D8B6E1315] [APT] [DealPly] (...) -- C:\Users\jean-pierre\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.exe [102968] =>PUP.DealPly
[MD5.A6E68809BD3B6D0CE8F8782CC1626F12] [APT] [Desk 365 RunAsStdUser] (.337 Technology Limited..) -- C:\Program Files (x86)\Desk 365\desk365.exe [1011792] =>Hijacker.22Find
[MD5.F64487396AB10165DC80BC15CF854D31] [APT] [EPUpdater] (...) -- C:\Users\jean-pierre\AppData\Roaming\BabSolution\Shared\BabMaint.exe [10320] =>Hijacker.BabSolution
[MD5.8AC07485A7473392EEA6489F31747AE8] [APT] [LaunchApp] (.MyPCBackup.com.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [1953320] =>PUP.MyPCBackup
[MD5.59BE5C8AD4758A4405E13BCE1D3BE665] [APT] [Pricora-chromeinstaller] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-chromeinstaller.exe [460800] =>Adware.Pricora
[MD5.DAA7EAAEEB67125192A16FCCE7EEDD9D] [APT] [Pricora-codedownloader] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-codedownloader.exe [476672] =>Adware.Pricora
[MD5.1696645FDB0519682C3D79DACA321A71] [APT] [Pricora-enabler] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-enabler.exe [342528] =>Adware.Pricora
[MD5.528E572D2C91051920F43208A91E7260] [APT] [RegClean Pro] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7871832] =>Rogue.RegistryPowerCleaner
[MD5.528E572D2C91051920F43208A91E7260] [APT] [RegClean Pro_DEFAULT] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7871832] =>Rogue.RegistryPowerCleaner
[MD5.528E572D2C91051920F43208A91E7260] [APT] [RegClean Pro_UPDATES] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7871832] =>Rogue.RegistryPowerCleaner
[MD5.8272D32ACE355E4D4E85CB78530AE962] [APT] [UpdaterEX] (...) -- C:\Users\jean-pierre\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.exe [106496] =>PUP.Dealply
~ Scheduled Task: 59 Legitimates Filtered in 00mn 02s
---\\ Logiciels installés (O42)
O42 - Logiciel: AppsHat Mobile Apps - (.Somoto Ltd..) [HKCU][64Bits] -- AppsHat Mobile Apps =>Adware.MegaSearch
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-006A-76A7-A758B70C0600} =>Toolbar.Ask
O42 - Logiciel: BitGuard - (.MediaTechSoft Inc..) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>PUP.BitGuard
O42 - Logiciel: Bonanza Deals (remove only) - (.Bonanza Deals.) [HKLM][64Bits] -- Bonanza Deals =>Adware.BonanzaDeals
O42 - Logiciel: Desk 365 - (.337 Technology Limited..) [HKLM][64Bits] -- Desk 365 =>Hijacker.22Find
O42 - Logiciel: Extended Update - (...) [HKCU][64Bits] -- UpdaterEX =>PUP.Dealply
O42 - Logiciel: Movies Toolbar for Firefox (Dist. by Somoto Ltd.) - (.APN LLC.) [HKLM][64Bits] -- somotomoviestoolbar1FF =>Adware.Bandoo
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup
O42 - Logiciel: Pricora - (.Corporate Inc.) [HKLM][64Bits] -- Pricora =>Adware.Pricora
O42 - Logiciel: Qtrax Music Downloader Packages - (...) [HKCU][64Bits] -- Qtrax Music Downloader Packages
O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM][64Bits] -- RegClean Pro_is1 =>Rogue.RegistryPowerCleaner
O42 - Logiciel: SweetIM Bundle by SweetPacks - (.SweetPacks LTD.) [HKLM][64Bits] -- SweetIM Bundle by SweetPacks =>PUP.SweetIM
O42 - Logiciel: SweetPacks Updater Service - (...) [HKLM][64Bits] -- WNLT =>Adware.IncrediBar
O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM][64Bits] -- {9937E55B-6331-4804-93EF-77E992F204BD} =>Adware.SocialSkinz
O42 - Logiciel: Whilokii 1.0.0 - (.Whilokii.) [HKLM][64Bits] -- Whilokii =>PUP.Whilokii
O42 - Logiciel: Zula Games - (.ZulaGames.com.) [HKLM][64Bits] -- Zula Games =>Adware.InstallBrain
~ Logic: 130 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\596da8ab76fbf41]
[HKCU\Software\APN DTX]
[HKCU\Software\Alexa Internet]
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\BI]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKCU\Software\BonanzaDeals] =>Adware.BonanzaDeals
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\DealPlyLive] =>PUP.DealPly
[HKCU\Software\Delta]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\V9]
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKCU\Software\Whilokii] =>PUP.Whilokii
[HKCU\Software\iLivid] =>Adware.Bandoo
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\596da8ab76fbf41]
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\BearShareSRTB] =>PUP.BearShare
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKLM\Software\Wow6432Node\BonanzaDeals] =>Adware.BonanzaDeals
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Datamngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\DealPlyLive] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\MDNF]
[HKLM\Software\Wow6432Node\Minibar]
[HKLM\Software\Wow6432Node\SafetyNut]
[HKLM\Software\Wow6432Node\Services x86] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\Whilokii] =>PUP.Whilokii
[HKLM\Software\Wow6432Node\deskSvc]
[HKLM\Software\Wow6432Node\eSafeSecControl] =>PUP.eSafeSecurity
~ Key Software: 255 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/10/2013 - 16:57:27 - [9,430] ----D C:\Program Files (x86)\AskPartnerNetwork
O43 - CFD: 22/10/2013 - 18:48:15 - [1,165] ----D C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 22/10/2013 - 18:48:29 - [3,750] ----D C:\Program Files (x86)\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 15/07/2013 - 18:10:25 - [0,851] ----D C:\Program Files (x86)\DealPly =>PUP.DealPly
O43 - CFD: 15/07/2013 - 18:57:10 - [0] ----D C:\Program Files (x86)\DealPlyLive =>PUP.DealPly
O43 - CFD: 28/09/2013 - 11:21:40 - [10,389] ----D C:\Program Files (x86)\Desk 365 =>Hijacker.22Find
O43 - CFD: 05/02/2013 - 16:15:17 - [0,293] ----D C:\Program Files (x86)\File Scout =>PUP.FileScout
O43 - CFD: 01/03/2013 - 20:56:22 - [1,053] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster
O43 - CFD: 25/09/2013 - 20:17:12 - [0,384] ----D C:\Program Files (x86)\Minibar
O43 - CFD: 22/10/2013 - 18:49:49 - [34,810] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 19/10/2013 - 11:31:13 - [5,464] ----D C:\Program Files (x86)\Pricora =>Adware.Pricora
O43 - CFD: 22/10/2013 - 18:48:26 - [14,401] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner
O43 - CFD: 08/10/2013 - 20:52:11 - [0,615] ----D C:\Program Files (x86)\Savings Wave =>PUP.CrossRider
O43 - CFD: 15/07/2013 - 17:45:11 - [0,359] ----D C:\Program Files (x86)\sweetpacks bundle uninstaller =>PUP.SweetIM
O43 - CFD: 28/09/2013 - 11:49:10 - [26,521] ----D C:\Program Files (x86)\Video Performer
O43 - CFD: 22/10/2013 - 18:48:25 - [0,753] ----D C:\Program Files (x86)\Whilokii =>PUP.Whilokii
O43 - CFD: 01/03/2013 - 18:42:17 - [0,191] ----D C:\Program Files (x86)\Yontoo =>Adware.Yontoo
O43 - CFD: 28/09/2013 - 11:48:52 - [2,355] ----D C:\Program Files (x86)\Zula Games =>Adware.InstallBrain
O43 - CFD: 15/06/2013 - 14:16:33 - [33,331] ----D C:\Program Files (x86)\Common Files\337
O43 - CFD: 07/10/2013 - 16:08:45 - [0] ----D C:\ProgramData\APN
O43 - CFD: 20/10/2013 - 16:57:27 - [0,533] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 04/02/2013 - 18:31:02 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 01/10/2013 - 15:57:49 - [16,798] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 22/10/2013 - 18:48:29 - [0,040] ----D C:\ProgramData\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 23/10/2012 - 17:37:33 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 18/07/2013 - 15:45:43 - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 15/07/2013 - 17:52:14 - [0,059] ----D C:\ProgramData\DealPlyLive =>PUP.DealPly
O43 - CFD: 29/09/2013 - 10:03:41 - [0,147] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
O43 - CFD: 22/10/2013 - 14:56:33 - [1,098] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity
O43 - CFD: 28/09/2013 - 11:48:09 - [0,004] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 08/06/2012 - 18:38:08 - [0,001] ----D C:\ProgramData\Partner
O43 - CFD: 01/03/2013 - 18:42:25 - [0,281] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 03/12/2012 - 18:55:34 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 15/06/2013 - 13:50:48 - [1,063] ----D C:\Users\jean-pierre\AppData\Roaming\0F0C1V0F1L1I1P0E2V2Z1C1T1R2Z1F1C
O43 - CFD: 22/10/2013 - 18:48:35 - [0] ----D C:\Users\jean-pierre\AppData\Roaming\Advanced System Protector =>PUP.AdvancedSystemProtector
O43 - CFD: 28/09/2013 - 11:48:38 - [1,265] ----D C:\Users\jean-pierre\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 04/02/2013 - 18:31:02 - [0,035] ----D C:\Users\jean-pierre\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 15/06/2013 - 14:16:39 - [0,098] ----D C:\Users\jean-pierre\AppData\Roaming\DealPly =>PUP.DealPly
O43 - CFD: 13/08/2013 - 16:13:50 - [31,147] ----D C:\Users\jean-pierre\AppData\Roaming\Desk 365 =>Hijacker.22Find
O43 - CFD: 15/06/2013 - 14:14:48 - [5,183] ----D C:\Users\jean-pierre\AppData\Roaming\eIntaller
O43 - CFD: 03/03/2013 - 10:42:25 - [0,308] ----D C:\Users\jean-pierre\AppData\Roaming\File Scout =>PUP.FileScout
O43 - CFD: 03/12/2012 - 18:45:32 - [26,555] ----D C:\Users\jean-pierre\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 05/02/2013 - 16:15:32 - [0,023] ----D C:\Users\jean-pierre\AppData\Roaming\SpecialSavings =>PUP.SpecialSavings
O43 - CFD: 29/09/2013 - 10:03:43 - [0,081] ----D C:\Users\jean-pierre\AppData\Roaming\SpeedAnalysis2 =>PUP.SpeedAnalysis
O43 - CFD: 22/10/2013 - 18:50:22 - [0,102] ----D C:\Users\jean-pierre\AppData\Roaming\UpdaterEX =>PUP.Dealply
O43 - CFD: 25/09/2013 - 20:17:16 - [0,078] ----D C:\Users\jean-pierre\AppData\Local\AppsHat Mobile Apps =>Adware.MegaSearch
O43 - CFD: 22/10/2013 - 18:48:29 - [0] ----D C:\Users\jean-pierre\AppData\Local\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 15/07/2013 - 17:52:15 - [0] ----D C:\Users\jean-pierre\AppData\Local\DealPlyLive =>PUP.DealPly
O43 - CFD: 25/09/2013 - 20:17:13 - [0,941] ----D C:\Users\jean-pierre\AppData\Local\Minibar
O43 - CFD: 25/06/2013 - 14:24:33 - [0] ----D C:\Users\jean-pierre\AppData\Local\Updater12765 =>PUP.CrossRider
O43 - CFD: 25/09/2013 - 20:17:15 - [0,004] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat =>Adware.MegaSearch
O43 - CFD: 01/10/2013 - 15:57:53 - [0,001] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
O43 - CFD: 22/10/2013 - 18:48:15 - [0,001] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 22/10/2013 - 18:49:49 - [0,002] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 28/09/2013 - 11:49:10 - [0,002] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Performer
O43 - CFD: 30/11/2011 - 22:43:55 - [0,001] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
~ 354 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 601 Legitimates Filtered in 00mn 14s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.A34415C324483C459F4D44CEAB52B252] - 21/10/2013 - 21:55:58 ---A- - C:\Windows\Prefetch\BITGUARD.EXE-9B5072C7.pf =>PUP.BitGuard
O45 - LFCP:[MD5.1B00DF1CB2F51BE457F5A00D3CC8C1A8] - 22/10/2013 - 13:53:21 ---A- - C:\Windows\Prefetch\PRICORA-ENABLER.EXE-E7B6DCD7.pf =>Adware.Pricora
O45 - LFCP:[MD5.3E3DD46AB0C55B2470361CEBB52EE7EB] - 22/10/2013 - 14:00:38 ---A- - C:\Windows\Prefetch\OLICENSEHEARTBEAT.EXE-3846C330.pf
O45 - LFCP:[MD5.35B37B1AC2B00A941017851485755EDE] - 22/10/2013 - 17:47:08 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-8E13522B.pf =>Toolbar.Wajam
O45 - LFCP:[MD5.B6A2CC158614354029DE71EC558DE4A8] - 22/10/2013 - 17:47:52 ---A- - C:\Windows\Prefetch\BACKGROUNDHOST64.EXE-54A544F6.pf
O45 - LFCP:[MD5.819E51EF8879A4E11358DB674E797693] - 22/10/2013 - 17:47:53 ---A- - C:\Windows\Prefetch\DOKOTB.EXE-1F907999.pf
O45 - LFCP:[MD5.8064F58F4AD242FE272EFBC96EB1F066] - 22/10/2013 - 17:47:53 ---A- - C:\Windows\Prefetch\WHILOKII_IS.EXE-88E7D85B.pf =>PUP.Whilokii
O45 - LFCP:[MD5.ECC7FA0EE3AA2DA1FB65D8AE1298E38E] - 22/10/2013 - 17:48:20 ---A- - C:\Windows\Prefetch\SQLITE3.EXE-66C8E782.pf
O45 - LFCP:[MD5.3181C8966307FDD2C2C3334714ACF3FE] - 22/10/2013 - 17:48:23 ---A- - C:\Windows\Prefetch\BD.EXE-635B71FA.pf
O45 - LFCP:[MD5.1DEC2CBAE6258A327527FAAAE35D5D14] - 22/10/2013 - 17:48:24 ---A- - C:\Windows\Prefetch\UNINST.EXE-E3739075.pf
O45 - LFCP:[MD5.3D52CF48B0F26A73BBB1019C7D4619DC] - 22/10/2013 - 17:48:28 ---A- - C:\Windows\Prefetch\RCPSETUP_ADPPI_ADPPI.EXE-E42EDFB7.pf
O45 - LFCP:[MD5.FABEDC58130370182D19D1EAAE8191AF] - 22/10/2013 - 17:48:28 ---A- - C:\Windows\Prefetch\RCPSETUP_ADPPI_ADPPI.TMP-243BDFB7.pf
O45 - LFCP:[MD5.E25B3EE030B94E154E79754D2A1A5D37] - 22/10/2013 - 17:48:34 ---A- - C:\Windows\Prefetch\UPDATEWHILOKII.EXE-DA3ED350.pf =>PUP.Whilokii
O45 - LFCP:[MD5.317D858510F552D91538F14CBC4C3BAD] - 22/10/2013 - 17:48:37 ---A- - C:\Windows\Prefetch\CLOUD_BACKUP_SETUP_INTL.EXE-67247175.pf
O45 - LFCP:[MD5.75C2C8944CD1742C0BCC86B3475572DC] - 22/10/2013 - 17:48:38 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVE.EXE-55F502D6.pf =>Adware.BonanzaDeals
O45 - LFCP:[MD5.C377771CDC75D54E8F9AC2A5BE53E306] - 22/10/2013 - 17:48:39 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVE.EXE-9DC927CB.pf =>Adware.BonanzaDeals
O45 - LFCP:[MD5.A6699E05BEC5D79291E3C2BD0DC437F7] - 22/10/2013 - 17:49:53 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-98FB306F.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.FCC6A0BEA3D9ADF01C24B3F101C7621D] - 22/10/2013 - 17:52:40 ---A- - C:\Windows\Prefetch\FIREFOX_SETUP [1].EXE-552E9772.pf
O45 - LFCP:[MD5.1EF7A306D54BDA9CE8D0DFEA09BDCD27] - 22/10/2013 - 17:53:00 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVEHANDLER.EXE-D4DB8421.pf =>Adware.BonanzaDeals
O45 - LFCP:[MD5.59224620910E6DF0B20B6E7BD728391A] - 22/10/2013 - 17:53:10 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVE.EXE-B181B230.pf =>Adware.BonanzaDeals
~ Prefetcher: 133 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Desk 365 [Key] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =>Hijacker.22Find
~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] - 30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 20/10/2013 - 18:56:29 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 20/10/2013 - 18:56:42 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Local State [44585]
O61 - LFC: 20/10/2013 - 18:56:53 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\AcroRd32_fcfb5f565deaea2a72249bc84ac6500c.ico [23118] =>Hijacker.22Find
O61 - LFC: 20/10/2013 - 18:56:53 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\chrome_cdd794085a56557576a651056d71e3fd.ico [55773] =>Hijacker.22Find
O61 - LFC: 20/10/2013 - 18:56:54 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\iexplore_296850674ad9ba612c74e8a3c2ff5efe.ico [82151] =>Hijacker.22Find
O61 - LFC: 20/10/2013 - 18:56:55 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\SkyDrive_0afae65cabda6a207632ce1bb56183c6.ico [37288] =>Hijacker.22Find
O61 - LFC: 20/10/2013 - 18:57:03 ---A- . (...) -- C:\Users\jean-pierre\Documents\Programme tv jp.ods [5142]
O61 - LFC: 20/10/2013 - 18:57:05 ---A- . (...) -- C:\Users\jean-pierre\Documents\TELETHON\TELETHON CIBOURE 2013.odt [6331]
O61 - LFC: 20/10/2013 - 18:57:05 ---A- . (...) -- C:\Users\jean-pierre\Documents\TELETHON\TELETHON CIBOURE.odt [6091]
O61 - LFC: 21/10/2013 - 18:56:42 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Toolbar Cache\7.5.4601.54\fr\translate_languages.json.content [1497]
O61 - LFC: 21/10/2013 - 18:56:52 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\BabSolution\Shared\chu.js [2] =>Hijacker.BabSolution
O61 - LFC: 22/10/2013 - 18:56:28 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\avgchrome\avgp [101708]
O61 - LFC: 22/10/2013 - 18:56:42 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Toolbar Cache\7.5.4601.54\fr\translate_element.js.content [2381]
O61 - LFC: 22/10/2013 - 18:56:52 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\DealPly\UpdateProc\TTL.DAT [5] =>PUP.DealPly
O61 - LFC: 22/10/2013 - 18:56:53 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\desk_list.xml [72926] =>Hijacker.22Find
O61 - LFC: 22/10/2013 - 18:56:53 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\firefox_7f6c31235f2470042b7c737e39ba6023.ico [85989] =>Hijacker.22Find
O61 - LFC: 22/10/2013 - 18:56:54 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\ICReinstall_Firefox_Setup_65b2a605c70fc270d42ed753fbc8094f.ico [20350] =>Hijacker.22Find
O61 - LFC: 22/10/2013 - 18:56:55 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Desk 365\icons\RegCleanPro_98790a3b17cb689fb4e09f1856ed1029.ico [26694] =>Hijacker.22Find
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp [6] =>Rogue.RegistryPowerCleaner
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\French_rcp.dat [51966] =>Rogue.RegistryPowerCleaner
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp [6] =>Rogue.RegistryPowerCleaner
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp [196412] =>Rogue.RegistryPowerCleaner
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\ZHP\Log.txt [22621] =>.Nicolas Coolman
O61 - LFC: 22/10/2013 - 18:57:01 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\ZHP\TestsZHPDiag.txt [3042] =>.Nicolas Coolman
~ 160 Fichiers temporaires (Temporary files)
~ Files: 417 Legitimates Filtered in 00mn 37s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O68 - StartMenuInternet: <Torch> <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 5DAABE9A817E426D9FE4DE13FB20D371 - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] F568FB0C2A354EF48EA23B30A741A761 - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] Live Search - (Live Search) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (SearchGol) - https://www.searchgol.com/ =>Hijacker.SearchGol
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (delta-homes) - http://search.delta-homes.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {52db1893-8a90-4192-aede-08e00b8f8473} - (Ask.com) - https://www.search.ask.com/web?l=dis&q=&o=APN10655A&apn_dtid=%5EBND101%5EYY%5EFR&shad=s_0048&gct=hp&apn_ptnrs=%5EAG5&d=101-0&lang=en&atb=sysid%3D101%3Auid%3De71e508e6f0b6f35%3Asrc%3Dhmp%3Ao%3DAPN10655A%3Atg%3D&p2=%5EAG5%5EBND101%5EYY%5EFR
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {812F8ACE-62BC-4CB3-8A81-2F352FAEDE23} - (Ask Search) - http://www.search.ask.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} - (Search Results) - https://www.search.ask.com/web?l=dis&q=&o=APN10655A&apn_dtid=%5EBND101%5EYY%5EFR&shad=s_0048&gct=hp&apn_ptnrs=%5EAG5&d=101-0&lang=en&atb=sysid%3D101%3Auid%3D58c9331d816657ac%3Asrc%3Dhmp%3Ao%3DAPN10655A%3Atg%3D&p2=%5EAG5%5EBND101%5EYY%5EFR =>PUP.SearchResults
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - https://www.search.ask.com/web?l=dis&q=&o=APN10655A&apn_dtid=%5EBND101%5EYY%5EFR&shad=s_0048&gct=hp&apn_ptnrs=%5EAG5&d=101-0&lang=en&atb=sysid%3D101%3Auid%3De71e508e6f0b6f35%3Asrc%3Dhmp%3Ao%3DAPN10655A%3Atg%3D&p2=%5EAG5%5EBND101%5EYY%5EFR
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (SweetIM Search) - https://search.sweetim.com/ =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Nation Search) - https://isearch.nation.com/
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.49F3F96A236521578C6BBEECF05567B9] [SPRF][20/10/2013] (.Ask Partner Network - Stub Installer.) -- C:\Users\jean-pierre\AppData\Local\Temp\APNSetup.exe [510928]
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][22/10/2013] (...) -- C:\Users\jean-pierre\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.B38F41F1B8AEC6B2173047DDC2A7E897] [SPRF][28/09/2013] (...) -- C:\Users\jean-pierre\AppData\LocalLow\SkwConfig.bin [6312]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{E447C503-ACB3-4E9D-B83E-9425271DE2C1}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{627D34F9-3C3C-4872-9465-5B40012B44FA}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "TCP Query User{0B02FB37-1896-4B33-B795-85AB6B2521FD}C:\users\jean-pierre\appdata\roaming\nosibay\bubble dock\bubble dock.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\jean-pierre\appdata\roaming\nosibay\bubble dock\bubble dock.exe (.not file.) =>PUP.BubbleDock
O87 - FAEL: "UDP Query User{8510EC31-9791-4C34-B8BE-C22792E5C140}C:\users\jean-pierre\appdata\roaming\nosibay\bubble dock\bubble dock.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\jean-pierre\appdata\roaming\nosibay\bubble dock\bubble dock.exe (.not file.) =>PUP.BubbleDock
O87 - FAEL: "{46EE1861-E4AF-4A1D-9BC2-54C2F3436862}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{528AB756-E3D0-47B8-A75D-27FD32F53397}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{86581957-0417-4B17-86C4-A5AE70D279E7}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{FEBDB0FD-ADC4-4270-A08E-B462C31F2818}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{1A23B4D6-E12A-4FD7-AC15-84F0F72FEBFE}" | In - Public - P6 - TRUE | .(.Wsys Co., Ltd. - Wsys Control 13.3.2.2610.) -- C:\ProgramData\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity
~ Firewall: 207 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "D2A425F47365A600677A7A857BC06000" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-006A-76A7-A758B70C0600}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 242 Legitimates Filtered in 00mn 00s
---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\596da8ab76fbf41\2.6.1339.144\upd]:="upd=1"
[HKCU\Software\596da8ab76fbf41\2.6.1519.190\upd]:="upd=1"
[HKCU\Software\596da8ab76fbf41\2.6.1673.238\upd]:="upd=1"
[HKCU\Software\596da8ab76fbf41\2.6.1694.246\upd]:="upd="
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Eazel
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596da8ab76fbf41\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238"
[HKCU\Software\596da8ab76fbf41]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\596da8ab76fbf41]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8
A voir également:
- Zhpdiag+aide
- Zhpdiag - Télécharger - Informations & Diagnostic
- Analyse ZHPDiag - Forum Virus
- Alerte avast jdownloader (rapport ZHPDIAG) ✓ - Forum Virus
- CrossRider : je ne trouve pas la clé donnée par ZHPdiag ✓ - Forum Virus
1 réponse
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
23 oct. 2013 à 18:22
23 oct. 2013 à 18:22
Salut,
Tu as installé des adwares et programmes parasites sur ton PC.
Voici la procédure à suivre pour les supprimer : scanne
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et copie/colle le rapport ici dans une nouvelle réponse.
!!! Malwarebyte doit être à jour avant de faire le scan !!!
Coche tout ce qui est détecté - puis bouton supprimer sélection pour tout supprimer.
si Malwarebytes demande de redémarrer le PC, redémarre le avant de passer à l'étape suivante.
puis :
Suis ce tutorial https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
Vas sur le lien, télécharge AdwCleaner comme indiqué.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]
Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
Tu as installé des adwares et programmes parasites sur ton PC.
Voici la procédure à suivre pour les supprimer : scanne
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et copie/colle le rapport ici dans une nouvelle réponse.
!!! Malwarebyte doit être à jour avant de faire le scan !!!
Coche tout ce qui est détecté - puis bouton supprimer sélection pour tout supprimer.
si Malwarebytes demande de redémarrer le PC, redémarre le avant de passer à l'étape suivante.
puis :
Suis ce tutorial https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
Vas sur le lien, télécharge AdwCleaner comme indiqué.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]
Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
