Sujet Précédent Sujet Suivant

Infection par "http://rvzr-a.akamaihd.net

Résolu/Fermé
clanarchie Messages postés 9 Date d'inscription mardi 3 décembre 2013 Statut Membre Dernière intervention 4 décembre 2013 - 4 déc. 2013 à 09:06
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 5 déc. 2013 à 10:27
bonjour. Mon ordi pète un cable ;.. ses capacités sont fortement ralenties et des fenetres de pub plus ou moins recommandables s'ouvrent e manière intempestive.
Un certin Julien a eu exactement le même problème et un pro en la matière, Guillaume, lui a donné la marche à suivre en telechargeant ZHPdiag.

je l'ai fait à mon tour et voici le rapport issu du scan effectué par ZHP

~ Rapport de ZHPDiag v2013.12.3.6 - Nicolas Coolman (03/12/2013)
~ Lancé par caro (03/12/2013 21:21:38)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16428
GCIE: Google Chrome v31.0.1650.57 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : W8DQG
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Internet Security v9.0.2008
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3996 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 354 GB (78%) free of 449 GB

---\\ Mode de connexion au système
~ Computer Name: CARO-TOSH
~ User Name: caro
~ All Users Names: HomeGroupUser$, caro, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\caro\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\caro\AppData\Roaming\
~ %Desktop% : C:\Users\caro\Desktop\
~ %Favorites% : C:\Users\caro\Favorites\
~ %LocalAppData% : C:\Users\caro\AppData\Local\
~ %StartMenu% : C:\Users\caro\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 354 Go of 449 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.E6CB36B85BE59095337427E853A5B65A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.27/11/2013 - 09:36:08.) -- C:\Windows\System32\wininet.dll [2332160]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/02/2011 - 07:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1054
~ Mes musiques (My Musics) : 1/54
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 1/17
~ Mon Bureau (My Desktop) : 2/355
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.3816]
[MD5.47C1DE0A890613FFCFF1D67648EEDF90] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920] [PID.5184]
[MD5.4D1DA8CE5E364D22B4FF00F163194514] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.5464]
[MD5.4169FFB6158D630463DBE8FAA1BFEAE3] - (.TOSHIBA - TOSHIBA Sleep Service.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312] [PID.5640]
[MD5.4D5D968FE6AE6BF94A807F73F7FF6B3D] - (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168] [PID.5728]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.5764]
[MD5.490F9A7948EF661DF32A9F0DC8534284] - (.Brother Industries, Ltd. - Brother Status Monitor (Local).) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe [221184] [PID.5976]
[MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe [872448] [PID.5984]
[MD5.CD37E8F77BFF71F104BDC941A393F0B5] - (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe [645896] [PID.8008]
[MD5.4DA92A4C32F68E57C49CD77CD0A7439C] - (...) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe [119808] [PID.7068]
[MD5.636D97B3BAF854511FF3F4093E895FED] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184] [PID.2412]
[MD5.DC01B5913305D514041A48D44E4326ED] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8277504] [PID.8412]
[MD5.4D41D30E2FAB3307967C7A0B045DC874] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1312]
[MD5.A1053E63A2C435F0A7E148BA10085DF8] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [116776] [PID.1576]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1892]
[MD5.3176FE6D7C311A0A4ED79FB77E17C249] - (.Pas de propriétaire - Installer.) -- C:\ProgramData\IBUpdaterService\ibsvc.exe [737568] [PID.2016] =>Adware.InstallBrain
[MD5.5A8C154DE7DDEE8ADA3375CC76C4351F] - (...) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320] [PID.1340]
[MD5.13E838EA8652F8451F29301D3B56B17B] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648] [PID.1872]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2288]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2688]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3988]
[MD5.BD9457699AC9C1A0FE43398043617279] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [276824] [PID.6328]
[MD5.DFE14D63F0F649EE94A9E3442B7C8F2C] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [687400] [PID.6540]
[MD5.F76057596EF65049869098677AB72C30] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [362840] [PID.7568]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\caro\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.mysearchdial.com =>Adware.MyWebSearch
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: surff aNd keeep [64Bits] - {6E799DD0-8BDE-3175-6F5A-77FC754014E3} . (...) -- C:\Program Files (x86)\surff aNd keeep\mCY.dll =>Adware.SurfAndKeep
~ BHO: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Manual.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) -- C:\Program Files (x86)\TOSHIBA\Manuals\TREXLauncher.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\QuickLaunch [caro]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [caro]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [caro]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [caro]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [caro]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [caro]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [caro]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\caro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 66 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Toshiba Places Icon Utility.lnk . (.Toshiba - Toshiba Places Icon Utility.) -- C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
O4 - GS\Startup [caro]: TRDCReminder.lnk . (.TOSHIBA Europe - TOSHIBA Recovery Reminder.) -- C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SAII\SACpl.exe
O4 - HKLM\..\Run: [SRS Premium Sound HD] . (.SRS Labs, Inc. - SRS Control Panel.) -- C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.)
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.)
O4 - HKLM\..\Run: [Teco] C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe (.not file.)
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [ThpSrv] Clé orpheline
O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - Pas de description.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosVolRegulator] . (.TOSHIBA Corporation - Toshiba Volume Regulator.) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) -- C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\caro\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [NBAgent] . (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [ITSecMng] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation
O4 - HKLM\..\Wow6432Node\Run: [TSleepSrv] . (.TOSHIBA - TOSHIBA Sleep Service.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Wow6432Node\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [20131121] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\3edc8363-fd93-4221-9aa5-d7b1a8b1766a.exe
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2255987732-2547001708-1395682484-1001\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-21-2255987732-2547001708-1395682484-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2255987732-2547001708-1395682484-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\caro\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A72E667-EE99-455A-A8C0-FB818E197542}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{57490721-46AA-427B-BB90-58E776A341FC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A72E667-EE99-455A-A8C0-FB818E197542}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{57490721-46AA-427B-BB90-58E776A341FC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A72E667-EE99-455A-A8C0-FB818E197542}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{57490721-46AA-427B-BB90-58E776A341FC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Updater Service (IBUpdaterService) . (.Pas de propriétaire - Installer.) - C:\ProgramData\IBUpdaterService\ibsvc.exe =>Adware.InstallBrain
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 17 Legitimates Filtered in 00mn 08s



---\\ Logiciels installés (O42)
O42 - Logiciel: DowNloeadd keeper - (.DowNloAd keoeeperr.) [HKLM][64Bits] -- {C1A27135-69EB-8D44-7358-34727DD7B820} =>PUP.DownloadKeeper
O42 - Logiciel: Search Protect - (.Conduit.) [HKLM][64Bits] -- SearchProtect =>Toolbar.Conduit
O42 - Logiciel: Updater Service - (...) [HKLM][64Bits] -- Updater Service =>Adware.IncrediBar
O42 - Logiciel: ss helper 1.74 - (...) [HKLM][64Bits] -- SP_eea72b4f =>Adware.SaveShare
O42 - Logiciel: surff aNd keeep - (.surf aend kkeepp.) [HKLM][64Bits] -- {A35CA8FF-CB7D-8361-1CB9-83219CD11C78} =>Adware.SurfAndKeep
~ Logic: 44 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKCU\Software\Cocotron]
[HKCU\Software\Delta]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix
[HKLM\Software\Wow6432Node\mysearchdial] =>Adware.MyWebSearch
~ Key Software: 272 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/10/2013 - 22:19:35 - [0,851] ----D C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 25/10/2013 - 07:54:41 - [0] ----D C:\Program Files (x86)\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 24/10/2013 - 22:20:58 - [0,015] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 05/10/2013 - 21:59:30 - [1,473] ----D C:\Program Files (x86)\ss helper =>Adware.SaveShare
O43 - CFD: 11/11/2013 - 00:14:29 - [0,750] ----D C:\Program Files (x86)\surff aNd keeep =>Adware.SurfAndKeep
O43 - CFD: 11/11/2013 - 00:14:29 - [0,026] ----D C:\ProgramData\bab0f8b162a5aded
O43 - CFD: 04/08/2013 - 16:23:32 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 24/10/2013 - 22:05:04 - [0,081] ----D C:\ProgramData\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 05/10/2013 - 21:58:30 - [0,332] ----D C:\ProgramData\DowNloeadd keeper =>PUP.DownloadKeeper
O43 - CFD: 04/08/2013 - 16:23:29 - [0,707] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 11/11/2013 - 00:15:53 - [3,289] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 10/07/2013 - 16:03:51 - [0,001] ----D C:\ProgramData\Partner
O43 - CFD: 11/11/2013 - 00:14:29 - [0,352] ----D C:\ProgramData\surff aNd keeep =>Adware.SurfAndKeep
O43 - CFD: 14/09/2013 - 07:37:27 - [0,179] ----D C:\Users\caro\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 04/08/2013 - 16:23:31 - [0,003] ----D C:\Users\caro\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 11/11/2013 - 00:05:09 - [0] ----D C:\Users\caro\AppData\Roaming\CocotronLibrary
O43 - CFD: 04/08/2013 - 16:23:29 - [0,308] ----D C:\Users\caro\AppData\Roaming\File Scout =>PUP.FileScout
O43 - CFD: 12/08/2013 - 10:52:45 - [0] ----D C:\Users\caro\AppData\Roaming\FileSystem-wt3
O43 - CFD: 24/10/2013 - 22:05:15 - [0,064] ----D C:\Users\caro\AppData\Roaming\mysearchdial =>Adware.MyWebSearch
O43 - CFD: 04/08/2013 - 16:23:43 - [0,081] ----D C:\Users\caro\AppData\Roaming\SpeedAnalysis2 =>PUP.SpeedAnalysis
O43 - CFD: 24/10/2013 - 22:05:04 - [0] ----D C:\Users\caro\AppData\Local\BonanzaDealsLive =>Adware.BonanzaDeals
~ 5 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 163 Legitimates Filtered in 00mn 24s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 27/11/2013 - 09:36:08 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [16284]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 27/11/2013 - 09:36:08 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
O44 - LFC:[MD5.EFBB8F16C49764136572123FE100F1C1] - 27/11/2013 - 09:42:26 ---A- . (...) -- C:\Windows\IE11_main.log [10277]
~ Files: 148 Legitimates Filtered in 00mn 09s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.37C78B1AE73083EB5064471544C8764A] - 03/12/2013 - 17:12:40 ---A- - C:\Windows\Prefetch\IBSVC.EXE-3B798519.pf =>Adware.InstallBrain
O45 - LFCP:[MD5.F33714BC965E9D42CB1C9FE3A1813229] - 03/12/2013 - 17:13:20 ---A- - C:\Windows\Prefetch\BRCTRCEN.EXE-35ABB3DB.pf
O45 - LFCP:[MD5.4344C61036080BC7558485467DA2B817] - 03/12/2013 - 17:13:20 ---A- - C:\Windows\Prefetch\BRMFCWND.EXE-48F6D0C6.pf
O45 - LFCP:[MD5.3CC1CFD7A71BE9DDE2A1CDC5AC0A23CB] - 03/12/2013 - 17:13:21 ---A- - C:\Windows\Prefetch\3EDC8363-FD93-4221-9AA5-D7B1A-D47817A9.pf
O45 - LFCP:[MD5.D9CBE45AEDCE74722B66158E20BE7FF6] - 03/12/2013 - 17:13:22 ---A- - C:\Windows\Prefetch\BRMFCMON.EXE-65C6F323.pf
O45 - LFCP:[MD5.124D2474ED84D6C77D25B3EAD5DA91F3] - 03/12/2013 - 17:13:23 ---A- - C:\Windows\Prefetch\BRCCMCTL.EXE-817EEE0E.pf
O45 - LFCP:[MD5.B7A8F50ECDCE4D24571EBA369DF2B8DB] - 03/12/2013 - 20:48:37 ---A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf
O45 - LFCP:[MD5.03DE34B45A00B30D0B647ECC1FE8B3C0] - 03/12/2013 - 20:51:44 ---A- - C:\Windows\Prefetch\MAVINJECT32.EXE-9364A4AD.pf
~ Prefetcher: 138 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{a48b4ca6-d208-11e2-af05-047d7bf95fd4}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 19/11/2013 - 19:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.59787B95DD9CA44CB139D96863438587] - 19/11/2013 - 19:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 17 Legitimates Filtered in 00mn 08s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 02/12/2013 - 21:22:59 ---A- . (...) -- C:\Users\caro\AppData\Local\GDIPFONTCACHEV1.DAT [116960]
O61 - LFC: 02/12/2013 - 21:23:22 ---A- . (...) -- C:\Users\caro\AppData\Local\Google\Toolbar Cache\7.5.4601.54\fr\translate_element.js.content [2381]
O61 - LFC: 02/12/2013 - 21:23:22 ---A- . (...) -- C:\Users\caro\AppData\Local\Google\Toolbar Cache\7.5.4601.54\fr\translate_languages.json.content [1861]
O61 - LFC: 02/12/2013 - 21:23:22 ---A- . (...) -- C:\Users\caro\AppData\Local\Google\Toolbar\broker_metrics.xml [3651]
O61 - LFC: 02/12/2013 - 21:23:30 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl [333258]
O61 - LFC: 02/12/2013 - 21:23:30 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL [296658]
O61 - LFC: 02/12/2013 - 21:23:30 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL [268317]
O61 - LFC: 02/12/2013 - 21:23:30 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL [255948]
O61 - LFC: 02/12/2013 - 21:23:30 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL [251032]
O61 - LFC: 02/12/2013 - 21:23:30 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl [284415]
O61 - LFC: 02/12/2013 - 21:23:30 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl [294178]
O61 - LFC: 02/12/2013 - 21:23:30 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL [270198]
O61 - LFC: 02/12/2013 - 21:23:30 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL [217137]
O61 - LFC: 02/12/2013 - 21:23:30 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl [254875]
O61 - LFC: 02/12/2013 - 21:23:30 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL [250983]
O61 - LFC: 02/12/2013 - 21:23:31 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL [344303]
O61 - LFC: 02/12/2013 - 21:23:31 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Document Building Blocks\1036\15\Built-In Building Blocks.dotx [3619560]
O61 - LFC: 02/12/2013 - 21:23:33 ---A- . (...) -- C:\Users\caro\AppData\Roaming\Microsoft\Templates\Normal.dotm [17877]
O61 - LFC: 02/12/2013 - 21:23:40 ---A- . (...) -- C:\Users\caro\Downloads\courrier ACI - institutionnel.docx [15842]
O61 - LFC: 02/12/2013 - 21:23:43 ---A- . (...) -- C:\Users\caro\Downloads\Organigramme cuisine 2014.pdf [135915]
O61 - LFC: 02/12/2013 - 21:23:43 ---A- . (...) -- C:\Users\caro\Downloads\Pièces jointes_2013122 (1).zip [113366]
O61 - LFC: 02/12/2013 - 21:23:43 ---A- . (...) -- C:\Users\caro\Downloads\Pièces jointes_2013122 (2).zip [334952]
O61 - LFC: 02/12/2013 - 21:23:43 ---A- . (...) -- C:\Users\caro\Downloads\Pièces jointes_2013122 (3).zip [334952]
O61 - LFC: 02/12/2013 - 21:23:43 ---A- . (...) -- C:\Users\caro\Downloads\Pièces jointes_2013122 (4).zip [26100]
O61 - LFC: 02/12/2013 - 21:23:43 ---A- . (...) -- C:\Users\caro\Downloads\Pièces jointes_2013122 (5).zip [18814]
O61 - LFC: 02/12/2013 - 21:23:43 ---A- . (...) -- C:\Users\caro\Downloads\Pièces jointes_2013122 (6).zip [113366]
O61 - LFC: 02/12/2013 - 21:23:43 ---A- . (...) -- C:\Users\caro\Downloads\Pièces jointes_2013122.zip [12388042]
O61 - LFC: 02/12/2013 - 21:23:44 ---A- . (...) -- C:\Users\caro\Links\SkyDrive.lnk [655]
O61 - LFC: 03/12/2013 - 21:22:59 ---A- . (...) -- C:\Users\caro\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [263877]
O61 - LFC: 03/12/2013 - 21:23:21 ---A- . (...) -- C:\Users\caro\AppData\Local\Google\Chrome\User Data\Local State [58047]
O61 - LFC: 03/12/2013 - 21:23:22 ---A- . (...) -- C:\Users\caro\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdm.dll [6940304]
O61 - LFC: 03/12/2013 - 21:23:22 ---A- . (...) -- C:\Users\caro\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\manifest.fingerprint [66]
O61 - LFC: 03/12/2013 - 21:23:22 ---A- . (...) -- C:\Users\caro\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\manifest.json [848]
O61 - LFC: 03/12/2013 - 21:23:38 ---A- . (...) -- C:\Users\caro\AppData\Roaming\ZHP\Log.txt [20562] =>.Nicolas Coolman
O61 - LFC: 03/12/2013 - 21:23:38 ---A- . (...) -- C:\Users\caro\AppData\Roaming\ZHP\TestsZHPDiag.txt [2833] =>.Nicolas Coolman
O61 - LFC: 03/12/2013 - 21:23:39 ---A- . (...) -- C:\Users\caro\Documents\Premières idées pour redévelopper l.docx [13167]
O61 - LFC: 03/12/2013 - 21:23:40 ---A- . (...) -- C:\Users\caro\Downloads\Article Bulletin Municipal.docx [19293]
~ 30 Fichiers temporaires (Temporary files)
~ Files: 734 Legitimates Filtered in 00mn 47s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {5FD23C36-C7C6-E1B3-6958-7E57C7CCCA50} - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {C94C9514-0F6E-48F5-B089-393DCB9F579A} - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.E1CBD15F0CD01171C8B98EB19803B220] [SPRF][24/10/2013] (.Setup © - Setup.) -- C:\Users\caro\AppData\Local\Temp\66639uninstall.exe [298496]
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][24/10/2013] (...) -- C:\Users\caro\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.685F2F87A74F1C407B434370D23C8AAE] [SPRF][24/10/2013] (...) -- C:\Users\caro\AppData\Local\Temp\ICReinstall_office.exe [598704]
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][17/09/2013] (.Conduit - SP Usage Sender.) -- C:\Users\caro\AppData\Local\Temp\nse1B2.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][17/09/2013] (.Conduit - SP Usage Sender.) -- C:\Users\caro\AppData\Local\Temp\nse4E7B.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][17/09/2013] (.Conduit - SP Usage Sender.) -- C:\Users\caro\AppData\Local\Temp\nspFDAC.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][17/09/2013] (.Conduit - SP Usage Sender.) -- C:\Users\caro\AppData\Local\Temp\nsz533D.exe [167812] =>Toolbar.Conduit
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][02/12/2013] (...) -- C:\Users\caro\AppData\Local\Temp\ood_stream.x86.fr-fr.dat [0]
[MD5.093BAF3CDCFF116A8DA012ACDA1D934F] [SPRF][28/07/2013] (...) -- C:\Users\caro\AppData\Local\Temp\SkypeSetup.exe [21789696]
[MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][24/10/2013] (...) -- C:\Users\caro\AppData\Local\Temp\Sqlite3.dll [599419]
[MD5.DB521C3DC7B679226322033B09719ECA] [SPRF][31/07/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\caro\AppData\Local\Temp\uninst1.exe [339440] =>PUP.Babylon
[MD5.9FB9D49C2DB7EDD1084AB765D619F5C6] [SPRF][30/09/2013] (.Conduit - Search Protect by conduit.) -- C:\Users\caro\AppData\Local\Temp\utt8002.tmp.exe [66368] =>Toolbar.Conduit
~ Files: 14 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 26/04/2012 253600 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10/05/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 26/04/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/04/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 23/06/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/02/2011 112080 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SS - | Demand 02/04/2011 198064 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 19/11/2013 116776 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 18/12/2010 198784 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\windows\system32\CxAudMsg64.exe
SR - | Auto 04/08/2013 737568 | (IBUpdaterService) . (...) - C:\ProgramData\IBUpdaterService\ibsvc.exe =>Adware.InstallBrain
SR - | Auto 03/02/2012 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 15/03/2012 127320 | (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 15/03/2012 162648 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 15/03/2012 276824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 20/04/2011 558592 | (Thpsrv) . (.TOSHIBA Corporation.) - C:\windows\system32\ThpSrv.exe
SR - | Demand 12/07/2011 57216 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 20/10/2010 138656 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\windows\system32\TODDSrv.exe
SR - | Auto 16/12/2011 583088 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
SR - | Auto 24/11/2011 294848 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TECO\TecoService.exe =>.Toshiba Corporation
SR - | Demand 26/11/2011 138152 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SR - | Demand 14/12/2011 833976 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Auto 15/03/2012 362840 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 36s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by caro at 03/12/2013 21:24:55
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by caro at 03/12/2013 21:24:57

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13007 - (03/12/2013)
Clés trouvées (Keys found) : 30
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 21
Fichiers trouvés (Files found) : 19

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E799DD0-8BDE-3175-6F5A-77FC754014E3}] =>Adware.SurfAndKeep^
[HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C1A27135-69EB-8D44-7358-34727DD7B820}] =>PUP.DownloadKeeper^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service] =>Adware.IncrediBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_eea72b4f] =>Adware.SaveShare^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}] =>Adware.SurfAndKeep^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service] =>Adware.IncrediBar
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn] =>Adware.InstallBrain
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch
[HKLM\Software\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals^
C:\Program Files (x86)\BonanzaDealsLive =>Adware.BonanzaDeals^
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files (x86)\ss helper =>Adware.SaveShare^
C:\Program Files (x86)\surff aNd keeep =>Adware.SurfAndKeep^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\BonanzaDealsLive =>Adware.BonanzaDeals^
C:\ProgramData\DowNloeadd keeper =>PUP.DownloadKeeper^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\surff aNd keeep =>Adware.SurfAndKeep^
C:\Users\caro\AppData\Roaming\BabSolution =>Hijacker.BabSolution^
C:\Users\caro\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\caro\AppData\Roaming\File Scout =>PUP.FileScout^
C:\Users\caro\AppData\Roaming\mysearchdial =>Adware.MyWebSearch^
C:\Users\caro\AppData\Roaming\SpeedAnalysis2 =>PUP.SpeedAnalysis^
C:\Users\caro\AppData\Local\BonanzaDealsLive =>Adware.BonanzaDeals^
C:\Program Files (x86)\SearchProtect =>Toolbar.Conduit
C:\ProgramData\Partner =>Spyware.Partner
C:\Users\caro\AppData\Local\SearchProtect =>Toolbar.Conduit
C:\Users\caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch
C:\ProgramData\IBUpdaterService\ibsvc.exe =>Adware.InstallBrain^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch^
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals^
[HKLM\Software\Wow6432Node\mysearchdial] =>Adware.MyWebSearch^
C:\Users\caro\AppData\Local\Temp\nse1B2.exe =>Toolbar.Conduit^
C:\Users\caro\AppData\Local\Temp\nse4E7B.exe =>Toolbar.Conduit^
C:\Users\caro\AppData\Local\Temp\nspFDAC.exe =>Toolbar.Conduit^
C:\Users\caro\AppData\Local\Temp\nsz533D.exe =>Toolbar.Conduit^
C:\Users\caro\AppData\Local\Temp\uninst1.exe =>PUP.Babylon^
C:\Users\caro\AppData\Local\Temp\utt8002.tmp.exe =>Toolbar.Conduit^
~ Additionnel Scan: 274401 Items scanned in 00mn 33s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/35582793-adware-surfandkeep =>Adware.SurfAndKeep
~ http://nicolascoolman.webs.com/apps/blog/show/33571597-pup-downloadkeepeor =>PUP.DownloadKeeper
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
~ http://nicolascoolman.webs.com/apps/blog/show/31929570-adware-saveshare =>Adware.SaveShare
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/32816468-adware-bonanzadeals =>Adware.BonanzaDeals
~ http://nicolascoolman.webs.com/apps/blog/show/34311830-pup-filescout =>PUP.FileScout
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
~ http://nicolascoolman.webs.com/apps/blog/show/28486577-pup-mocaflix =>PUP.MocaFlix
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/28153012-pup-speedanalysis =>PUP.SpeedAnalysis
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26632189-adware-magnipic =>Adware.MagniPic
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner
~ MSI: 21 link(s) detected in 00mn 33s



~ 2101 Legitimates filtered by white list
End of the scan (655 lines in 03mn 53s)(0)

Que dois je faire maintenant de ce scan? Guillaume, si tu passes par là, peux tu m'aiguiller. d'avance merci
Caroline


10 réponses

Réponse 1 / 10
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 659
4 déc. 2013 à 09:08
Salut,

Tu as installé des adwares et programmes parasites sur ton PC.
Voici la procédure à suivre pour les supprimer :

Tu utilises quel navigateur our surfer ?


~~

Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et copie/colle le rapport ici dans une nouvelle réponse.
!!! Malwarebyte doit être à jour avant de faire le scan !!!
Coche tout ce qui est détecté en faisant un clic droit sur la liste puis cocher tout
puis bouton supprimer sélection pour tout supprimer.

si Malwarebytes demande de redémarrer le PC, redémarre le avant de passer à l'étape suivante.

puis :

Suis ce tutorial https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
Vas sur le lien, télécharge AdwCleaner comme indiqué.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


puis :

Tu utilises quel navigateur pour surfer ?

Si Firefox et/ou Chrome sont installés :

Sur Firefox : Menu Outils / Modules complémentaires
Onglet Extension.
Donne la liste.

Sur Google Chrome : Menu en haut à droite puis Outils / Extensions
Donne la liste.



ensuite :


- Télécharge https://sourceforge.net/projects/hjt/ ton bureau.
- Pour lancer HijackThis :
* Sur Vista/Seven faire un clic droit puis executer en tant qu'administrater pour le lancer
* Sur XP un simple double-clic suffit
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Enregistre le sur ton bureau
- Envoie le sur http://pjjoint.malekal.com
- Donne le lien pjjoint ici.
0
Réponse 2 / 10
clanarchie Messages postés 9 Date d'inscription mardi 3 décembre 2013 Statut Membre Dernière intervention 4 décembre 2013
4 déc. 2013 à 16:37
bonjour
j'ai déjà effectué un scann dont je donne le détail dans mon premier post. mais je ne sais pas comment traiter ces données auxquelles je ne comprend malheureusement rien
est ce que quelqu'un peu m'aiguiller. d'avance merci
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 659
Modifié par Malekal_morte- le 4/12/2013 à 16:40
Sert à rien de faire ZHPDiag.
J'attends les rapports demandés.
0
Réponse 3 / 10
clanarchie Messages postés 9 Date d'inscription mardi 3 décembre 2013 Statut Membre Dernière intervention 4 décembre 2013
4 déc. 2013 à 16:50
ok, je suis en train de le faire, je vous fais passer tout ça quand j'ai fini
merci bcp
0
Réponse 4 / 10
clanarchie Messages postés 9 Date d'inscription mardi 3 décembre 2013 Statut Membre Dernière intervention 4 décembre 2013
4 déc. 2013 à 20:20
voici le second rapport malekal. je vous passe l'explication du pouruqoi j'en ai refait un. entre les deux, j'ai fait un truc avec ADWcleaner dont je vous met le rapport apres

Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.12.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
caro :: CARO-TOSH [administrateur]

Protection: Activé

04/12/2013 20:02:31
mbam-log-2013-12-04 (20-02-31).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 240861
Temps écoulé: 6 minute(s), 40 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 3
C:\Users\caro\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\caro\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\caro\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.22.0 (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
clanarchie Messages postés 9 Date d'inscription mardi 3 décembre 2013 Statut Membre Dernière intervention 4 décembre 2013
4 déc. 2013 à 20:21
# AdwCleaner v3.014 - Rapport créé le 04/12/2013 à 17:14:33
# Mis à jour le 01/12/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : caro - CARO-TOSH
# Exécuté depuis : C:\Users\caro\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\BonanzaDealsLive
Dossier Supprimé : C:\ProgramData\Partner
Dossier Supprimé : C:\ProgramData\DowNloeadd keeper
Dossier Supprimé : C:\ProgramData\surff aNd keeep
Dossier Supprimé : C:\Program Files (x86)\BonanzaDeals
Dossier Supprimé : C:\Program Files (x86)\BonanzaDealsLive
Dossier Supprimé : C:\Program Files (x86)\MyPC Backup
Dossier Supprimé : C:\Program Files (x86)\ss helper
Dossier Supprimé : C:\Program Files (x86)\surff aNd keeep
Dossier Supprimé : C:\windows\SysWOW64\Searchprotect
Dossier Supprimé : C:\Users\caro\AppData\Local\BonanzaDealsLive
Dossier Supprimé : C:\Users\caro\AppData\Local\Searchprotect
Dossier Supprimé : C:\Users\caro\AppData\LocalLow\Mysearchdial
Dossier Supprimé : C:\Users\caro\AppData\Roaming\BabSolution
Dossier Supprimé : C:\Users\caro\AppData\Roaming\file scout
Dossier Supprimé : C:\Users\caro\AppData\Roaming\Mysearchdial
Dossier Supprimé : C:\Users\caro\AppData\Roaming\PerformerSoft
Dossier Supprimé : C:\Users\caro\AppData\Roaming\Systweak
Dossier Supprimé : C:\Users\caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Fichier Supprimé : C:\windows\System32\roboot64.exe
Fichier Supprimé : C:\Users\caro\AppData\Local\mysearchdial-speeddial.crx
Fichier Supprimé : C:\Users\caro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.speedanalysis.com_0.localstorage
Fichier Supprimé : C:\Users\caro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.speedanalysis.com_0.localstorage-journal
Fichier Supprimé : C:\Users\caro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
Fichier Supprimé : C:\Users\caro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal

***** [ Raccourcis ] *****


***** [ Registre ] *****

Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [zulagames@ZulaGames.com]
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : HKLM\SOFTWARE\Classes\*\shell\filescout
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_eea72b4f
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Clé Supprimée : HKCU\Software\BabSolution
Clé Supprimée : HKCU\Software\BonanzaDealsLive
Clé Supprimée : HKCU\Software\Delta
Clé Supprimée : HKCU\Software\filescout
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\mysearchdial
Clé Supprimée : HKCU\Software\AppDataLow\SProtector
Clé Supprimée : HKLM\Software\BonanzaDealsLive
Clé Supprimée : HKLM\Software\Delta
Clé Supprimée : HKLM\Software\mysearchdial
Clé Supprimée : HKLM\Software\SearchProtect
Clé Supprimée : HKLM\Software\SP Global
Clé Supprimée : HKLM\Software\SProtector
Clé Supprimée : HKLM\Software\systweak
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zulagames

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16428

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v31.0.1650.57

[ Fichier : C:\Users\caro\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : icon_url
Supprimée : search_url
Supprimée : keyword

*************************

AdwCleaner[R0].txt - [7245 octets] - [04/12/2013 17:12:25]
AdwCleaner[S0].txt - [6008 octets] - [04/12/2013 17:14:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6068 octets] ##########
0
Réponse 6 / 10
clanarchie Messages postés 9 Date d'inscription mardi 3 décembre 2013 Statut Membre Dernière intervention 4 décembre 2013
4 déc. 2013 à 20:29
j'utilise google chrome
pour les extensions, j'ai
surff aNd Keeep 2.19
0
Réponse 7 / 10
clanarchie Messages postés 9 Date d'inscription mardi 3 décembre 2013 Statut Membre Dernière intervention 4 décembre 2013
4 déc. 2013 à 20:30
et le dernier pour la route

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:27:34, on 04/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\caro\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\3edc8363-fd93-4221-9aa5-d7b1a8b1766a.exe /check
O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\caro\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - Global Startup: Toshiba Places Icon Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\windows\system32\svchost.exe
0
Réponse 8 / 10
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 659
4 déc. 2013 à 21:09
Supprime : surff aNd Keeep 2.19

Désinsalle Google Toolbar.

Vois ce que cela donne.
0
Réponse 9 / 10
clanarchie Messages postés 9 Date d'inscription mardi 3 décembre 2013 Statut Membre Dernière intervention 4 décembre 2013
4 déc. 2013 à 21:53
Bonsoir
J'ai suivi vos conseils. Tout semble fonctionner correctement. Je vais attendre un jour ou deux pour être sûr qu'il ne reste rien et je ferai classer ce post en résolu; merci bcp bcp pour votre aide rapide et efficace
caroline
0
Réponse 10 / 10
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 659
5 déc. 2013 à 10:27
:)

Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/

0

Discussions similaires

Site Easywifi.config inaccessible /
Charly -
Repeteurwifi -

8 réponses
192.168.49.1
4Pedro -
hopelan -

1 réponse
Configuration répéteur Wifi
Squall -
Squall -

4 réponses
panne zimbra free erreur 413
gmartin -
saucisson_galactique -

7 réponses
Impossible de se connecter a 192.168.1.1
papemane -
Quels -

5 réponses