Ordi trop lent après suppression de virus

suz1990 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention   -  
Fish66 Messages postés 18337 Statut Contributeur sécurité -
Bonsoir,
Il ya quelques semaines j'ai supprimé un trojan que j'ai choppé en téléchargant un fichier ... j'ai lancé un scan malwarbyte en pensais m'etre débarassé du problème sauf que il ya quelques jours mon ordi a commencé à ramer : trop lent au démarrage ainsi que lors de l'ouverture de pages web.
Du coup, j'ai checké un peu ce qu'il ya sur le net comme solution : j'ai lancé ZHPDiag,Rogue killer , adwcleaner et puis j'ai relancé ZHP diag et j'ai un rapport que je peux poster si quelqu'un veux bien m'aider

6 réponses

  1. Marou81 Messages postés 4472 Statut Membre 199
     
    Bonsoir,

    Peux-tu me poster ton rapport ZHPDiag ?

    On va regarder si cela nécessite un helper ou non.

    J'attend ta réponse.

    a+
    0
  2. suz1990 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
     
    Bonsoir , voila le rapport

    ~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013)
    ~ Launched by compurama (16/12/2013 20:52:08)
    ~ Web site address : https://nicolascoolman.webs.com/
    ~ Free support forums for disinfection : https://nicolascoolman.webs.com/
    ~ Translated by
    ~ Version State :
    ~ White List : Activate by program
    ~ Elevation of privilege : OK
    ~ User Account Control : Deactivate by program

    ---\\ Internet browsers
    MSIE: Internet Explorer v11.0.9600.16428
    MFIE: Mozilla Firefox 18.0.2 (Defaut)
    GCIE: Google Chrome v14.0.794.0

    ---\\ Windows product information
    ~ Langage: Anglais
    Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    Software Protection Service (Protection logicielle) : KO
    Key Management Service client information : KO
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    ---\\ System protection software
    avast! Free Antivirus v7.0.1474.0
    Windows Defender W7

    ---\\ System optimization software

    ---\\ Sharing software PeerToPeer

    ---\\ Surveillance software
    Adobe Flash Player 11 Plugin
    Adobe Reader X
    Java 7 Update 7

    ---\\ Information on the system
    ~ Processor: x86 Family 6 Model 37 Stepping 2, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
    Total RAM: 2998 MB (78% free)
    System Restore: Activé (Enable)
    System drive C: has 313 GB (70%) free of 443 GB

    ---\\ Connection to the system mode
    ~ Computer Name: COMPURAMA-PC
    ~ User Name: compurama
    ~ All Users Names: Guest, compurama, Administrator,
    ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
    Logged in as Administrator

    ---\\ Environment variables
    ~ System Unit : C:\
    ~ %AppZHP% : C:\Users\compurama\AppData\Roaming\ZHP\
    ~ %AppData% : C:\Users\compurama\AppData\Roaming\
    ~ %Desktop% : C:\Users\compurama\Desktop\
    ~ %Favorites% : C:\Users\compurama\Favorites\
    ~ %LocalAppData% : C:\Users\compurama\AppData\Local\
    ~ %StartMenu% : C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\
    ~ %Windir% : C:\Windows\
    ~ %System% : C:\Windows\System32\

    ---\\ Enumeration of the disk units
    C: Hard drive, Flash drive, Thumb drive (Free 313 Go of 443 Go)
    D: CD-ROM drive (Not Inserted)

    ---\\ State of the Windows Security Center
    ~ Security Center: 38 Legitimates Filtered in 00mn 00s

    ---\\ Search Generic System Files
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
    [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
    [MD5.B5EB5BD3066959611E1F7A80FD6CC172] - (.Microsoft Corporation - Internet Extensions for Win32.) (.15/12/2013 - 09:01:19.) -- C:\Windows\System32\wininet.dll [1818112]
    [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
    [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
    [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
    [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
    [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
    ~ Generic Processes: Scanned in 00mn 01s

    ---\\ Hidden files state (Hidden/Total)
    ~ Mes images (My Pictures) : 1/535
    ~ Mes musiques (My Musics) : 1/77
    ~ Mes Videos (My Videos) : 1/5
    ~ Mes Favoris (My Favorites) : 1/27
    ~ Mes Documents (My Documents) : 1/175
    ~ Mon Bureau (My Desktop) : 0/62
    ~ Menu demarrer (Programs) : 1/45
    ~ Hidden Files: Scanned in 00mn 03s

    ---\\ Process running
    [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.2040]
    [MD5.58ED0528F2B1BFB3301BC10E0E707C35] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917400] [PID.436]
    [MD5.B45F1D52C0A9519028BD95D34FFAB216] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.2028]
    [MD5.5D60EE718D0C708D69DFF4B3336B68BF] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe [1862536] [PID.1652]
    [MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.332]
    ~ Processes Running: Scanned in 00mn 00s

    ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
    C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Preferences
    ~ Google Browser: 0 Legitimates Filtered in 00mn 00s

    ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
    C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\prefs.js
    M2 - MFEP: prefs.js [compurama - q8gatwd4.default\crossriderapp12767@crossrider.com] [] Tiger Savings v (..) =>PUP.SpecialSavings
    M2 - MFEP: prefs.js [compurama - q8gatwd4.default\firefox@glindorus.net] [] glindorus v1.0.0 (..) =>PUP.Glindorus
    M2 - MFEP: prefs.js [compurama - q8gatwd4.default\jid1-FCM5fDwCW5M3AQ@jetpack] [] Smart Display v1.2 (..) =>Spyware.SmartDisplay
    M2 - MFEP: prefs.js [compurama - q8gatwd4.default\{a3ea9bd3-d370-8618-a451-3c149afaef88}] [] Shopping Helper Smartbar v1.2 (..) =>Hijacker.SmartBar
    ~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s

    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
    F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
    F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
    F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    ---\\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    ---\\ Browser Helper Objects (O2)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Tonec Inc. - IDM BHO Module.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll
    ~ BHO: 22 Legitimates Filtered in 00mn 00s

    ---\\ Internet Explorer toolbars (O3)
    O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E4F7B179-A3F6-47D8-9832-CB7B2627312A} Orphan key
    ~ Toolbar: Scanned in 00mn 00s

    ---\\ Other User Links (O4)
    O4 - GS\Desktop [Public]: Free Movies & Games.lnk . (...) -- C:\Program Files\Real\RealPlayer\freeoffers.rnx
    O4 - GS\Desktop [Public]: Lightroom 3.3.lnk . (.Adobe Systems - Adobe Photoshop Lightroom.) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.3\lightroom.exe =>.Adobe Systems Incorporated
    O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - GS\Desktop [Public]: NDP.view 2.lnk . (.Hamamatsu Photonics K.K. - NDP.view 2.) -- C:\Program Files\Hamamatsu\NDP.view 2\NDPView2.exe
    O4 - GS\Desktop [Public]: Nimbuzz.lnk . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
    O4 - GS\Desktop [Public]: R 2.14.1.lnk . (...) -- C:\Program Files\R\R-2.14.1\bin\i386\Rgui.exe
    O4 - GS\Desktop [Public]: RasWin.lnk . (...) -- C:\Program Files\RasWin\raswin.exe
    O4 - GS\Desktop [Public]: SigmaPlot 12.0.lnk . (.Systat Software, Inc. - Systat Software, Inc. SigmaPlot for Windows.) -- C:\Program Files\SigmaPlot\SPW12\Spw.exe
    O4 - GS\Desktop [Public]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - GS\QuickLaunch [compurama]: Free Shortcut Remover.lnk . (...) -- C:\Program Files\Free Shortcut Remover\FreeShortcutRemover.exe
    O4 - GS\QuickLaunch [compurama]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\QuickLaunch [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
    O4 - GS\QuickLaunch [compurama]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O4 - GS\TaskBar [compurama]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - GS\TaskBar [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\TaskBar [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
    O4 - GS\Program [compurama]: Create Amazing Presentations.lnk - Orphan key
    O4 - GS\Program [compurama]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\Program [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\Program [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
    O4 - GS\SystemTools [compurama]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\SendTo [compurama]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
    O4 - GS\Desktop [compurama]: Create Amazing Presentations.lnk - Orphan key
    O4 - GS\Desktop [compurama]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\compurama\AppData\Local\Google\Chrome\Application\chrome.exe
    O4 - GS\Desktop [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\Desktop [compurama]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files\UltraISO\UltraISO.exe
    O4 - GS\Desktop [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
    ~ Global Startup: 89 Legitimates Filtered in 00mn 03s

    ---\\ Auto loading programs from Registry and folders (O4)
    O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
    O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
    O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
    O4 - HKLM\..\Run: [YouCam Mirror Tray icon] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
    O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
    O4 - HKLM\..\Run: [tuto4pc_fr_43] Orphan key =>PUP.Eorezo
    O4 - HKCU\..\Run: [Nimbuzz] . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
    O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
    O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
    O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe
    O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe
    O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    O4 - HKCU\..\Run: [Viber] . (.No owner - Viber.) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
    O4 - HKCU\..\RunOnce: [mystart_ad] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
    O4 - HKCU\..\RunOnce: [mystart_ad_XP] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
    O4 - HKCU\..\RunOnce: [mystart_ad_DATA_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
    O4 - HKCU\..\RunOnce: [mystart_ad_INSTALL_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
    O4 - HKCU\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
    O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Orphan key =>Toolbar.Conduit
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Nimbuzz] . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Viber] . (.No owner - Viber.) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_XP] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_DATA_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_INSTALL_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
    O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
    ~ Application: Scanned in 00mn 00s

    ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
    ~ IE Extra Buttons: Scanned in 00mn 00s

    ---\\ Lop.com/Domain Hijackers (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS1\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CS2\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
    ~ Domain: Scanned in 00mn 00s

    ---\\ Extra protocols (O18)
    O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    ---\\ AppInit_DLLs Registry value Autorun (O20)
    O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
    O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
    O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
    ~ Services: 4 Legitimates Filtered in 00mn 02s

    ---\\ Software installed (O42)
    O42 - Logiciel: Free Shortcut Remover 4.2.1 - (.FreeShortcutRemover Co., Ltd..) [HKLM] -- Free Shortcut Remover_is1
    O42 - Logiciel: NDP.view 2 - (.Hamamatsu.) [HKLM] -- {A2A127DB-C05D-4125-88DF-AAEA9AD7F2FD}
    O42 - Logiciel: Nimbuzz 1.6.0 - (.Nimbuzz B.V..) [HKLM] -- Nimbuzz
    O42 - Logiciel: RasWin (remove only) - (...) [HKLM] -- RasWin
    O42 - Logiciel: Shopping Helper Smartbar - (.ReSoft Ltd..) [HKLM] -- {9726F9E3-EE13-4601-B2AF-81B1413BD8AF} =>Hijacker.SmartBar
    O42 - Logiciel: Shopping Helper Smartbar Engine - (.ReSoft Ltd..) [HKCU] -- {98c3cefd-7b2b-4d84-97f8-fbc47d718314} =>Hijacker.SmartBar
    ~ Logic: 16 Legitimates Filtered in 00mn 00s

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\33906InstEnd]
    [HKCU\Software\45914InstEnd]
    [HKCU\Software\ForumerIT] =>Toolbar.Forumer
    [HKCU\Software\Nimbuzz]
    [HKCU\Software\Softlock]
    [HKCU\Software\System32]
    [HKLM\Software\Email Notifier]
    [HKLM\Software\VBMZ] =>PUP.Duuqu
    ~ Key Software: 216 Legitimates Filtered in 00mn 00s

    ---\\ Contents of the Common Files folders (O43)
    O43 - CFD: 24/11/2013 - 10:59:20 - [5,107] ----D C:\Program Files\Free Shortcut Remover
    O43 - CFD: 28/07/2012 - 14:23:03 - [693,310] -SH-D C:\Program Files\MSOffice2o1OSetup____
    O43 - CFD: 28/07/2012 - 15:56:32 - [37,544] ----D C:\Program Files\Nimbuzz
    O43 - CFD: 14/10/2012 - 21:33:31 - [1,899] ----D C:\Program Files\RasWin
    O43 - CFD: 18/07/2013 - 21:46:39 - [1,915] ----D C:\ProgramData\InstallMate =>PUP.Tarma
    O43 - CFD: 14/10/2012 - 21:35:34 - [0] ----D C:\Users\compurama\AppData\Roaming\RasWin
    O43 - CFD: 28/07/2012 - 15:56:36 - [0] ----D C:\Users\compurama\AppData\Local\nimbuzz
    O43 - CFD: 25/06/2013 - 23:13:08 - [0] ----D C:\Users\compurama\AppData\Local\Updater12767 =>PUP.CrossRider
    ~ 7 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 172 Legitimates Filtered in 04mn 09s

    ---\\ Last modified or created files under Windows and System32 (O44)
    O44 - LFC:[MD5.152622A606D8D88F884BEC09D61E6177] - 12/12/2013 - 00:03:49 ----- . (...) -- C:\bootsqm.dat [9928]
    O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 15/12/2013 - 09:01:19 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
    O44 - LFC:[MD5.BD725DAEE2DDA17B57FA60C6752856E5] - 15/12/2013 - 09:03:26 ---A- . (...) -- C:\Windows\IE11_main.log [41650]
    O44 - LFC:[MD5.B207C591F992ECB90749852B11901618] - 16/12/2013 - 19:17:33 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16848]
    O44 - LFC:[MD5.B207C591F992ECB90749852B11901618] - 16/12/2013 - 19:17:33 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16848]
    O44 - LFC:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 16/12/2013 - 20:36:05 ---A- . (...) -- C:\Windows\System32\TrueSight.sys [26624]
    O44 - LFC:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 16/12/2013 - 20:37:07 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
    O44 - LFC:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 16/12/2013 - 20:37:34 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
    O44 - LFC:[MD5.6D0682E959C4029303314BBFED4A67B8] - 16/12/2013 - 20:47:16 ---A- . (...) -- C:\Windows\ntbtlog.txt [746908]
    ~ Files: 404 Legitimates Filtered in 00mn 26s

    ---\\ Operations and functions at Windows Explorer startup (O46)
    O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    ---\\ Microsoft Windows Policies System (MWPS) (O55)
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    ---\\ System Drivers List (SDL) (O58)
    O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
    O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 16/12/2013 - 20:37:07 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
    O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
    O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 16/12/2013 - 20:37:10 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys.bak [26624]
    O58 - SDL:[MD5.FE844CD09B2F84392A2760D79660605C] - 21/10/2010 - 02:03:00 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe86.sys [56832]
    O58 - SDL:[MD5.FE844CD09B2F84392A2760D79660605C] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe86.sys.bak [56832]
    O58 - SDL:[MD5.ADED85AE02AEF0B082FC882348328244] - 25/08/2010 - 07:11:08 ---A- . (.REDC - RICOH PCIe SD/MMC Driver.) -- C:\Windows\System32\Drivers\risdsne86.sys [57856]
    O58 - SDL:[MD5.ADED85AE02AEF0B082FC882348328244] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH PCIe SD/MMC Driver.) -- C:\Windows\System32\Drivers\risdsne86.sys.bak [57856]
    O58 - SDL:[MD5.CFB021E821301253AEA241863A90CBFE] - 21/10/2010 - 05:27:00 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe86.sys [44544]
    O58 - SDL:[MD5.CFB021E821301253AEA241863A90CBFE] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe86.sys.bak [44544]
    O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
    O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 16/12/2013 - 20:37:34 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
    O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
    O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
    O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
    O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
    O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
    O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
    O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
    O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
    O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
    O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
    O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
    O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
    O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
    O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
    O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
    O58 - SDL:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 16/12/2013 - 20:36:05 ---A- . (...) -- C:\Windows\System32\TrueSight.sys [26624]
    ~ Drivers: 16 Legitimates Filtered in 00mn 05s

    ---\\ List all tools cleaner (LATC) (O63)
    O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - www.usbfix.net.) [HKLM] -- Usbfix
    O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    ---\\ File Associations Shell Spawning (O67)
    O67 - Shell Spawning: <.scr> <RasWin.Script>[HKLM\..\open\Command] (...) -- C:\Program Files\RasWin\RasWin.exe
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    ---\\ Start Menu Internet (SMI) (O68)
    O68 - StartMenuInternet: <Beamrise.P5NQ3AGNQVKKYNQE7R4YJ4BVZM> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\compurama\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
    O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    ~ Keys: Scanned in 00mn 00s

    ---\\ Search Browser Infection (SBI) (O69)
    O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
    O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://ww7.certified-toolbar.com =>PUP.CertifiedToolbar
    ~ Keys: Scanned in 00mn 00s

    ---\\ Search Particular Root Folder (SPRF) (O84)
    [MD5.95F4B9D795797BB9860A26184B902E2B] [SPRF][28/07/2012] (.S.a.c.c - Fix Setup.) -- C:\Users\compurama\AppData\Local\Fix.exe [1261446]
    [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\klmtyzno.dll [0]
    [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\odwtvdej.dll [0]
    [MD5.2397D29D372A1451E1A592717E957C1D] [SPRF][16/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\q91isrhh.dll [73728]
    [MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\Quarantine.exe [360051]
    [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][16/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\sebwvkt2.dll [0]
    [MD5.4E2CBDA04D6447BE39403A820685F809] [SPRF][27/02/2013] (.Hamamatsu - This installer database contains the logic and data required to install NDP.view 2..) -- C:\Users\compurama\Desktop\NDP.view 2 Setup.exe [10918520]
    ~ Files: 8 Legitimates Filtered in 00mn 00s

    ---\\ Firewall Active Exception List (FirewallRules) (O87)
    O87 - FAEL: "{E2BA41B5-F9D0-494B-B9FB-01B22330B88A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "{3493B2B6-0322-4DB2-B0A4-D0B10060F4E9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "TCP Query User{A36282DA-3888-46EC-A828-13C959C1A7AF}C:\program files\relevantknowledge\rlvknlg.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\relevantknowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
    O87 - FAEL: "UDP Query User{17171805-1968-480D-9F1C-7AF46A574605}C:\program files\relevantknowledge\rlvknlg.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\relevantknowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
    O87 - FAEL: "{C8790DE2-CA6F-4F74-9314-23514C8612BA}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
    O87 - FAEL: "{DA2763A1-8134-4047-82C3-956E090813DF}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
    ~ Firewall: 227 Legitimates Filtered in 00mn 01s

    ---\\ Product Upgrade Codes (PUC) (O90)
    O90 - PUC: "BD721A2AD50C521488FDAAAEA97D2FDF" . (.NDP.view 2.) -- C:\Windows\Installer\{A2A127DB-C05D-4125-88DF-AAEA9AD7F2FD}\NDPView2_2.exe
    ~ Update Products: 76 Legitimates Filtered in 00mn 00s

    ---\\ Windows Installer Scan (WIS) (O93) (NTFS)
    [MD5.E5314DB579A141F6A5204F70E7073DE0] [WIS][24/11/2013] (.ReSoft Ltd. - Shopping Helper Smartbar.) -- C:\Windows\Installer\117716.msi [9515008] =>Hijacker.SmartBar
    [MD5.5D04C553F649371A4DDA2ECD5335BF3D] [WIS][08/01/2013] (.Hamamatsu - NDP.view 2.) -- C:\Windows\Installer\2185d193.msi [1196032]
    [MD5.85C5DEF2B079CA6E8CA7FCBD45793BEF] [WIS][06/10/2012] (.SweetIM Technologies Ltd. - Sweetpacks Communicator 1.0.) -- C:\Windows\Installer\38f56e6.msi [2243584] =>PUP.SweetIM
    ~ WIS: 81 Legitimates Filtered in 00mn 14s

    ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SS - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    SS - | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    SS - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    SS - | Auto 31/05/2010 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
    SS - | Demand 06/02/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
    SS - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

    SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

    ~ Services: Scanned in 00mn 17s

    ---\\ Scan Additionnel (O88)
    Database Version : 13013 - (14/12/2013)
    Clés trouvées (Keys found) : 7
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 10
    Fichiers trouvés (Files found) : 5

    [HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9726F9E3-EE13-4601-B2AF-81B1413BD8AF}] =>Hijacker.SmartBar^
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98c3cefd-7b2b-4d84-97f8-fbc47d718314}] =>Hijacker.SmartBar^
    [HKLM\Software\VBMZ] =>Toolbar.Conduit
    [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
    [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
    [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411411172}] =>PUP.CrossRider
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:tuto4pc_fr_43 =>PUP.Eorezo^
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:mystart_ad =>Spyware.VMNToolbar^
    C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\crossriderapp12767@crossrider.com =>PUP.SpecialSavings^
    C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\firefox@glindorus.net =>PUP.Glindorus^
    C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\jid1-FCM5fDwCW5M3AQ@jetpack =>Spyware.SmartDisplay^
    C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\{a3ea9bd3-d370-8618-a451-3c149afaef88} =>Hijacker.SmartBar^
    C:\ProgramData\InstallMate =>PUP.Tarma^
    C:\Users\compurama\AppData\Local\Updater12767 =>PUP.CrossRider^
    C:\Users\compurama\AppData\Local\Software =>Adware.Boxore
    C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn =>PUP.SweetIM
    C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl =>PUP.QuickShare
    C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp =>Toolbar.Wajam
    O4 - HKLM\..\Run: [tuto4pc_fr_43] Orphan key =>PUP.Eorezo^
    O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Orphan key =>Toolbar.Conduit^
    [HKCU\Software\ForumerIT] =>Toolbar.Forumer^
    C:\Windows\Installer\117716.msi =>Hijacker.SmartBar^
    C:\Windows\Installer\38f56e6.msi =>PUP.SweetIM^
    ~ Additionnel Scan: 273801 Items scanned in 00mn 19s

    ---\\ Summary of the detections found on your workstation
    ~ http://nicolascoolman.webs.com/apps/blog/show/26686441-pup-specialsavings =>PUP.SpecialSavings
    ~ http://nicolascoolman.webs.com/apps/blog/show/33429762-pup-glindorus =>PUP.Glindorus
    ~ http://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay =>Spyware.SmartDisplay
    ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
    ~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
    ~ http://nicolascoolman.webs.com/apps/blog/show/27985391-spyware-vmntoolbar =>Spyware.VMNToolbar
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/29626487-hijacker-office =>Hijacker.Office
    ~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer
    ~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu
    ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
    ~ http://nicolascoolman.webs.com/apps/blog/show/34065742-hijacker-beamrise =>Hijacker.Beamrise
    ~ http://nicolascoolman.webs.com/apps/blog/show/28040039-pup-certifiedtoolbar =>PUP.CertifiedToolbar
    ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
    ~ http://nicolascoolman.webs.com/apps/blog/show/27456165-adware-relevantknowledge =>Adware.RelevantKnowledge
    ~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
    ~ http://nicolascoolman.webs.com/apps/blog/show/28577022-pup-quickshare =>PUP.QuickShare
    ~ MSI: 19 link(s) detected in 00mn 19s

    ~ 1422 Legitimates filtered by white list
    End of the scan (537 lines in 05mn 47s)(0)
    0
  3. Marou81 Messages postés 4472 Statut Membre 199
     
    Re,

    Je comprend pourquoi ton pc est ralentit.

    Fais ce qui suit :

    Utilise cet outil de désinfection spécifique aux logiciels publicitaires :

    ▶ Télécharge AdwCleaner (de Xplode) sur ton Bureau.
    ▶ Lance le, clique sur Suppression puis patiente le temps du scan.
    ▶ Une fois la suppression terminée, un message de prévention va s'afficher, je te conseille de le lire attentivement (n'hésite pas à me poser des questions si tu n'as pas compris certaines choses dans ce message).
    ▶ Ensuite, le rapport s'ouvrira : poste le dans ta prochaine réponse.
    0
    1. suz1990 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
       
      voila

      # AdwCleaner v3.015 - Report created 16/12/2013 at 21:35:55
      # Updated 10/12/2013 by Xplode
      # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
      # Username : compurama - COMPURAMA-PC
      # Running from : C:\Users\compurama\Downloads\adwcleaner(1).exe
      # Option : Clean

      ***** [ Services ] *****


      ***** [ Files / Folders ] *****

      Folder Deleted : C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
      Folder Deleted : C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
      Folder Deleted : C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

      ***** [ Shortcuts ] *****


      ***** [ Registry ] *****


      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.16428


      -\\ Mozilla Firefox v18.0.2 (en-US)

      [ File : C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\prefs.js ]


      -\\ Google Chrome v

      [ File : C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\preferences ]


      *************************

      AdwCleaner[R0].txt - [53931 octets] - [16/12/2013 20:39:09]
      AdwCleaner[R1].txt - [1405 octets] - [16/12/2013 21:33:37]
      AdwCleaner[S0].txt - [50891 octets] - [16/12/2013 20:40:28]
      AdwCleaner[S1].txt - [1332 octets] - [16/12/2013 21:35:55]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1392 octets] ##########
      0
  4. Marou81 Messages postés 4472 Statut Membre 199
     
    Re,

    Fais moi une analyse avec JRT : http://www.bleepingcomputer.com/download/junkware-removal-tool

    Lance l'application, appuie sur une touche de clavier et laisse l'outil travailler.

    Envoie moi également le rapport.

    Puis utilise ce logiciel de désinfection généraliste :

    ? Télécharge et installe Malwarebytes' Anti-Malware
    ? A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. Par contre, il n'est pas nécessaire d'activer l'essai gratuit pour la protection.
    ? Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    ? Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
    ? Sélectionne tes disques durs puis clique sur "Lancer l'examen"
    ? A la fin de l'analyse, clique sur Afficher les résultats
    ? Coche tous les éléments détectés puis clique sur Supprimer la sélection
    ? S'il t'est demandé de redémarrer l'ordinateur, accepte.
    ? Poste dans ta prochaine réponse le rapport apparaissant après la suppression.

    Repost moi un nouveau rapport ZHPDiag.

    Merci

    L'avenir n'est pas merveilleux, à nous de le rendre meilleur.
    0
    1. suz1990 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
       
      voici le premier rapport :

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Thisisu
      Version: 6.0.8 (11.05.2013:1)
      OS: Windows 7 Ultimate x86
      Ran by compurama on 16/12/2013 at 22:04:17,37
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      ~~~ Services



      ~~~ Registry Values



      ~~~ Registry Keys

      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1296205293-2209527227-45657569-1000\Software\sweetim
      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1296205293-2209527227-45657569-1000\Software\wajam
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS



      ~~~ Files

      Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-4.8-chromeinstaller
      Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-4.8-codedownloader
      Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-4.8-enabler
      Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-4.8-firefoxinstaller
      Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-4.8-updater
      Successfully deleted: [File] "C:\Users\compurama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"



      ~~~ Folders

      Successfully deleted: [Folder] "C:\ProgramData\fighters"
      Successfully deleted: [Folder] "C:\Users\compurama\appdata\local\software"
      Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
      Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{0C108DA3-72F1-4E69-9855-BEFED5DE02BF}
      Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{2E7964BF-3EC1-4628-BE08-0D829138A959}
      Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{A951B0BF-69B4-4937-B202-DA097F6E3A95}
      Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{B655386C-A324-4384-8C35-C05150182AC0}
      Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{B9E78D52-7A26-4683-904C-D6624687EA99}
      Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{BD48D9A6-0E06-453B-A211-508573D3A7EA}
      Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{ED4A41AD-64DB-40D6-9FD6-A1016BAE28A2}



      ~~~ FireFox

      Successfully deleted: [File] C:\user.js
      Successfully deleted: [Folder] C:\Users\compurama\AppData\Roaming\mozilla\firefox\profiles\q8gatwd4.default\extensions\crossriderapp12767@crossrider.com
      Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c7ae725d-fa5c-4027-bb4c-787ef9f8248a}
      Emptied folder: C:\Users\compurama\AppData\Roaming\mozilla\firefox\profiles\q8gatwd4.default\minidumps [707 files]



      ~~~ Event Viewer Logs were cleared





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 16/12/2013 at 22:06:13,82
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      0
    2. Marou81 Messages postés 4472 Statut Membre 199
       
      Rapport ok; Maintenant MBAM (durée 1h30 en moyenne) Patience !
      0
    3. suz1990 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
       
      J'ai lancé l'examen rapide parceque le lent ca s'arretait a 3min meme en ayant rééssayé plusieurs fois. Voici le rapport de MBAM.



      Malwarebytes Anti-Malware 1.75.0.1300
      www.malwarebytes.org

      Version de la base de données: v2013.12.16.07

      Windows 7 Service Pack 1 x86 NTFS (Mode sans échec/Réseau)
      Internet Explorer 11.0.9600.16428
      compurama :: COMPURAMA-PC [administrateur]

      16/12/2013 23:12:47
      mbam-log-2013-12-16 (23-12-47).txt

      Type d'examen: Examen rapide
      Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
      Options d'examen désactivées: P2P
      Elément(s) analysé(s): 205248
      Temps écoulé: 8 minute(s),

      Processus mémoire détecté(s): 0
      (Aucun élément nuisible détecté)

      Module(s) mémoire détecté(s): 0
      (Aucun élément nuisible détecté)

      Clé(s) du Registre détectée(s): 0
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre détectée(s): 0
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre détecté(s): 0
      (Aucun élément nuisible détecté)

      Dossier(s) détecté(s): 11
      C:\ProgramData\InstallMate\OptimizerPro (PUP.Optional.OptimizerPro.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.16.16 (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\ct3307695 (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\ct3307695\plugins (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\ct3307695\xpi (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\ct3307695\xpi\defaults (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\ct3307695\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Updater12767 (PUP.Optional.Dealspy) -> Mis en quarantaine et supprimé avec succès.

      Fichier(s) détecté(s): 32
      C:\Users\compurama\AppData\Local\Temp\ICReinstall_UltimateCodec.exe (PUP.Optional.JumpyApps) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\2FC9ED16-BAB0-7891-A7B6-7FB0241BADFF\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\2FC9ED16-BAB0-7891-A7B6-7FB0241BADFF\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\2FC9ED16-BAB0-7891-A7B6-7FB0241BADFF\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\39AC5DFC-BAB0-7891-96D0-7C6AF86D956F\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\39AC5DFC-BAB0-7891-96D0-7C6AF86D956F\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\C97728C0-BAB0-7891-A94D-736A8139999F\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\C97728C0-BAB0-7891-A94D-736A8139999F\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\C97728C0-BAB0-7891-A94D-736A8139999F\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\DD4C8846-BAB0-7891-9599-A577415BB200\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\DD4C8846-BAB0-7891-9599-A577415BB200\Latest\ccp.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\DD4C8846-BAB0-7891-9599-A577415BB200\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\DD4C8846-BAB0-7891-9599-A577415BB200\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Mis en quarantaine et supprimé avec succès.
      C:\Windows\Temp\DealPlyLive.exe1ba49 (PUP.Optional.DealPly.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Windows\Temp\goopdate.dll1bb23 (PUP.Optional.DealPly.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\Downloads\al-English-in-Use-ICT_-__Nouvellebiblio.com_.pdf.exe (PUP.Optional.Installex) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\Downloads\iLividSetup-r563-n-bf.exe (PUP.Optional.Bandoo) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\Downloads\Sigmaplot_11_2.exe (PUP.Optional.ToolbarWid) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\Downloads\SoftonicDownloader_for_sigmaplot.exe (PUP.Optional.Softonic) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\Downloads\spss(1).exe (PUP.Optional.Freemium.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\Downloads\Systat_SigmaPlot_v12.2_downloader_fr_68.exe (PUP.Optional.GoForFiles.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\Downloads\Systat_SigmaPlot_v12.2_downloader_fr_99399.exe (PUP.Optional.GoForFiles.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\Downloads\UltimateCodec.exe (PUP.Optional.JumpyApps) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\Downloads\UsbFix(1).exe (PUP.Optional.Firseria) -> Mis en quarantaine et supprimé avec succès.
      C:\Windows\Installer\117716.msi (PUP.Optional.SmartBar.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Windows\Installer\38f56e6.msi (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
      C:\ProgramData\InstallMate\OptimizerPro\Setup.exe (PUP.Optional.OptimizerPro.A) -> Mis en quarantaine et supprimé avec succès.
      C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll (PUP.Optional.OptimizerPro.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\ct3307695\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\ct3307695\xpi\install.rdf (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\compurama\AppData\Local\Temp\ct3307695\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.

      (fin)
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Marou81 Messages postés 4472 Statut Membre 199
     
    Re,

    Maintenant ZHPDiag.

    Merci
    0
    1. suz1990 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
       
      Bonjour voici,

      ~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013)
      ~ Launched by compurama (17/12/2013 08:24:47)
      ~ Web site address : https://nicolascoolman.webs.com/
      ~ Free support forums for disinfection : https://nicolascoolman.webs.com/
      ~ Translated by
      ~ Version State :
      ~ White List : Activate by program
      ~ Elevation of privilege : OK
      ~ User Account Control : Activate by user


      ---\\ Internet browsers
      MSIE: Internet Explorer v11.0.9600.16428
      MFIE: Mozilla Firefox 18.0.2 (Defaut)
      GCIE: Google Chrome v14.0.794.0

      ---\\ Windows product information
      ~ Langage: Anglais
      Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
      Windows Server License Manager Script : OK
      Software Protection Service (Protection logicielle) : KO
      Key Management Service client information : KO
      Windows Automatic Updates : OK
      Windows Activation Technologies : OK

      ---\\ System protection software
      avast! Free Antivirus v7.0.1474.0
      Malwarebytes Anti-Malware version 1.75.0.1300
      Windows Defender W7

      ---\\ System optimization software

      ---\\ Sharing software PeerToPeer

      ---\\ Surveillance software
      Adobe Flash Player 11 Plugin
      Adobe Reader X
      Java 7 Update 7

      ---\\ Information on the system
      ~ Processor: x86 Family 6 Model 37 Stepping 2, GenuineIntel
      ~ Operating System: 32 Bits
      Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
      Total RAM: 2998 MB (83% free)
      System Restore: Activé (Enable)
      System drive C: has 313 GB (70%) free of 443 GB

      ---\\ Connection to the system mode
      ~ Computer Name: COMPURAMA-PC
      ~ User Name: compurama
      ~ All Users Names: Guest, compurama, Administrator,
      ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
      Logged in as Administrator

      ---\\ Environment variables
      ~ System Unit : C:\
      ~ %AppZHP% : C:\Users\compurama\AppData\Roaming\ZHP\
      ~ %AppData% : C:\Users\compurama\AppData\Roaming\
      ~ %Desktop% : C:\Users\compurama\Desktop\
      ~ %Favorites% : C:\Users\compurama\Favorites\
      ~ %LocalAppData% : C:\Users\compurama\AppData\Local\
      ~ %StartMenu% : C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\
      ~ %Windir% : C:\Windows\
      ~ %System% : C:\Windows\System32\

      ---\\ Enumeration of the disk units
      C: Hard drive, Flash drive, Thumb drive (Free 313 Go of 443 Go)
      D: CD-ROM drive (Not Inserted)



      ---\\ State of the Windows Security Center
      ~ Security Center: 41 Legitimates Filtered in 00mn 00s



      ---\\ Search Generic System Files
      [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
      [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
      [MD5.B5EB5BD3066959611E1F7A80FD6CC172] - (.Microsoft Corporation - Internet Extensions for Win32.) (.15/12/2013 - 09:01:19.) -- C:\Windows\System32\wininet.dll [1818112]
      [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
      [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
      [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
      [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
      [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
      [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
      [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
      [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
      [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
      [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
      [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
      [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
      [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
      [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
      [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
      [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
      [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
      [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
      [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
      ~ Generic Processes: Scanned in 00mn 01s



      ---\\ Hidden files state (Hidden/Total)
      ~ Mes images (My Pictures) : 1/535
      ~ Mes musiques (My Musics) : 1/77
      ~ Mes Videos (My Videos) : 1/5
      ~ Mes Favoris (My Favorites) : 1/27
      ~ Mes Documents (My Documents) : 1/175
      ~ Mon Bureau (My Desktop) : 0/65
      ~ Menu demarrer (Programs) : 1/45
      ~ Hidden Files: Scanned in 00mn 03s



      ---\\ Process running
      [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.528]
      [MD5.58ED0528F2B1BFB3301BC10E0E707C35] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917400] [PID.1304]
      [MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.1092]
      ~ Processes Running: Scanned in 00mn 00s



      ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
      C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Preferences
      ~ Google Browser: 0 Legitimates Filtered in 00mn 00s



      ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
      C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\prefs.js
      M2 - MFEP: prefs.js [compurama - q8gatwd4.default\firefox@glindorus.net] [] glindorus v1.0.0 (..) =>PUP.Glindorus
      M2 - MFEP: prefs.js [compurama - q8gatwd4.default\jid1-FCM5fDwCW5M3AQ@jetpack] [] Smart Display v1.2 (..) =>Spyware.SmartDisplay
      M2 - MFEP: prefs.js [compurama - q8gatwd4.default\{a3ea9bd3-d370-8618-a451-3c149afaef88}] [] Shopping Helper Smartbar v1.2 (..) =>Hijacker.SmartBar
      ~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s



      ---\\ Internet Explorer, Proxy Management (R5)
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
      ~ Proxy management: Scanned in 00mn 00s



      ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
      F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
      F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
      F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
      ~ Keys: Scanned in 00mn 00s



      ---\\ Hosts file redirection (O1)
      ~ Le fichier hosts est sain (The hosts file is clean).
      ~ Hosts File: Scanned in 00mn 00s
      ~ Nombre de lignes (Lines number): 21



      ---\\ Browser Helper Objects (O2)
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Tonec Inc. - IDM BHO Module.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll
      ~ BHO: 22 Legitimates Filtered in 00mn 00s



      ---\\ Internet Explorer toolbars (O3)
      O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
      O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E4F7B179-A3F6-47D8-9832-CB7B2627312A} Orphan key
      ~ Toolbar: Scanned in 00mn 00s



      ---\\ Other User Links (O4)
      O4 - GS\Desktop [Public]: Free Movies & Games.lnk . (...) -- C:\Program Files\Real\RealPlayer\freeoffers.rnx
      O4 - GS\Desktop [Public]: Lightroom 3.3.lnk . (.Adobe Systems - Adobe Photoshop Lightroom.) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.3\lightroom.exe =>.Adobe Systems Incorporated
      O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
      O4 - GS\Desktop [Public]: NDP.view 2.lnk . (.Hamamatsu Photonics K.K. - NDP.view 2.) -- C:\Program Files\Hamamatsu\NDP.view 2\NDPView2.exe
      O4 - GS\Desktop [Public]: Nimbuzz.lnk . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
      O4 - GS\Desktop [Public]: R 2.14.1.lnk . (...) -- C:\Program Files\R\R-2.14.1\bin\i386\Rgui.exe
      O4 - GS\Desktop [Public]: RasWin.lnk . (...) -- C:\Program Files\RasWin\raswin.exe
      O4 - GS\Desktop [Public]: SigmaPlot 12.0.lnk . (.Systat Software, Inc. - Systat Software, Inc. SigmaPlot for Windows.) -- C:\Program Files\SigmaPlot\SPW12\Spw.exe
      O4 - GS\Desktop [Public]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
      O4 - GS\QuickLaunch [compurama]: Free Shortcut Remover.lnk . (...) -- C:\Program Files\Free Shortcut Remover\FreeShortcutRemover.exe
      O4 - GS\QuickLaunch [compurama]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
      O4 - GS\QuickLaunch [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
      O4 - GS\QuickLaunch [compurama]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O4 - GS\TaskBar [compurama]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
      O4 - GS\TaskBar [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
      O4 - GS\TaskBar [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
      O4 - GS\Program [compurama]: Create Amazing Presentations.lnk - Orphan key
      O4 - GS\Program [compurama]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
      O4 - GS\Program [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
      O4 - GS\Program [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
      O4 - GS\SystemTools [compurama]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
      O4 - GS\SendTo [compurama]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
      O4 - GS\Desktop [compurama]: Continue Codec Pack Installation.lnk . (...) -- C:\Users\compurama\AppData\Local\Temp\ICReinstall_UltimateCodec.exe (.not file.)
      O4 - GS\Desktop [compurama]: Create Amazing Presentations.lnk - Orphan key
      O4 - GS\Desktop [compurama]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\compurama\AppData\Local\Google\Chrome\Application\chrome.exe
      O4 - GS\Desktop [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
      O4 - GS\Desktop [compurama]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files\UltraISO\UltraISO.exe
      O4 - GS\Desktop [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
      ~ Global Startup: 90 Legitimates Filtered in 00mn 06s



      ---\\ Auto loading programs from Registry and folders (O4)
      O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
      O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
      O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
      O4 - HKLM\..\Run: [YouCam Mirror Tray icon] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
      O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
      O4 - HKLM\..\Run: [tuto4pc_fr_43] Orphan key =>PUP.Eorezo
      O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
      O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (.not file.)
      O4 - HKCU\..\Run: [Nimbuzz] . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
      O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
      O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
      O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
      O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe
      O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe
      O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
      O4 - HKCU\..\Run: [Viber] . (.No owner - Viber.) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
      O4 - HKCU\..\RunOnce: [mystart_ad] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
      O4 - HKCU\..\RunOnce: [mystart_ad_XP] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
      O4 - HKCU\..\RunOnce: [mystart_ad_DATA_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
      O4 - HKCU\..\RunOnce: [mystart_ad_INSTALL_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
      O4 - HKCU\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S2].txt
      O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Orphan key =>Toolbar.Conduit
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Nimbuzz] . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Viber] . (.No owner - Viber.) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_XP] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_DATA_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_INSTALL_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
      O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S2].txt
      ~ Application: Scanned in 00mn 01s



      ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
      O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
      O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
      O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
      O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
      ~ IE Extra Buttons: Scanned in 00mn 00s



      ---\\ Lop.com/Domain Hijackers (O17)
      O17 - HKLM\System\CCS\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
      O17 - HKLM\System\CS1\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
      O17 - HKLM\System\CS2\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
      ~ Domain: Scanned in 00mn 00s



      ---\\ Extra protocols (O18)
      O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
      ~ Protocole Additionnel: Scanned in 00mn 00s



      ---\\ AppInit_DLLs Registry value Autorun (O20)
      O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
      ~ Winlogon: Scanned in 00mn 00s



      ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
      O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
      O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
      ~ Services: 6 Legitimates Filtered in 00mn 03s



      ---\\ Software installed (O42)
      O42 - Logiciel: Free Shortcut Remover 4.2.1 - (.FreeShortcutRemover Co., Ltd..) [HKLM] -- Free Shortcut Remover_is1
      O42 - Logiciel: NDP.view 2 - (.Hamamatsu.) [HKLM] -- {A2A127DB-C05D-4125-88DF-AAEA9AD7F2FD}
      O42 - Logiciel: Nimbuzz 1.6.0 - (.Nimbuzz B.V..) [HKLM] -- Nimbuzz
      O42 - Logiciel: RasWin (remove only) - (...) [HKLM] -- RasWin
      O42 - Logiciel: Shopping Helper Smartbar - (.ReSoft Ltd..) [HKLM] -- {9726F9E3-EE13-4601-B2AF-81B1413BD8AF} =>Hijacker.SmartBar
      O42 - Logiciel: Shopping Helper Smartbar Engine - (.ReSoft Ltd..) [HKCU] -- {98c3cefd-7b2b-4d84-97f8-fbc47d718314} =>Hijacker.SmartBar
      ~ Logic: 16 Legitimates Filtered in 00mn 00s



      ---\\ HKCU & HKLM Software Keys
      [HKCU\Software\33906InstEnd]
      [HKCU\Software\45914InstEnd]
      [HKCU\Software\ForumerIT] =>Toolbar.Forumer
      [HKCU\Software\Nimbuzz]
      [HKCU\Software\Softlock]
      [HKCU\Software\System32]
      [HKLM\Software\Email Notifier]
      [HKLM\Software\VBMZ] =>PUP.Duuqu
      ~ Key Software: 218 Legitimates Filtered in 00mn 00s



      ---\\ Contents of the Common Files folders (O43)
      O43 - CFD: 24/11/2013 - 10:59:20 - [5,107] ----D C:\Program Files\Free Shortcut Remover
      O43 - CFD: 28/07/2012 - 14:23:03 - [693,310] -SH-D C:\Program Files\MSOffice2o1OSetup____
      O43 - CFD: 28/07/2012 - 15:56:32 - [37,544] ----D C:\Program Files\Nimbuzz
      O43 - CFD: 14/10/2012 - 21:33:31 - [1,899] ----D C:\Program Files\RasWin
      O43 - CFD: 18/07/2013 - 21:46:39 - [1,637] ----D C:\ProgramData\InstallMate =>PUP.Tarma
      O43 - CFD: 14/10/2012 - 21:35:34 - [0] ----D C:\Users\compurama\AppData\Roaming\RasWin
      O43 - CFD: 28/07/2012 - 15:56:36 - [0] ----D C:\Users\compurama\AppData\Local\nimbuzz
      ~ Program Folder: 163 Legitimates Filtered in 04mn 26s



      ---\\ Last modified or created files under Windows and System32 (O44)
      O44 - LFC:[MD5.152622A606D8D88F884BEC09D61E6177] - 12/12/2013 - 00:03:49 ----- . (...) -- C:\bootsqm.dat [9928]
      O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 15/12/2013 - 09:01:19 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
      O44 - LFC:[MD5.BD725DAEE2DDA17B57FA60C6752856E5] - 15/12/2013 - 09:03:26 ---A- . (...) -- C:\Windows\IE11_main.log [41650]
      O44 - LFC:[MD5.B207C591F992ECB90749852B11901618] - 16/12/2013 - 19:17:33 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16848]
      O44 - LFC:[MD5.B207C591F992ECB90749852B11901618] - 16/12/2013 - 19:17:33 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16848]
      O44 - LFC:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 16/12/2013 - 20:36:05 ---A- . (...) -- C:\Windows\System32\TrueSight.sys [26624]
      O44 - LFC:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 16/12/2013 - 20:37:07 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
      O44 - LFC:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 16/12/2013 - 20:37:34 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
      O44 - LFC:[MD5.01D2CE37F5D17D097C90396394CECE05] - 17/12/2013 - 08:23:22 ---A- . (...) -- C:\Windows\ntbtlog.txt [1271996]
      ~ Files: 405 Legitimates Filtered in 00mn 33s



      ---\\ Operations and functions at Windows Explorer startup (O46)
      O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
      ~ ShellExecuteHooks: Scanned in 00mn 00s



      ---\\ Microsoft Windows Policies System (MWPS) (O55)
      O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
      O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
      ~ MWPS: 18 Legitimates Filtered in 00mn 00s



      ---\\ System Drivers List (SDL) (O58)
      O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
      O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 16/12/2013 - 20:37:07 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
      O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
      O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 16/12/2013 - 20:37:10 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys.bak [26624]
      O58 - SDL:[MD5.FE844CD09B2F84392A2760D79660605C] - 21/10/2010 - 02:03:00 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe86.sys [56832]
      O58 - SDL:[MD5.FE844CD09B2F84392A2760D79660605C] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe86.sys.bak [56832]
      O58 - SDL:[MD5.ADED85AE02AEF0B082FC882348328244] - 25/08/2010 - 07:11:08 ---A- . (.REDC - RICOH PCIe SD/MMC Driver.) -- C:\Windows\System32\Drivers\risdsne86.sys [57856]
      O58 - SDL:[MD5.ADED85AE02AEF0B082FC882348328244] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH PCIe SD/MMC Driver.) -- C:\Windows\System32\Drivers\risdsne86.sys.bak [57856]
      O58 - SDL:[MD5.CFB021E821301253AEA241863A90CBFE] - 21/10/2010 - 05:27:00 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe86.sys [44544]
      O58 - SDL:[MD5.CFB021E821301253AEA241863A90CBFE] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe86.sys.bak [44544]
      O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
      O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 16/12/2013 - 20:37:34 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
      O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
      O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
      O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
      O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
      O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
      O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
      O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
      O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
      O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
      O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
      O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
      O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
      O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
      O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
      O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
      O58 - SDL:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 16/12/2013 - 20:36:05 ---A- . (...) -- C:\Windows\System32\TrueSight.sys [26624]
      ~ Drivers: 18 Legitimates Filtered in 00mn 06s



      ---\\ List all tools cleaner (LATC) (O63)
      O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - www.usbfix.net.) [HKLM] -- Usbfix
      O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
      ~ ADS: Scanned in 00mn 00s



      ---\\ File Associations Shell Spawning (O67)
      O67 - Shell Spawning: <.scr> <RasWin.Script>[HKLM\..\open\Command] (...) -- C:\Program Files\RasWin\RasWin.exe
      ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



      ---\\ Start Menu Internet (SMI) (O68)
      O68 - StartMenuInternet: <Beamrise.P5NQ3AGNQVKKYNQE7R4YJ4BVZM> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\compurama\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
      O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
      O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
      ~ Keys: Scanned in 00mn 00s



      ---\\ Search Browser Infection (SBI) (O69)
      O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
      O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://ww7.certified-toolbar.com =>PUP.CertifiedToolbar
      ~ Keys: Scanned in 00mn 00s



      ---\\ Search Particular Root Folder (SPRF) (O84)
      [MD5.95F4B9D795797BB9860A26184B902E2B] [SPRF][28/07/2012] (.S.a.c.c - Fix Setup.) -- C:\Users\compurama\AppData\Local\Fix.exe [1261446]
      [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\klmtyzno.dll [0]
      [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\odwtvdej.dll [0]
      [MD5.2397D29D372A1451E1A592717E957C1D] [SPRF][16/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\q91isrhh.dll [73728]
      [MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\Quarantine.exe [360051]
      [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][16/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\sebwvkt2.dll [0]
      [MD5.4E2CBDA04D6447BE39403A820685F809] [SPRF][27/02/2013] (.Hamamatsu - This installer database contains the logic and data required to install NDP.view 2..) -- C:\Users\compurama\Desktop\NDP.view 2 Setup.exe [10918520]
      ~ Files: 8 Legitimates Filtered in 00mn 00s



      ---\\ Firewall Active Exception List (FirewallRules) (O87)
      O87 - FAEL: "{E2BA41B5-F9D0-494B-B9FB-01B22330B88A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
      O87 - FAEL: "{3493B2B6-0322-4DB2-B0A4-D0B10060F4E9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
      O87 - FAEL: "TCP Query User{A36282DA-3888-46EC-A828-13C959C1A7AF}C:\program files\relevantknowledge\rlvknlg.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\relevantknowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
      O87 - FAEL: "UDP Query User{17171805-1968-480D-9F1C-7AF46A574605}C:\program files\relevantknowledge\rlvknlg.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\relevantknowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
      O87 - FAEL: "{C8790DE2-CA6F-4F74-9314-23514C8612BA}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
      O87 - FAEL: "{DA2763A1-8134-4047-82C3-956E090813DF}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
      ~ Firewall: 227 Legitimates Filtered in 00mn 01s



      ---\\ Product Upgrade Codes (PUC) (O90)
      O90 - PUC: "BD721A2AD50C521488FDAAAEA97D2FDF" . (.NDP.view 2.) -- C:\Windows\Installer\{A2A127DB-C05D-4125-88DF-AAEA9AD7F2FD}\NDPView2_2.exe
      ~ Update Products: 76 Legitimates Filtered in 00mn 00s



      ---\\ Windows Installer Scan (WIS) (O93) (NTFS)
      [MD5.5D04C553F649371A4DDA2ECD5335BF3D] [WIS][08/01/2013] (.Hamamatsu - NDP.view 2.) -- C:\Windows\Installer\2185d193.msi [1196032]
      ~ WIS: 79 Legitimates Filtered in 00mn 12s



      ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
      SS - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
      SS - | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
      SS - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      SS - | Auto 31/05/2010 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
      SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
      SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      SS - | Demand 06/02/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
      SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
      SS - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

      SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

      ~ Services: Scanned in 00mn 16s



      ---\\ Scan Additionnel (O88)
      Database Version : 13013 - (14/12/2013)
      Clés trouvées (Keys found) : 7
      Valeurs trouvées (Values found) : 2
      Dossiers trouvés (Folders found) : 4
      Fichiers trouvés (Files found) : 3

      [HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9726F9E3-EE13-4601-B2AF-81B1413BD8AF}] =>Hijacker.SmartBar^
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98c3cefd-7b2b-4d84-97f8-fbc47d718314}] =>Hijacker.SmartBar^
      [HKLM\Software\VBMZ] =>Toolbar.Conduit
      [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
      [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
      [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411411172}] =>PUP.CrossRider
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:tuto4pc_fr_43 =>PUP.Eorezo^
      [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:mystart_ad =>Spyware.VMNToolbar^
      C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\firefox@glindorus.net =>PUP.Glindorus^
      C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\jid1-FCM5fDwCW5M3AQ@jetpack =>Spyware.SmartDisplay^
      C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\{a3ea9bd3-d370-8618-a451-3c149afaef88} =>Hijacker.SmartBar^
      C:\ProgramData\InstallMate =>PUP.Tarma^
      O4 - HKLM\..\Run: [tuto4pc_fr_43] Orphan key =>PUP.Eorezo^
      O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Orphan key =>Toolbar.Conduit^
      [HKCU\Software\ForumerIT] =>Toolbar.Forumer^
      ~ Additionnel Scan: 274109 Items scanned in 00mn 24s



      ---\\ Summary of the detections found on your workstation
      ~ http://nicolascoolman.webs.com/apps/blog/show/33429762-pup-glindorus =>PUP.Glindorus
      ~ http://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay =>Spyware.SmartDisplay
      ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
      ~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
      ~ http://nicolascoolman.webs.com/apps/blog/show/27985391-spyware-vmntoolbar =>Spyware.VMNToolbar
      ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
      ~ http://nicolascoolman.webs.com/apps/blog/show/29626487-hijacker-office =>Hijacker.Office
      ~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer
      ~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu
      ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
      ~ http://nicolascoolman.webs.com/apps/blog/show/34065742-hijacker-beamrise =>Hijacker.Beamrise
      ~ http://nicolascoolman.webs.com/apps/blog/show/28040039-pup-certifiedtoolbar =>PUP.CertifiedToolbar
      ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
      ~ http://nicolascoolman.webs.com/apps/blog/show/27456165-adware-relevantknowledge =>Adware.RelevantKnowledge
      ~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity
      ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
      ~ MSI: 16 link(s) detected in 00mn 24s



      ~ 1422 Legitimates filtered by white list
      End of the scan (525 lines in 06mn 21s)(0)
      0
    2. suz1990 Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
       
      Alors j'ai lancé tous ces examens en ''safe mode'' de l'ordi. Du coup ce matin je n'arrive meme plus a démarrer l'ordi en mode ''normal'' ca me met un message d'erreur comme quoi l'analyse malwarbyte n'a pas bien marché et puis ecran noire ! Help please je ne sais plus ce qui lui arrive cet ordi ! :S
      0
  7. Fish66 Messages postés 18337 Statut Contributeur sécurité 1 318
     
    Bonjour,
    1/
    Télécharge : AdwCleaner (merci à Xplode)
    Lance AdwCleaner
    Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.
    Poste le rapport qui apparait en fin de recherche.
    (Le rapport est sauvegardé aussi sous C:\AdwCleaner\AdwCleaner[x].txt)

    2/
    * Télécharge sur le bureau RogueKiller (par tigzy)
    https://www.luanagames.com/index.fr.html

    * ( Sous Vista/Seven,clique droit, lancer en tant qu'administrateur )
    * Quitte tous tes programmes en cours
    * Lance RogueKiller.exe

    Si l'infection bloque le programme, il faut le relancer plusieurs fois ou le renommer en winlogon.exe

    * Laisse le prescan se terminer, clique sur Scan

    * Clique sur Rapport pour l'ouvrir puis copie/colle le sur le dans ton prochain message

    @+

    ¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
    0