Sujet Précédent Sujet Suivant

Ordi trop lent après suppression de virus

Fermé
suz1990 Messages postés 13 Date d'inscription dimanche 24 novembre 2013 Statut Membre Dernière intervention 17 décembre 2013 - 16 déc. 2013 à 21:16
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 17 déc. 2013 à 11:49
Bonsoir,
Il ya quelques semaines j'ai supprimé un trojan que j'ai choppé en téléchargant un fichier ... j'ai lancé un scan malwarbyte en pensais m'etre débarassé du problème sauf que il ya quelques jours mon ordi a commencé à ramer : trop lent au démarrage ainsi que lors de l'ouverture de pages web.
Du coup, j'ai checké un peu ce qu'il ya sur le net comme solution : j'ai lancé ZHPDiag,Rogue killer , adwcleaner et puis j'ai relancé ZHP diag et j'ai un rapport que je peux poster si quelqu'un veux bien m'aider
A voir également:

6 réponses

Réponse 1 / 6
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 198
16 déc. 2013 à 21:18
Bonsoir,

Peux-tu me poster ton rapport ZHPDiag ?

On va regarder si cela nécessite un helper ou non.

J'attend ta réponse.

a+
0
Réponse 2 / 6
suz1990 Messages postés 13 Date d'inscription dimanche 24 novembre 2013 Statut Membre Dernière intervention 17 décembre 2013
16 déc. 2013 à 21:25
Bonsoir , voila le rapport

~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013)
~ Launched by compurama (16/12/2013 20:52:08)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16428
MFIE: Mozilla Firefox 18.0.2 (Defaut)
GCIE: Google Chrome v14.0.794.0

---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v7.0.1474.0
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 7

---\\ Information on the system
~ Processor: x86 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 2998 MB (78% free)
System Restore: Activé (Enable)
System drive C: has 313 GB (70%) free of 443 GB

---\\ Connection to the system mode
~ Computer Name: COMPURAMA-PC
~ User Name: compurama
~ All Users Names: Guest, compurama, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\compurama\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\compurama\AppData\Roaming\
~ %Desktop% : C:\Users\compurama\Desktop\
~ %Favorites% : C:\Users\compurama\Favorites\
~ %LocalAppData% : C:\Users\compurama\AppData\Local\
~ %StartMenu% : C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 313 Go of 443 Go)
D: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.B5EB5BD3066959611E1F7A80FD6CC172] - (.Microsoft Corporation - Internet Extensions for Win32.) (.15/12/2013 - 09:01:19.) -- C:\Windows\System32\wininet.dll [1818112]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/535
~ Mes musiques (My Musics) : 1/77
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 1/175
~ Mon Bureau (My Desktop) : 0/62
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 03s



---\\ Process running
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.2040]
[MD5.58ED0528F2B1BFB3301BC10E0E707C35] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917400] [PID.436]
[MD5.B45F1D52C0A9519028BD95D34FFAB216] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.2028]
[MD5.5D60EE718D0C708D69DFF4B3336B68BF] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe [1862536] [PID.1652]
[MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.332]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\prefs.js
M2 - MFEP: prefs.js [compurama - q8gatwd4.default\crossriderapp12767@crossrider.com] [] Tiger Savings v (..) =>PUP.SpecialSavings
M2 - MFEP: prefs.js [compurama - q8gatwd4.default\firefox@glindorus.net] [] glindorus v1.0.0 (..) =>PUP.Glindorus
M2 - MFEP: prefs.js [compurama - q8gatwd4.default\jid1-FCM5fDwCW5M3AQ@jetpack] [] Smart Display v1.2 (..) =>Spyware.SmartDisplay
M2 - MFEP: prefs.js [compurama - q8gatwd4.default\{a3ea9bd3-d370-8618-a451-3c149afaef88}] [] Shopping Helper Smartbar v1.2 (..) =>Hijacker.SmartBar
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects (O2)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Tonec Inc. - IDM BHO Module.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll
~ BHO: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E4F7B179-A3F6-47D8-9832-CB7B2627312A} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Free Movies & Games.lnk . (...) -- C:\Program Files\Real\RealPlayer\freeoffers.rnx
O4 - GS\Desktop [Public]: Lightroom 3.3.lnk . (.Adobe Systems - Adobe Photoshop Lightroom.) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.3\lightroom.exe =>.Adobe Systems Incorporated
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: NDP.view 2.lnk . (.Hamamatsu Photonics K.K. - NDP.view 2.) -- C:\Program Files\Hamamatsu\NDP.view 2\NDPView2.exe
O4 - GS\Desktop [Public]: Nimbuzz.lnk . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
O4 - GS\Desktop [Public]: R 2.14.1.lnk . (...) -- C:\Program Files\R\R-2.14.1\bin\i386\Rgui.exe
O4 - GS\Desktop [Public]: RasWin.lnk . (...) -- C:\Program Files\RasWin\raswin.exe
O4 - GS\Desktop [Public]: SigmaPlot 12.0.lnk . (.Systat Software, Inc. - Systat Software, Inc. SigmaPlot for Windows.) -- C:\Program Files\SigmaPlot\SPW12\Spw.exe
O4 - GS\Desktop [Public]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [compurama]: Free Shortcut Remover.lnk . (...) -- C:\Program Files\Free Shortcut Remover\FreeShortcutRemover.exe
O4 - GS\QuickLaunch [compurama]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
O4 - GS\QuickLaunch [compurama]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\TaskBar [compurama]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
O4 - GS\Program [compurama]: Create Amazing Presentations.lnk - Orphan key
O4 - GS\Program [compurama]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
O4 - GS\SystemTools [compurama]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [compurama]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [compurama]: Create Amazing Presentations.lnk - Orphan key
O4 - GS\Desktop [compurama]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\compurama\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [compurama]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files\UltraISO\UltraISO.exe
O4 - GS\Desktop [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
~ Global Startup: 89 Legitimates Filtered in 00mn 03s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [tuto4pc_fr_43] Orphan key =>PUP.Eorezo
O4 - HKCU\..\Run: [Nimbuzz] . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Viber] . (.No owner - Viber.) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
O4 - HKCU\..\RunOnce: [mystart_ad] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
O4 - HKCU\..\RunOnce: [mystart_ad_XP] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
O4 - HKCU\..\RunOnce: [mystart_ad_DATA_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
O4 - HKCU\..\RunOnce: [mystart_ad_INSTALL_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
O4 - HKCU\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Orphan key =>Toolbar.Conduit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Nimbuzz] . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Viber] . (.No owner - Viber.) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_XP] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_DATA_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_INSTALL_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 4 Legitimates Filtered in 00mn 02s



---\\ Software installed (O42)
O42 - Logiciel: Free Shortcut Remover 4.2.1 - (.FreeShortcutRemover Co., Ltd..) [HKLM] -- Free Shortcut Remover_is1
O42 - Logiciel: NDP.view 2 - (.Hamamatsu.) [HKLM] -- {A2A127DB-C05D-4125-88DF-AAEA9AD7F2FD}
O42 - Logiciel: Nimbuzz 1.6.0 - (.Nimbuzz B.V..) [HKLM] -- Nimbuzz
O42 - Logiciel: RasWin (remove only) - (...) [HKLM] -- RasWin
O42 - Logiciel: Shopping Helper Smartbar - (.ReSoft Ltd..) [HKLM] -- {9726F9E3-EE13-4601-B2AF-81B1413BD8AF} =>Hijacker.SmartBar
O42 - Logiciel: Shopping Helper Smartbar Engine - (.ReSoft Ltd..) [HKCU] -- {98c3cefd-7b2b-4d84-97f8-fbc47d718314} =>Hijacker.SmartBar
~ Logic: 16 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\33906InstEnd]
[HKCU\Software\45914InstEnd]
[HKCU\Software\ForumerIT] =>Toolbar.Forumer
[HKCU\Software\Nimbuzz]
[HKCU\Software\Softlock]
[HKCU\Software\System32]
[HKLM\Software\Email Notifier]
[HKLM\Software\VBMZ] =>PUP.Duuqu
~ Key Software: 216 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 24/11/2013 - 10:59:20 - [5,107] ----D C:\Program Files\Free Shortcut Remover
O43 - CFD: 28/07/2012 - 14:23:03 - [693,310] -SH-D C:\Program Files\MSOffice2o1OSetup____
O43 - CFD: 28/07/2012 - 15:56:32 - [37,544] ----D C:\Program Files\Nimbuzz
O43 - CFD: 14/10/2012 - 21:33:31 - [1,899] ----D C:\Program Files\RasWin
O43 - CFD: 18/07/2013 - 21:46:39 - [1,915] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 14/10/2012 - 21:35:34 - [0] ----D C:\Users\compurama\AppData\Roaming\RasWin
O43 - CFD: 28/07/2012 - 15:56:36 - [0] ----D C:\Users\compurama\AppData\Local\nimbuzz
O43 - CFD: 25/06/2013 - 23:13:08 - [0] ----D C:\Users\compurama\AppData\Local\Updater12767 =>PUP.CrossRider
~ 7 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 172 Legitimates Filtered in 04mn 09s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.152622A606D8D88F884BEC09D61E6177] - 12/12/2013 - 00:03:49 ----- . (...) -- C:\bootsqm.dat [9928]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 15/12/2013 - 09:01:19 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
O44 - LFC:[MD5.BD725DAEE2DDA17B57FA60C6752856E5] - 15/12/2013 - 09:03:26 ---A- . (...) -- C:\Windows\IE11_main.log [41650]
O44 - LFC:[MD5.B207C591F992ECB90749852B11901618] - 16/12/2013 - 19:17:33 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16848]
O44 - LFC:[MD5.B207C591F992ECB90749852B11901618] - 16/12/2013 - 19:17:33 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16848]
O44 - LFC:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 16/12/2013 - 20:36:05 ---A- . (...) -- C:\Windows\System32\TrueSight.sys [26624]
O44 - LFC:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 16/12/2013 - 20:37:07 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
O44 - LFC:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 16/12/2013 - 20:37:34 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
O44 - LFC:[MD5.6D0682E959C4029303314BBFED4A67B8] - 16/12/2013 - 20:47:16 ---A- . (...) -- C:\Windows\ntbtlog.txt [746908]
~ Files: 404 Legitimates Filtered in 00mn 26s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 16/12/2013 - 20:37:07 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 16/12/2013 - 20:37:10 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys.bak [26624]
O58 - SDL:[MD5.FE844CD09B2F84392A2760D79660605C] - 21/10/2010 - 02:03:00 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe86.sys [56832]
O58 - SDL:[MD5.FE844CD09B2F84392A2760D79660605C] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe86.sys.bak [56832]
O58 - SDL:[MD5.ADED85AE02AEF0B082FC882348328244] - 25/08/2010 - 07:11:08 ---A- . (.REDC - RICOH PCIe SD/MMC Driver.) -- C:\Windows\System32\Drivers\risdsne86.sys [57856]
O58 - SDL:[MD5.ADED85AE02AEF0B082FC882348328244] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH PCIe SD/MMC Driver.) -- C:\Windows\System32\Drivers\risdsne86.sys.bak [57856]
O58 - SDL:[MD5.CFB021E821301253AEA241863A90CBFE] - 21/10/2010 - 05:27:00 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe86.sys [44544]
O58 - SDL:[MD5.CFB021E821301253AEA241863A90CBFE] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe86.sys.bak [44544]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 16/12/2013 - 20:37:34 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 16/12/2013 - 20:36:05 ---A- . (...) -- C:\Windows\System32\TrueSight.sys [26624]
~ Drivers: 16 Legitimates Filtered in 00mn 05s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.scr> <RasWin.Script>[HKLM\..\open\Command] (...) -- C:\Program Files\RasWin\RasWin.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Beamrise.P5NQ3AGNQVKKYNQE7R4YJ4BVZM> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\compurama\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://ww7.certified-toolbar.com =>PUP.CertifiedToolbar
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.95F4B9D795797BB9860A26184B902E2B] [SPRF][28/07/2012] (.S.a.c.c - Fix Setup.) -- C:\Users\compurama\AppData\Local\Fix.exe [1261446]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\klmtyzno.dll [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\odwtvdej.dll [0]
[MD5.2397D29D372A1451E1A592717E957C1D] [SPRF][16/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\q91isrhh.dll [73728]
[MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\Quarantine.exe [360051]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][16/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\sebwvkt2.dll [0]
[MD5.4E2CBDA04D6447BE39403A820685F809] [SPRF][27/02/2013] (.Hamamatsu - This installer database contains the logic and data required to install NDP.view 2..) -- C:\Users\compurama\Desktop\NDP.view 2 Setup.exe [10918520]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{E2BA41B5-F9D0-494B-B9FB-01B22330B88A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{3493B2B6-0322-4DB2-B0A4-D0B10060F4E9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "TCP Query User{A36282DA-3888-46EC-A828-13C959C1A7AF}C:\program files\relevantknowledge\rlvknlg.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\relevantknowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "UDP Query User{17171805-1968-480D-9F1C-7AF46A574605}C:\program files\relevantknowledge\rlvknlg.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\relevantknowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "{C8790DE2-CA6F-4F74-9314-23514C8612BA}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "{DA2763A1-8134-4047-82C3-956E090813DF}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
~ Firewall: 227 Legitimates Filtered in 00mn 01s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "BD721A2AD50C521488FDAAAEA97D2FDF" . (.NDP.view 2.) -- C:\Windows\Installer\{A2A127DB-C05D-4125-88DF-AAEA9AD7F2FD}\NDPView2_2.exe
~ Update Products: 76 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.E5314DB579A141F6A5204F70E7073DE0] [WIS][24/11/2013] (.ReSoft Ltd. - Shopping Helper Smartbar.) -- C:\Windows\Installer\117716.msi [9515008] =>Hijacker.SmartBar
[MD5.5D04C553F649371A4DDA2ECD5335BF3D] [WIS][08/01/2013] (.Hamamatsu - NDP.view 2.) -- C:\Windows\Installer\2185d193.msi [1196032]
[MD5.85C5DEF2B079CA6E8CA7FCBD45793BEF] [WIS][06/10/2012] (.SweetIM Technologies Ltd. - Sweetpacks Communicator 1.0.) -- C:\Windows\Installer\38f56e6.msi [2243584] =>PUP.SweetIM
~ WIS: 81 Legitimates Filtered in 00mn 14s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Auto 31/05/2010 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 06/02/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 17s



---\\ Scan Additionnel (O88)
Database Version : 13013 - (14/12/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 5

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9726F9E3-EE13-4601-B2AF-81B1413BD8AF}] =>Hijacker.SmartBar^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98c3cefd-7b2b-4d84-97f8-fbc47d718314}] =>Hijacker.SmartBar^
[HKLM\Software\VBMZ] =>Toolbar.Conduit
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411411172}] =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:tuto4pc_fr_43 =>PUP.Eorezo^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:mystart_ad =>Spyware.VMNToolbar^
C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\crossriderapp12767@crossrider.com =>PUP.SpecialSavings^
C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\firefox@glindorus.net =>PUP.Glindorus^
C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\jid1-FCM5fDwCW5M3AQ@jetpack =>Spyware.SmartDisplay^
C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\{a3ea9bd3-d370-8618-a451-3c149afaef88} =>Hijacker.SmartBar^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\compurama\AppData\Local\Updater12767 =>PUP.CrossRider^
C:\Users\compurama\AppData\Local\Software =>Adware.Boxore
C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn =>PUP.SweetIM
C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl =>PUP.QuickShare
C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp =>Toolbar.Wajam
O4 - HKLM\..\Run: [tuto4pc_fr_43] Orphan key =>PUP.Eorezo^
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Orphan key =>Toolbar.Conduit^
[HKCU\Software\ForumerIT] =>Toolbar.Forumer^
C:\Windows\Installer\117716.msi =>Hijacker.SmartBar^
C:\Windows\Installer\38f56e6.msi =>PUP.SweetIM^
~ Additionnel Scan: 273801 Items scanned in 00mn 19s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26686441-pup-specialsavings =>PUP.SpecialSavings
~ http://nicolascoolman.webs.com/apps/blog/show/33429762-pup-glindorus =>PUP.Glindorus
~ http://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay =>Spyware.SmartDisplay
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/27985391-spyware-vmntoolbar =>Spyware.VMNToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29626487-hijacker-office =>Hijacker.Office
~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer
~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/34065742-hijacker-beamrise =>Hijacker.Beamrise
~ http://nicolascoolman.webs.com/apps/blog/show/28040039-pup-certifiedtoolbar =>PUP.CertifiedToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27456165-adware-relevantknowledge =>Adware.RelevantKnowledge
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/28577022-pup-quickshare =>PUP.QuickShare
~ MSI: 19 link(s) detected in 00mn 19s



~ 1422 Legitimates filtered by white list
End of the scan (537 lines in 05mn 47s)(0)
0
Réponse 3 / 6
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 198
16 déc. 2013 à 21:27
Re,

Je comprend pourquoi ton pc est ralentit.

Fais ce qui suit :

Utilise cet outil de désinfection spécifique aux logiciels publicitaires :

▶ Télécharge AdwCleaner (de Xplode) sur ton Bureau.
▶ Lance le, clique sur Suppression puis patiente le temps du scan.
▶ Une fois la suppression terminée, un message de prévention va s'afficher, je te conseille de le lire attentivement (n'hésite pas à me poser des questions si tu n'as pas compris certaines choses dans ce message).
▶ Ensuite, le rapport s'ouvrira : poste le dans ta prochaine réponse.
0
suz1990 Messages postés 13 Date d'inscription dimanche 24 novembre 2013 Statut Membre Dernière intervention 17 décembre 2013
16 déc. 2013 à 21:45
voila

# AdwCleaner v3.015 - Report created 16/12/2013 at 21:35:55
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : compurama - COMPURAMA-PC
# Running from : C:\Users\compurama\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v18.0.2 (en-US)

[ File : C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [53931 octets] - [16/12/2013 20:39:09]
AdwCleaner[R1].txt - [1405 octets] - [16/12/2013 21:33:37]
AdwCleaner[S0].txt - [50891 octets] - [16/12/2013 20:40:28]
AdwCleaner[S1].txt - [1332 octets] - [16/12/2013 21:35:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1392 octets] ##########
0
Réponse 4 / 6
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 198
Modifié par Marou81 le 16/12/2013 à 21:55
Re,

Fais moi une analyse avec JRT : http://www.bleepingcomputer.com/download/junkware-removal-tool

Lance l'application, appuie sur une touche de clavier et laisse l'outil travailler.

Envoie moi également le rapport.


Puis utilise ce logiciel de désinfection généraliste :

? Télécharge et installe Malwarebytes' Anti-Malware
? A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. Par contre, il n'est pas nécessaire d'activer l'essai gratuit pour la protection.
? Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
? Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
? Sélectionne tes disques durs puis clique sur "Lancer l'examen"
? A la fin de l'analyse, clique sur Afficher les résultats
? Coche tous les éléments détectés puis clique sur Supprimer la sélection
? S'il t'est demandé de redémarrer l'ordinateur, accepte.
? Poste dans ta prochaine réponse le rapport apparaissant après la suppression.

Repost moi un nouveau rapport ZHPDiag.

Merci

L'avenir n'est pas merveilleux, à nous de le rendre meilleur.
0
suz1990 Messages postés 13 Date d'inscription dimanche 24 novembre 2013 Statut Membre Dernière intervention 17 décembre 2013
16 déc. 2013 à 22:07
voici le premier rapport :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x86
Ran by compurama on 16/12/2013 at 22:04:17,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1296205293-2209527227-45657569-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1296205293-2209527227-45657569-1000\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-4.8-chromeinstaller
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-4.8-codedownloader
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-4.8-enabler
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-4.8-firefoxinstaller
Successfully deleted: [File] C:\Windows\System32\Tasks\Plus-HD-4.8-updater
Successfully deleted: [File] "C:\Users\compurama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\compurama\appdata\local\software"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{0C108DA3-72F1-4E69-9855-BEFED5DE02BF}
Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{2E7964BF-3EC1-4628-BE08-0D829138A959}
Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{A951B0BF-69B4-4937-B202-DA097F6E3A95}
Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{B655386C-A324-4384-8C35-C05150182AC0}
Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{B9E78D52-7A26-4683-904C-D6624687EA99}
Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{BD48D9A6-0E06-453B-A211-508573D3A7EA}
Successfully deleted: [Empty Folder] C:\Users\compurama\appdata\local\{ED4A41AD-64DB-40D6-9FD6-A1016BAE28A2}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\compurama\AppData\Roaming\mozilla\firefox\profiles\q8gatwd4.default\extensions\crossriderapp12767@crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c7ae725d-fa5c-4027-bb4c-787ef9f8248a}
Emptied folder: C:\Users\compurama\AppData\Roaming\mozilla\firefox\profiles\q8gatwd4.default\minidumps [707 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/12/2013 at 22:06:13,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 198
16 déc. 2013 à 22:12
Rapport ok; Maintenant MBAM (durée 1h30 en moyenne) Patience !
0
suz1990 Messages postés 13 Date d'inscription dimanche 24 novembre 2013 Statut Membre Dernière intervention 17 décembre 2013
16 déc. 2013 à 23:25
J'ai lancé l'examen rapide parceque le lent ca s'arretait a 3min meme en ayant rééssayé plusieurs fois. Voici le rapport de MBAM.



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.12.16.07

Windows 7 Service Pack 1 x86 NTFS (Mode sans échec/Réseau)
Internet Explorer 11.0.9600.16428
compurama :: COMPURAMA-PC [administrateur]

16/12/2013 23:12:47
mbam-log-2013-12-16 (23-12-47).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 205248
Temps écoulé: 8 minute(s),

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 11
C:\ProgramData\InstallMate\OptimizerPro (PUP.Optional.OptimizerPro.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.16.16 (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\ct3307695 (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\ct3307695\plugins (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\ct3307695\xpi (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\ct3307695\xpi\defaults (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\ct3307695\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Updater12767 (PUP.Optional.Dealspy) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 32
C:\Users\compurama\AppData\Local\Temp\ICReinstall_UltimateCodec.exe (PUP.Optional.JumpyApps) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\2FC9ED16-BAB0-7891-A7B6-7FB0241BADFF\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\2FC9ED16-BAB0-7891-A7B6-7FB0241BADFF\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\2FC9ED16-BAB0-7891-A7B6-7FB0241BADFF\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\39AC5DFC-BAB0-7891-96D0-7C6AF86D956F\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\39AC5DFC-BAB0-7891-96D0-7C6AF86D956F\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\C97728C0-BAB0-7891-A94D-736A8139999F\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\C97728C0-BAB0-7891-A94D-736A8139999F\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\C97728C0-BAB0-7891-A94D-736A8139999F\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\DD4C8846-BAB0-7891-9599-A577415BB200\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\DD4C8846-BAB0-7891-9599-A577415BB200\Latest\ccp.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\DD4C8846-BAB0-7891-9599-A577415BB200\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\DD4C8846-BAB0-7891-9599-A577415BB200\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Temp\DealPlyLive.exe1ba49 (PUP.Optional.DealPly.A) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Temp\goopdate.dll1bb23 (PUP.Optional.DealPly.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\Downloads\al-English-in-Use-ICT_-__Nouvellebiblio.com_.pdf.exe (PUP.Optional.Installex) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\Downloads\iLividSetup-r563-n-bf.exe (PUP.Optional.Bandoo) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\Downloads\Sigmaplot_11_2.exe (PUP.Optional.ToolbarWid) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\Downloads\SoftonicDownloader_for_sigmaplot.exe (PUP.Optional.Softonic) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\Downloads\spss(1).exe (PUP.Optional.Freemium.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\Downloads\Systat_SigmaPlot_v12.2_downloader_fr_68.exe (PUP.Optional.GoForFiles.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\Downloads\Systat_SigmaPlot_v12.2_downloader_fr_99399.exe (PUP.Optional.GoForFiles.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\Downloads\UltimateCodec.exe (PUP.Optional.JumpyApps) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\Downloads\UsbFix(1).exe (PUP.Optional.Firseria) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Installer\117716.msi (PUP.Optional.SmartBar.A) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Installer\38f56e6.msi (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\InstallMate\OptimizerPro\Setup.exe (PUP.Optional.OptimizerPro.A) -> Mis en quarantaine et supprimé avec succès.
C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll (PUP.Optional.OptimizerPro.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\ct3307695\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\ct3307695\xpi\install.rdf (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\compurama\AppData\Local\Temp\ct3307695\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.

(fin)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 198
16 déc. 2013 à 23:37
Re,

Maintenant ZHPDiag.

Merci
0
suz1990 Messages postés 13 Date d'inscription dimanche 24 novembre 2013 Statut Membre Dernière intervention 17 décembre 2013
17 déc. 2013 à 08:32
Bonjour voici,

~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013)
~ Launched by compurama (17/12/2013 08:24:47)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16428
MFIE: Mozilla Firefox 18.0.2 (Defaut)
GCIE: Google Chrome v14.0.794.0

---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v7.0.1474.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 7

---\\ Information on the system
~ Processor: x86 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 2998 MB (83% free)
System Restore: Activé (Enable)
System drive C: has 313 GB (70%) free of 443 GB

---\\ Connection to the system mode
~ Computer Name: COMPURAMA-PC
~ User Name: compurama
~ All Users Names: Guest, compurama, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\compurama\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\compurama\AppData\Roaming\
~ %Desktop% : C:\Users\compurama\Desktop\
~ %Favorites% : C:\Users\compurama\Favorites\
~ %LocalAppData% : C:\Users\compurama\AppData\Local\
~ %StartMenu% : C:\Users\compurama\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 313 Go of 443 Go)
D: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.B5EB5BD3066959611E1F7A80FD6CC172] - (.Microsoft Corporation - Internet Extensions for Win32.) (.15/12/2013 - 09:01:19.) -- C:\Windows\System32\wininet.dll [1818112]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/535
~ Mes musiques (My Musics) : 1/77
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 1/175
~ Mon Bureau (My Desktop) : 0/65
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 03s



---\\ Process running
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.528]
[MD5.58ED0528F2B1BFB3301BC10E0E707C35] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917400] [PID.1304]
[MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.1092]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\compurama\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\prefs.js
M2 - MFEP: prefs.js [compurama - q8gatwd4.default\firefox@glindorus.net] [] glindorus v1.0.0 (..) =>PUP.Glindorus
M2 - MFEP: prefs.js [compurama - q8gatwd4.default\jid1-FCM5fDwCW5M3AQ@jetpack] [] Smart Display v1.2 (..) =>Spyware.SmartDisplay
M2 - MFEP: prefs.js [compurama - q8gatwd4.default\{a3ea9bd3-d370-8618-a451-3c149afaef88}] [] Shopping Helper Smartbar v1.2 (..) =>Hijacker.SmartBar
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects (O2)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Tonec Inc. - IDM BHO Module.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll
~ BHO: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E4F7B179-A3F6-47D8-9832-CB7B2627312A} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Free Movies & Games.lnk . (...) -- C:\Program Files\Real\RealPlayer\freeoffers.rnx
O4 - GS\Desktop [Public]: Lightroom 3.3.lnk . (.Adobe Systems - Adobe Photoshop Lightroom.) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.3\lightroom.exe =>.Adobe Systems Incorporated
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: NDP.view 2.lnk . (.Hamamatsu Photonics K.K. - NDP.view 2.) -- C:\Program Files\Hamamatsu\NDP.view 2\NDPView2.exe
O4 - GS\Desktop [Public]: Nimbuzz.lnk . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
O4 - GS\Desktop [Public]: R 2.14.1.lnk . (...) -- C:\Program Files\R\R-2.14.1\bin\i386\Rgui.exe
O4 - GS\Desktop [Public]: RasWin.lnk . (...) -- C:\Program Files\RasWin\raswin.exe
O4 - GS\Desktop [Public]: SigmaPlot 12.0.lnk . (.Systat Software, Inc. - Systat Software, Inc. SigmaPlot for Windows.) -- C:\Program Files\SigmaPlot\SPW12\Spw.exe
O4 - GS\Desktop [Public]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [compurama]: Free Shortcut Remover.lnk . (...) -- C:\Program Files\Free Shortcut Remover\FreeShortcutRemover.exe
O4 - GS\QuickLaunch [compurama]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
O4 - GS\QuickLaunch [compurama]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\TaskBar [compurama]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
O4 - GS\Program [compurama]: Create Amazing Presentations.lnk - Orphan key
O4 - GS\Program [compurama]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
O4 - GS\SystemTools [compurama]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [compurama]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [compurama]: Continue Codec Pack Installation.lnk . (...) -- C:\Users\compurama\AppData\Local\Temp\ICReinstall_UltimateCodec.exe (.not file.)
O4 - GS\Desktop [compurama]: Create Amazing Presentations.lnk - Orphan key
O4 - GS\Desktop [compurama]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\compurama\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [compurama]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [compurama]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files\UltraISO\UltraISO.exe
O4 - GS\Desktop [compurama]: Viber.lnk . (...) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
~ Global Startup: 90 Legitimates Filtered in 00mn 06s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [tuto4pc_fr_43] Orphan key =>PUP.Eorezo
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (.not file.)
O4 - HKCU\..\Run: [Nimbuzz] . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Viber] . (.No owner - Viber.) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
O4 - HKCU\..\RunOnce: [mystart_ad] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
O4 - HKCU\..\RunOnce: [mystart_ad_XP] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
O4 - HKCU\..\RunOnce: [mystart_ad_DATA_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
O4 - HKCU\..\RunOnce: [mystart_ad_INSTALL_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
O4 - HKCU\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S2].txt
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Orphan key =>Toolbar.Conduit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Nimbuzz] . (...) -- C:\Program Files\Nimbuzz\Nimbuzz.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\compurama\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\compurama\AppData\Roaming\Spotify\Spotify.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\compurama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\Run: [Viber] . (.No owner - Viber.) -- C:\Users\compurama\AppData\Local\Viber\Viber.exe
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_XP] . (.Microsoft Corporation - Registry Console Tool.) -- C:\Windows\System32\reg.exe =>Spyware.VMNToolbar
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_DATA_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [mystart_ad_INSTALL_FOLDER] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe =>Spyware.VMNToolbar
O4 - HKUS\S-1-5-21-1296205293-2209527227-45657569-1000\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S2].txt
~ Application: Scanned in 00mn 01s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{40D2BD0A-7E90-4ED1-809C-6126A1CB054C}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 6 Legitimates Filtered in 00mn 03s



---\\ Software installed (O42)
O42 - Logiciel: Free Shortcut Remover 4.2.1 - (.FreeShortcutRemover Co., Ltd..) [HKLM] -- Free Shortcut Remover_is1
O42 - Logiciel: NDP.view 2 - (.Hamamatsu.) [HKLM] -- {A2A127DB-C05D-4125-88DF-AAEA9AD7F2FD}
O42 - Logiciel: Nimbuzz 1.6.0 - (.Nimbuzz B.V..) [HKLM] -- Nimbuzz
O42 - Logiciel: RasWin (remove only) - (...) [HKLM] -- RasWin
O42 - Logiciel: Shopping Helper Smartbar - (.ReSoft Ltd..) [HKLM] -- {9726F9E3-EE13-4601-B2AF-81B1413BD8AF} =>Hijacker.SmartBar
O42 - Logiciel: Shopping Helper Smartbar Engine - (.ReSoft Ltd..) [HKCU] -- {98c3cefd-7b2b-4d84-97f8-fbc47d718314} =>Hijacker.SmartBar
~ Logic: 16 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\33906InstEnd]
[HKCU\Software\45914InstEnd]
[HKCU\Software\ForumerIT] =>Toolbar.Forumer
[HKCU\Software\Nimbuzz]
[HKCU\Software\Softlock]
[HKCU\Software\System32]
[HKLM\Software\Email Notifier]
[HKLM\Software\VBMZ] =>PUP.Duuqu
~ Key Software: 218 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 24/11/2013 - 10:59:20 - [5,107] ----D C:\Program Files\Free Shortcut Remover
O43 - CFD: 28/07/2012 - 14:23:03 - [693,310] -SH-D C:\Program Files\MSOffice2o1OSetup____
O43 - CFD: 28/07/2012 - 15:56:32 - [37,544] ----D C:\Program Files\Nimbuzz
O43 - CFD: 14/10/2012 - 21:33:31 - [1,899] ----D C:\Program Files\RasWin
O43 - CFD: 18/07/2013 - 21:46:39 - [1,637] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 14/10/2012 - 21:35:34 - [0] ----D C:\Users\compurama\AppData\Roaming\RasWin
O43 - CFD: 28/07/2012 - 15:56:36 - [0] ----D C:\Users\compurama\AppData\Local\nimbuzz
~ Program Folder: 163 Legitimates Filtered in 04mn 26s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.152622A606D8D88F884BEC09D61E6177] - 12/12/2013 - 00:03:49 ----- . (...) -- C:\bootsqm.dat [9928]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 15/12/2013 - 09:01:19 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
O44 - LFC:[MD5.BD725DAEE2DDA17B57FA60C6752856E5] - 15/12/2013 - 09:03:26 ---A- . (...) -- C:\Windows\IE11_main.log [41650]
O44 - LFC:[MD5.B207C591F992ECB90749852B11901618] - 16/12/2013 - 19:17:33 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16848]
O44 - LFC:[MD5.B207C591F992ECB90749852B11901618] - 16/12/2013 - 19:17:33 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16848]
O44 - LFC:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 16/12/2013 - 20:36:05 ---A- . (...) -- C:\Windows\System32\TrueSight.sys [26624]
O44 - LFC:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 16/12/2013 - 20:37:07 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
O44 - LFC:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 16/12/2013 - 20:37:34 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
O44 - LFC:[MD5.01D2CE37F5D17D097C90396394CECE05] - 17/12/2013 - 08:23:22 ---A- . (...) -- C:\Windows\ntbtlog.txt [1271996]
~ Files: 405 Legitimates Filtered in 00mn 33s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 16/12/2013 - 20:37:07 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 16/12/2013 - 20:37:10 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys.bak [26624]
O58 - SDL:[MD5.FE844CD09B2F84392A2760D79660605C] - 21/10/2010 - 02:03:00 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe86.sys [56832]
O58 - SDL:[MD5.FE844CD09B2F84392A2760D79660605C] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe86.sys.bak [56832]
O58 - SDL:[MD5.ADED85AE02AEF0B082FC882348328244] - 25/08/2010 - 07:11:08 ---A- . (.REDC - RICOH PCIe SD/MMC Driver.) -- C:\Windows\System32\Drivers\risdsne86.sys [57856]
O58 - SDL:[MD5.ADED85AE02AEF0B082FC882348328244] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH PCIe SD/MMC Driver.) -- C:\Windows\System32\Drivers\risdsne86.sys.bak [57856]
O58 - SDL:[MD5.CFB021E821301253AEA241863A90CBFE] - 21/10/2010 - 05:27:00 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe86.sys [44544]
O58 - SDL:[MD5.CFB021E821301253AEA241863A90CBFE] - 16/12/2013 - 20:37:29 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe86.sys.bak [44544]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 16/12/2013 - 20:37:34 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 16/12/2013 - 20:36:05 ---A- . (...) -- C:\Windows\System32\TrueSight.sys [26624]
~ Drivers: 18 Legitimates Filtered in 00mn 06s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.scr> <RasWin.Script>[HKLM\..\open\Command] (...) -- C:\Program Files\RasWin\RasWin.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Beamrise.P5NQ3AGNQVKKYNQE7R4YJ4BVZM> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\compurama\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://ww7.certified-toolbar.com =>PUP.CertifiedToolbar
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.95F4B9D795797BB9860A26184B902E2B] [SPRF][28/07/2012] (.S.a.c.c - Fix Setup.) -- C:\Users\compurama\AppData\Local\Fix.exe [1261446]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\klmtyzno.dll [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\odwtvdej.dll [0]
[MD5.2397D29D372A1451E1A592717E957C1D] [SPRF][16/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\q91isrhh.dll [73728]
[MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\Quarantine.exe [360051]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][16/12/2013] (...) -- C:\Users\compurama\AppData\Local\Temp\sebwvkt2.dll [0]
[MD5.4E2CBDA04D6447BE39403A820685F809] [SPRF][27/02/2013] (.Hamamatsu - This installer database contains the logic and data required to install NDP.view 2..) -- C:\Users\compurama\Desktop\NDP.view 2 Setup.exe [10918520]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{E2BA41B5-F9D0-494B-B9FB-01B22330B88A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{3493B2B6-0322-4DB2-B0A4-D0B10060F4E9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "TCP Query User{A36282DA-3888-46EC-A828-13C959C1A7AF}C:\program files\relevantknowledge\rlvknlg.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\relevantknowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "UDP Query User{17171805-1968-480D-9F1C-7AF46A574605}C:\program files\relevantknowledge\rlvknlg.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\relevantknowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "{C8790DE2-CA6F-4F74-9314-23514C8612BA}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "{DA2763A1-8134-4047-82C3-956E090813DF}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
~ Firewall: 227 Legitimates Filtered in 00mn 01s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "BD721A2AD50C521488FDAAAEA97D2FDF" . (.NDP.view 2.) -- C:\Windows\Installer\{A2A127DB-C05D-4125-88DF-AAEA9AD7F2FD}\NDPView2_2.exe
~ Update Products: 76 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.5D04C553F649371A4DDA2ECD5335BF3D] [WIS][08/01/2013] (.Hamamatsu - NDP.view 2.) -- C:\Windows\Installer\2185d193.msi [1196032]
~ WIS: 79 Legitimates Filtered in 00mn 12s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Auto 31/05/2010 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 06/02/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 16s



---\\ Scan Additionnel (O88)
Database Version : 13013 - (14/12/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 3

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9726F9E3-EE13-4601-B2AF-81B1413BD8AF}] =>Hijacker.SmartBar^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98c3cefd-7b2b-4d84-97f8-fbc47d718314}] =>Hijacker.SmartBar^
[HKLM\Software\VBMZ] =>Toolbar.Conduit
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411411172}] =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:tuto4pc_fr_43 =>PUP.Eorezo^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:mystart_ad =>Spyware.VMNToolbar^
C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\firefox@glindorus.net =>PUP.Glindorus^
C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\jid1-FCM5fDwCW5M3AQ@jetpack =>Spyware.SmartDisplay^
C:\Users\compurama\AppData\Roaming\Mozilla\Firefox\Profiles\q8gatwd4.default\extensions\{a3ea9bd3-d370-8618-a451-3c149afaef88} =>Hijacker.SmartBar^
C:\ProgramData\InstallMate =>PUP.Tarma^
O4 - HKLM\..\Run: [tuto4pc_fr_43] Orphan key =>PUP.Eorezo^
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Orphan key =>Toolbar.Conduit^
[HKCU\Software\ForumerIT] =>Toolbar.Forumer^
~ Additionnel Scan: 274109 Items scanned in 00mn 24s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/33429762-pup-glindorus =>PUP.Glindorus
~ http://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay =>Spyware.SmartDisplay
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/27985391-spyware-vmntoolbar =>Spyware.VMNToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29626487-hijacker-office =>Hijacker.Office
~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer
~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/34065742-hijacker-beamrise =>Hijacker.Beamrise
~ http://nicolascoolman.webs.com/apps/blog/show/28040039-pup-certifiedtoolbar =>PUP.CertifiedToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27456165-adware-relevantknowledge =>Adware.RelevantKnowledge
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 16 link(s) detected in 00mn 24s



~ 1422 Legitimates filtered by white list
End of the scan (525 lines in 06mn 21s)(0)
0
suz1990 Messages postés 13 Date d'inscription dimanche 24 novembre 2013 Statut Membre Dernière intervention 17 décembre 2013
17 déc. 2013 à 09:26
Alors j'ai lancé tous ces examens en ''safe mode'' de l'ordi. Du coup ce matin je n'arrive meme plus a démarrer l'ordi en mode ''normal'' ca me met un message d'erreur comme quoi l'analyse malwarbyte n'a pas bien marché et puis ecran noire ! Help please je ne sais plus ce qui lui arrive cet ordi ! :S
0
Réponse 6 / 6
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
Modifié par Fish66 le 17/12/2013 à 11:51
Bonjour,
1/
Télécharge : AdwCleaner (merci à Xplode)
Lance AdwCleaner
Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.
Poste le rapport qui apparait en fin de recherche.
(Le rapport est sauvegardé aussi sous C:\AdwCleaner\AdwCleaner[x].txt)

2/
* Télécharge sur le bureau RogueKiller (par tigzy)
https://www.luanagames.com/index.fr.html

* ( Sous Vista/Seven,clique droit, lancer en tant qu'administrateur )
* Quitte tous tes programmes en cours
* Lance RogueKiller.exe

Si l'infection bloque le programme, il faut le relancer plusieurs fois ou le renommer en winlogon.exe

* Laisse le prescan se terminer, clique sur Scan

* Clique sur Rapport pour l'ouvrir puis copie/colle le sur le dans ton prochain message

@+



¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
clavier subitement lent !
remi18 -
MB -

83 réponses