Awesomehp

alain3164 Messages postés 5 Statut Membre -  
kingk06 Messages postés 10790 Statut Membre -
Bonjour,
J'ai besoin de votre aide

Vous avez ci-dessous le rapport ZHPdiag. Merci de votre aide.

~ Lancé par jean-pierre (02/02/2014 11:57:12)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v32.0.1700.102

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Ultimate, 64-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 8TFF7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du système
CCleaner v4.10 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 17
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3939 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 824 GB (93%) free of 880 GB

---\\ Mode de connexion au système
~ Computer Name: JEAN-PIERRE-PC
~ User Name: jean-pierre
~ All Users Names: jean-pierre, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\jean-pierre\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jean-pierre\AppData\Roaming\
~ %Desktop% : C:\Users\jean-pierre\Desktop\
~ %Favorites% : C:\Users\jean-pierre\Favorites\
~ %LocalAppData% : C:\Users\jean-pierre\AppData\Local\
~ %StartMenu% : C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 824 Go of 880 Go)
D: Hard drive, Flash drive, Thumb drive (Free 16 Go of 50 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2016
~ Mes musiques (My Musics) : 1/56
~ Mes Videos (My Videos) : 1/95
~ Mes Favoris (My Favorites) : 1/135
~ Mes Documents (My Documents) : 3/2388
~ Mon Bureau (My Desktop) : 1/30
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 01s

---\\ Processus lancés
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.4576] =>Toolbar.Google
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.4676]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.4852]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4944]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.4952]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3940]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1224]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1808]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2328]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2920]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.3048]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2212]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3436]
[MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.3196]
[MD5.1584DEEAE5AA0E3FB045F3D0EAC585EA] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.2856]
[MD5.FC43877B4625F6EB773C98233EB625C5] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.3908]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.awesomehp.com =>PUP.Awesomehp
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.awesomehp.com =>PUP.Awesomehp
G2 - GCE: Preference [User Data\Default] [aaaaimdcedbpbcjjbbnfcbbjcngmomic] Movies Toolbar v.29.1, (Désactivé) =>PUP.MoviesToolbar
G2 - GCE: Preference [User Data\Default] [ajakpekbmnkgnjbpajgkdhimcbeoocam] Savings Wizard v.1.0, (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pkndmigholgfjlniaohblojbhgjbkakn] Lightning speedDial v.1.1.7, (Activé)
~ Google Browser: 19 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\nbjapirm.default\prefs.js
C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\nbjapirm.default\user.js
C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\xd1tkm86.default\prefs.js
C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\xd1tkm86.default\user.js
M3 - MFPP: Plugins - [jean-pierre] -- C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\nbjapirm.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [jean-pierre] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\awesomehp.xml =>PUP.Awesomehp
M2 - MFEP: prefs.js [jean-pierre - nbjapirm.default\{090AF4A1-CDA6-D91F-096A-378C214EE20C}] [] Savings Wizard v1.0 (..)
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.mysearchdial.com =>Adware.MyWebSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 23 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)
O1 - Hosts: 54.204.28.26 ajakpekbmnkgnjbpajgkdhimcbeoocam
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Bing Client Extensions.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll =>Toolbar.Bing
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: FlvPlayer.lnk . (...) -- C:\Program Files (x86)\FlvPlayer\FLVPlayerApp.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Public]: Obtenir une assistance logicielle complète de Lexmark.LNK - Clé orpheline
O4 - GS\Program [Public]: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation - Windows 7 Upgrade Advisor.) -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe
O4 - GS\Program [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [Public]: Home Cinema.lnk . (.CyberLink Corp. - CyberLink PowerStarter Main Program.) -- C:\Program Files (x86)\CyberLink\Media Suite\PS.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [jean-pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [jean-pierre]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\TaskBar [jean-pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\TaskBar [jean-pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\TaskBar [jean-pierre]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [jean-pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\SystemTools [jean-pierre]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [jean-pierre]: Nettoyez votre registre gratuitement!.lnk - Clé orpheline
~ Global Startup: 74 Legitimates Filtered in 00mn 00s

---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\RunOnce: [MedionReminder] . (.CyberLink - PowerRecover.) -- C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean-pierre\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean-pierre\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\\KiesTrayAgent.exe =>.Samsung Electronics Co
~ Application: Scanned in 00mn 00s

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: eBay.fr [64Bits] - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} . (...) -- C:\Program Files\Internet Explorer\Custom\eBay.ico =>Toolbar.eBay
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Logiciels installés (O42)
O42 - Logiciel: Firefox Packages - (...) [HKCU][64Bits] -- Firefox Packages
O42 - Logiciel: Qtrax Music Downloader Packages - (...) [HKCU][64Bits] -- Qtrax Music Downloader Packages =>P2P.Qtrax
~ Logic: 22 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ForumerIT] =>Toolbar.Forumer
[HKCU\Software\UpdaterEX] =>PUP.Dealply
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\Savings Wizard]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 275 Legitimates Filtered in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/02/2014 - 20:08:05 - [0,489] ----D C:\Program Files (x86)\SupTab
O43 - CFD: 01/02/2014 - 20:30:39 - [0] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 01/02/2014 - 20:07:58 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 15/06/2013 - 12:50:48 - [1,063] ----D C:\Users\jean-pierre\AppData\Roaming\0F0C1V0F1L1I1P0E2V2Z1C1T1R2Z1F1C
O43 - CFD: 01/02/2014 - 19:58:38 - [1,063] ----D C:\Users\jean-pierre\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
O43 - CFD: 01/02/2014 - 20:06:37 - [1,224] ----D C:\Users\jean-pierre\AppData\Local\genienext
O43 - CFD: 30/11/2011 - 21:43:55 - [0,001] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
~ 12 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 208 Legitimates Filtered in 00mn 13s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.1667A0F0E7161176DB6AB4ECACF4E307] - 25/01/2014 - 19:53:04 ---A- . (...) -- C:\aqua_bitmap.cpp [2006]
O44 - LFC:[MD5.48D9D00C2E0E72C3D4F52772C80355F6] - 25/01/2014 - 19:56:07 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
~ Files: 28 Legitimates Filtered in 00mn 04s

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.DFF7F3645CC4911CFE5950F5587C51DB] - 01/02/2014 - 15:21:46 ---A- - C:\Windows\Prefetch\FLVPLAYERAPP.EXE-6C7852C8.pf
O45 - LFCP:[MD5.AD66A4139F91AB1C9227D2897407CB60] - 01/02/2014 - 19:54:36 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-538569DB.pf =>PUP.Wajam
O45 - LFCP:[MD5.2E3BFE1AA0F6B4571E544C878C0754FB] - 01/02/2014 - 19:55:03 ---A- - C:\Windows\Prefetch\MYSEARCHDIALSRV.EXE-ADF8ADFE.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.60A9796B78EF44C0079CEE03030BEDD4] - 01/02/2014 - 19:55:04 ---A- - C:\Windows\Prefetch\MYSEARCHDIAL.EXE-2237DDD2.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.D87010EA464AD5B3ACB108D44749698B] - 01/02/2014 - 19:57:13 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-767FB1AE.pf
O45 - LFCP:[MD5.17064AD128FC11E484DEB5C7D4A3F2A5] - 02/02/2014 - 08:41:08 ---A- - C:\Windows\Prefetch\OLICENSEHEARTBEAT.EXE-3846C330.pf
O45 - LFCP:[MD5.19A6E2993A1B39C4F12E7201DEA0AF9C] - 02/02/2014 - 10:33:58 ---A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf
O45 - LFCP:[MD5.453746A13FD0C6DD64B2710212CEC275] - 30/01/2014 - 17:50:44 ---A- - C:\Windows\Prefetch\32.0.1700.102_32.0.1700.76_CH-752CACB7.pf
O45 - LFCP:[MD5.41CA3086DCBFAB971421C8C962DFD63F] - 31/01/2014 - 16:21:10 ---A- - C:\Windows\Prefetch\REMINDER.EXE-41D2E779.pf
O45 - LFCP:[MD5.C4BC25887785FD1266768E6DE6B8104D] - 31/01/2014 - 16:21:21 ---A- - C:\Windows\Prefetch\F14B85A2-8C21-419A-A9F7-EC95D-C4163624.pf
O45 - LFCP:[MD5.00B1FD6502986D0D95EC1C2B9D50116C] - 31/01/2014 - 19:36:05 ---A- - C:\Windows\Prefetch\VSPDFPRSRV.EXE-651D9655.pf
~ Prefetcher: 113 Legitimates Filtered in 00mn 00s

---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 26/11/2013 - 16:39:22 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 19/01/2014 - 22:06:28 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.FFCCD922F305B8CFBA8D99F65E35EDD7] - 22/12/2009 - 03:31:04 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\System32\Drivers\dgderdrv.sys [20568]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.3C23BE0DAD748BAE77E87F18F34EBA0E] - 30/04/2013 - 09:51:09 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40616]
O58 - SDL:[MD5.48D9D00C2E0E72C3D4F52772C80355F6] - 22/12/2009 - 03:31:26 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:[MD5.4F63FF698DC72EC2EC0262427F8B53CB] - 22/12/2009 - 03:31:02 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136]
O58 - SDL:[MD5.48D9D00C2E0E72C3D4F52772C80355F6] - 22/12/2009 - 03:31:26 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 16 Legitimates Filtered in 00mn 04s

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/02/2014 - 11:58:05 ---A- . (...) -- C:\Users\jean-pierre\.android\adbkey [1704]
O61 - LFC: 01/02/2014 - 11:58:05 ---A- . (...) -- C:\Users\jean-pierre\.android\adbkey.pub [716]
O61 - LFC: 01/02/2014 - 11:58:11 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_element.js.content [2385]
O61 - LFC: 01/02/2014 - 11:58:11 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_languages.json.content [2033]
O61 - LFC: 01/02/2014 - 11:58:29 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\ZHP\HOSTS.txt [871] =>.Nicolas Coolman
O61 - LFC: 01/02/2014 - 11:58:31 ---A- . (...) -- C:\Users\jean-pierre\daemonprocess.txt [0]
O61 - LFC: 02/02/2014 - 11:58:06 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 02/02/2014 - 11:58:11 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Local State [57561]
O61 - LFC: 02/02/2014 - 11:58:11 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Toolbar\broker_metrics.xml [6103]
O61 - LFC: 02/02/2014 - 11:58:29 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\ZHP\Log.txt [99925] =>.Nicolas Coolman
O61 - LFC: 02/02/2014 - 11:58:29 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\ZHP\TestsZHPDiag.txt [3041] =>.Nicolas Coolman
O61 - LFC: 31/01/2014 - 11:58:27 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\PDF Pro 10\settings.xml [2213]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 1561 Legitimates Filtered in 00mn 29s

---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.awesomehp.com =>PUP.Awesomehp
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.awesomehp.com =>PUP.Awesomehp
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O68 - StartMenuInternet: <Torch> <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 75ED7D0EB0BC4BB9B6C3732714C6D6EE - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] F568FB0C2A354EF48EA23B30A741A761 - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] Live Search - (Live Search) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {15040F32-1CFC-096C-3936-5162CE978470} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s

---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.FEC17D5FB09A03376D3AA204C65562A7] [SPRF][25/10/2013] (...) -- C:\Users\jean-pierre\Desktop\sqlite3.dll [362029]
~ Files: 1 Legitimates Filtered in 00mn 00s

---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\Windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 243 Legitimates Filtered in 00mn 00s

---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 248 Legitimates Filtered in 00mn 12s

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/12/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
SS - | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 17/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 23/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 11/11/2008 620544 | (ServiceLayer) . (.Nokia..) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 16/12/2013 247968 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
SR - | Auto 22/12/2009 117584 | (dgdersvc) . (.Devguru Co., Ltd..) - C:\Windows\system32\dgdersvc.exe
SR - | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 11/03/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 14/04/2010 1052328 | (lxea_device) . (...) - C:\Windows\system32\lxeacoms.exe
SR - | Auto 28/09/2011 25824 | (MemeoBackgroundService) . (.Memeo.) - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 11/03/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 14s

---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by jean-pierre at 02/02/2014 11:59:07
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s

---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by jean-pierre at 02/02/2014 11:59:09

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 33
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 5

[HKLM\Software\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic] =>PUP.MoviesToolbar^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Qtrax Music Downloader Packages] =>P2P.Qtrax^
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite] =>Adware.ScanQuery
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly
[HKLM\Software\Classes\mysearchdial.mysearchdialdskBnd] =>Adware.MyWebSearch
[HKLM\Software\Classes\mysearchdial.mysearchdialdskBnd.1] =>Adware.MyWebSearch
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialdskBnd] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialdskBnd.1] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic =>PUP.MoviesToolbar^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
[HKCU\Software\ForumerIT] =>Toolbar.Forumer^
[HKCU\Software\UpdaterEX] =>PUP.Dealply^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
~ Additionnel Scan: 243685 Items scanned in 00mn 43s

---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
~ http://nicolascoolman.webs.com/apps/blog/show/33744863-pup-moviestoolbar =>PUP.MoviesToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>PUP.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blog/show/30990124-adware-scanquery =>Adware.ScanQuery
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ MSI: 16 link(s) detected in 00mn 43s

~ 2967 Legitimates filtered by white list
End of the scan (567 lines in 02mn 41s)(0)

5 réponses

  1. kingk06 Messages postés 10790 Statut Membre 536
     
    bonjour,

    Tu as des adwares fais ce qui suit, dans l'ordre

    1)Télécharge ==> AdwCleaner (de Xplode) sur ton bureau

    Double-clique sur l'icône présente sur ton bureau pour le lancer (Vista/7/8 --> Clic droit et "Exécuter en tant qu'administrateur")
    Clique sur le bouton "Scanner"

    Lorsque l'analyse est terminée, il est indiqué "En attente. Veuillez décocher les éléments...." au dessus de la barre de progression
    Clique sur le bouton Nettoyer

    Accepte le message de fermeture des applications

    Valide, après lecture, la fenêtre d'information sur les PUP/LPI
    Accepte le message de redémarrage

    Patiente durant la suppression
    Le PC va redémarrer et un rapport s'ouvrira automatiquement dans le bloc-notes après redémarrage Copie/colle son contenu dans ta prochaine réponse

    Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

    ___________________________________________________________>>>

    On va utiliser un outil en complément à Adwcleaner:

    ==> 2) Télécharge ici ==>Junkware Removal Tool

    si ça marche pas lien direct ici => http://thisisudax.org/downloads/JRT.exe

    ==> (ne clique pas sur télécharger, le téléchargement va débuter automatiquement)

    ==> Enregistre-le sur ton bureau.

    ==> Ferme toutes les applications en cours.

    ==> Ouvre JRT.exe et appuie sur Entrée : si tu es sous Windows Vista, 7 ou 8, ouvre-le en faisant : clic droit => Exécuter en tant qu'administrateur.

    ==> Patiente le temps que l'outil travaille : le bureau va disparaître quelques instants, c'est tout à fait normal.

    -> À la fin de l'analyse, un rapport nommé JRT.txt va s'ouvrir. Héberge-le comme ceci http://www.forum-entraide-informatique.com/support/cjoint-com-tutoriel-t2939.html et poste le lien obtenu dans ta prochaine réponse.si le premier lien ne marche pas ici => http://pjjoint.malekal.com/

    ==>Tutoriel :=> ICI JRT

    ==> Aide JRT ici <==
    0
    1. alain3164 Messages postés 5 Statut Membre
       
      Bonsoir et merci encore pour ton aide.
      Tu as ci dessous les rapports que tu m'as demandé. et encore une fois merci.

      Rapport AdwCleaner
      # AdwCleaner v3.018 - Rapport créé le 12/02/2014 à 18:58:39
      # Mis à jour le 28/01/2014 par Xplode
      # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Nom d'utilisateur : jean-pierre - JEAN-PIERRE-PC
      # Exécuté depuis : C:\Users\jean-pierre\Downloads\adwcleaner.exe
      # Option : Nettoyer

      ***** [ Services ] *****


      ***** [ Fichiers / Dossiers ] *****

      Dossier Supprimé : C:\Program Files (x86)\Nosibay
      Dossier Supprimé : C:\Program Files (x86)\PC Speed Maximizer
      Dossier Supprimé : C:\Users\jean-pierre\AppData\Roaming\Nosibay
      Dossier Supprimé : C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock
      Dossier Supprimé : C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
      Fichier Supprimé : C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\nbjapirm.default\searchplugins\bingp.xml
      Fichier Supprimé : C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\xd1tkm86.default\user.js

      ***** [ Raccourcis ] *****


      ***** [ Registre ] *****

      Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
      Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
      Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
      Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
      Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
      Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
      Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
      Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
      Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
      Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
      Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
      Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
      Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
      Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
      Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
      Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
      Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
      Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
      Clé Supprimée : HKCU\Software\lollipop
      Clé Supprimée : HKCU\Software\Nosibay
      Clé Supprimée : HKCU\Software\Webplayer
      Clé Supprimée : HKLM\Software\InstallCore

      ***** [ Navigateurs ] *****

      -\\ Internet Explorer v11.0.9600.16428

      Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

      -\\ Mozilla Firefox v27.0 (fr)

      [ Fichier : C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\nbjapirm.default\prefs.js ]


      [ Fichier : C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\xd1tkm86.default\prefs.js ]


      -\\ Google Chrome v32.0.1700.107

      [ Fichier : C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\preferences ]


      *************************

      AdwCleaner[R0].txt - [45803 octets] - [24/10/2013 19:20:07]
      AdwCleaner[R1].txt - [3945 octets] - [12/02/2014 18:57:37]
      AdwCleaner[S0].txt - [39546 octets] - [24/10/2013 19:21:12]
      AdwCleaner[S1].txt - [3454 octets] - [12/02/2014 18:58:39]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3514 octets] ##########

      Rapport Junkware Removal Tool

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Thisisu
      Version: 6.1.1 (02.04.2014:1)
      OS: Windows 7 Home Premium x64
      Ran by jean-pierre on 12/02/2014 at 19:12:54,63
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      ~~~ Services



      ~~~ Registry Values

      Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
      Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
      Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL



      ~~~ Registry Keys

      Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F816170D-C994-4B74-B9A4-234C3838C9EB}
      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3259216411-87914992-101164176-1001\Software\sweetim
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update whilokii
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs
      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111271165}
      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211701196}
      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531129}
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}



      ~~~ Files

      Successfully deleted: [File] "C:\Users\jean-pierre\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



      ~~~ Folders

      Successfully deleted: [Folder] "C:\Users\jean-pierre\appdata\local\cre"
      Successfully deleted: [Folder] "C:\Users\jean-pierre\appdata\local\webplayer"
      Successfully deleted: [Folder] "C:\Users\jean-pierre\appdata\locallow\datamngr"
      Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
      Successfully deleted: [Folder] "C:\Users\jean-pierre\music\qtrax media library"
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{17933447-98E8-4072-9A30-3EE6BD6320CA}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{245D39FA-5E58-4F64-A46D-C88FAA9C8CF8}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{3304B5EB-728E-449E-956E-973F07D44F0B}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{3CB893DF-B4A9-4DD0-A9C0-83B7DE49AA3E}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{4BF75977-28CF-41FC-90EA-08E331424D4E}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{4EECD883-12BA-419A-877A-E81A13843849}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{5CEAF32F-F806-4EA3-B89A-EA757AD0240F}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{5DF28ACF-D145-421C-9E51-839B56318DF0}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{6D2EDB00-8DAA-4EF1-8907-8DC0EF8CB03B}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{87B7E455-792F-44AB-88B2-E9B5F87EF999}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{8C12C8F5-5993-4375-BB8F-972A0D3395AB}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{8F9781B3-616F-4CF5-88A0-5BD1FD2E0A31}
      Successfully deleted: [Empty Folder] C:\Users\jean-pierre\appdata\local\{AAAA805A-6460-4FAE-913F-47CCF436DC81}



      ~~~ FireFox

      Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\zulagames@zulagames.com
      Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\zulagames@zulagames.com
      Emptied folder: C:\Users\jean-pierre\AppData\Roaming\mozilla\firefox\profiles\nbjapirm.default\minidumps [31 files]



      ~~~ Chrome

      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



      ~~~ Event Viewer Logs were cleared





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 12/02/2014 at 19:19:21,96
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      0
  2. kingk06 Messages postés 10790 Statut Membre 536
     
    ok ;)

    Ensuite Fais ceci ==>

    3)Télécharge =>> Malwarebytes'Antimalwares
    Procèdes à l'installation de celui çi Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware PRO"
    La mise à jour du programme va se faire directement ; si ce n'est pas le cas, clique sur Recherche de mises à jour

    ***Attention le scan peut durer assez longtemps environ 2h voire plus...***

    =>Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.<=

    => Fais une analyse complète en cliquant sur Exécuter un examen complet
    Sélectionne les lecteurs à analyser et clique sur Lancer l'examen
    L'analyse peut durer un certain temps

    Lorsque l'analyse est terminée,

    => clique sur OK puis sur Afficher les résultats

    ***/!\"IMPORTANT "Assure-toi que tout est coché et clique sur "Supprimer"la sélection puis sur "OK"/!\***


    Le bloc-note va s'ouvrir qui contiendra un rapport
    Copie (Ctrl+C)/Colle (Ctrl+V) le rapport dans ta prochaine réponse


    /!\ Il est possible que certains fichiers devront être supprimés au redémarrage du PC. Il faut le faire en cliquant sur Oui à la question posée

    pour retrouver le rapport ouvre MBAM +> onglet rapports/logs l Le dernier en date => image ICI==> onglet rapports/logs

    =>Si tu as besoin d'aide regarde ce tutoriel ==>ICI tutoriel<== ou là==> malware-tutoriel<==
    https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
    (Garde Malwarebytes sur ton PC pour des scans réguliers de temps en temps)
    0
    1. alain3164 Messages postés 5 Statut Membre
       
      Bonsoir,

      Tu as ci-dessous le dernier rapport malwarebytes. Et merci encore pour ton aide.

      Malwarebytes Anti-Malware (Essai) 1.75.0.1300
      www.malwarebytes.org

      Version de la base de données: v2014.02.14.06

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 11.0.9600.16518
      jean-pierre :: JEAN-PIERRE-PC [administrateur]

      Protection: Activé

      14/02/2014 17:52:51
      mbam-log-2014-02-14 (17-52-51).txt

      Type d'examen: Examen complet (C:\|D:\|E:\|G:\|Q:\|)
      Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
      Options d'examen désactivées: P2P
      Elément(s) analysé(s): 360002
      Temps écoulé: 35 minute(s), 57 seconde(s)

      Processus mémoire détecté(s): 0
      (Aucun élément nuisible détecté)

      Module(s) mémoire détecté(s): 0
      (Aucun élément nuisible détecté)

      Clé(s) du Registre détectée(s): 3
      HKLM\SOFTWARE\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn (PUP.Optional.NewTab.A) -> Mis en quarantaine et supprimé avec succès.
      HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost (PUP.Optional.Bench.A) -> Mis en quarantaine et supprimé avec succès.
      HKLM\Software\awesomehpSoftware (PUP.Optional.Awesomehp.A) -> Mis en quarantaine et supprimé avec succès.

      Valeur(s) du Registre détectée(s): 1
      HKLM\SOFTWARE\Mozilla\Firefox\Extensions|lightningnewtab@gmail.com (PUP.Optional.Lightning.A) -> Données: C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\nbjapirm.default\extensions\lightningnewtab@gmail.com.xpi -> Mis en quarantaine et supprimé avec succès.

      Elément(s) de données du Registre détecté(s): 5
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Awesomehp.A) -> Mauvais: (http://www.awesomehp.com/?type=hp&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
      HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Awesomehp.A) -> Mauvais: (C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN Bon: (iexplore.exe) -> Mis en quarantaine et réparé avec succès
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.Awesomehp.A) -> Mauvais: (https://www.google.com/webhp?gws_rd=ssl{searchTerms}) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Awesomehp.A) -> Mauvais: (http://www.awesomehp.com/?type=hp&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
      HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Awesomehp.A) -> Mauvais: (http://www.awesomehp.com/?type=hp&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès

      Dossier(s) détecté(s): 3
      C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml (PUP.Optional.Lightning.A) -> Mis en quarantaine et supprimé avec succès.
      C:\ProgramData\IePluginService (PUP.Optional.IePluginService.A) -> Mis en quarantaine et supprimé avec succès.
      C:\ProgramData\IePluginService\update (PUP.Optional.IePluginService.A) -> Mis en quarantaine et supprimé avec succès.

      Fichier(s) détecté(s): 30
      C:\AdwCleaner\Quarantine\C\Kreapixel\Webplayer\plugin.exe.vir (PUP.Optional.Bundler) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll.vir (PUP.Optional.BonanzaDeals.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe.vir (PUP.Optional.BonanzaDeals.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe.vir (PUP.Optional.BonanzaDeals.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir (PUP.Optional.BonanzaDeals.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe.vir (PUP.Optional.BonanzaDeals.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir (PUP.Optional.BonanzaDeals.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir (PUP.Optional.BonanzaDeals.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir (PUP.Optional.BonanzaDeals.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir (PUP.Optional.BonanzaDeals.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir (PUP.Optional.BonanzaDeals.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\file scout\filescout.exe.vir (PUP.Optional.FileScout.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe.vir (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\Pricora\Pricora-helper.exe.vir (PUP.Optional.CrossRider) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\updateWhilokii.exe.vir (PUP.Optional.Whilokii.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Users\jean-pierre\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ARFC\wrtc.exe.vir (PUP.Optional.InstallBrain.A) -> Mis en quarantaine et supprimé avec succès.
      C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\stij.exe.vir (PUP.Optional.Perion) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files (x86)\FlvPlayer\FLVPlayerApp.exe (PUP.Optional.InstallCore) -> Mis en quarantaine et supprimé avec succès.
      C:\Program Files (x86)\SupTab\SupTab.dll (PUP.Optional.SupTab.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\jean-pierre\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\jean-pierre\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip (PUP.Optional.NextLive.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\jean-pierre\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll (PUP.Optional.NextLive.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx (PUP.Optional.NewTab.A) -> Mis en quarantaine et supprimé avec succès.
      C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx (PUP.Optional.NewTab.A) -> Mis en quarantaine et supprimé avec succès.
      C:\ProgramData\IePluginService\update\conf (PUP.Optional.IePluginService.A) -> Mis en quarantaine et supprimé avec succès.

      (fin)
      0
  3. kingk06 Messages postés 10790 Statut Membre 536
     
    Re,

    puis fais ceci =>

    Reparamètres tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
    Internet Explorer et modules complémentaires / moteurs de recherche

    tu vas réinitialiser internet-explorer =>
    https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US

    tu vas réinitialiser Firefox comme ceci : http://www.forum-entraide-informatique.com/support/comment-reinitialiser-mozilla-firefox-t7746.html ou ici => https://www.malekal.com/reparer-firefox/?t=36057&start=

    Puis tu vas faire pareil pour Chrome même si tu ne t'en sers pas ! : http://www.forum-entraide-informatique.com/support/supprimer-des-profils-google-chrome-t7744.html ou ici => https://www.malekal.com/reparer-google-chrome/?t=35837&start=

    NOTE : Pour Firefox et Google Chrome - si rien ne va, il y a la possibilité de les désinstaller/réinstaller, voir liens explicatifs ci-dessus.

    Ou tu peux le faire automatiquement avec ce programme : https://forum.malekal.com/viewtopic.php?t=46433&start=
    Allez jusqu'au bout de votre désinfection, même si vous notez une amélioration après les premiers outils passés.
    =================================================

    puis=>

    pour contrôle refais un nouveau log ZHPDiag: exactement comme dans l'image joint:ICI ==> stp => https://www.cjoint.com/c/CJukFzALKYy
    Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> https://www.cjoint.com/

    Allez jusqu'au bout de votre désinfection, même si vous notez une amélioration après les premiers outils passés.
    0
    1. alain3164 Messages postés 5 Statut Membre
       
      Re bonsoir,

      Je t'adresse ci-dessous le rapport ZHPdiag. Lorsque j'ouvre internet explorer j'ai toujours la page Awesomehp.

      Merci encore pour ton aide.

      ~ Rapport de ZHPDiag v2014.2.12.10 - Nicolas Coolman (12/02/2014)
      ~ Lancé par jean-pierre (14/02/2014 18:55:32)
      ~ Adresse du Site Web https://nicolascoolman.webs.com/
      ~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
      ~ Traduit par Nicolas Coolman
      ~ Etat de la version :
      ~ Liste blanche : Activée par le programme
      ~ Elévation des Privilèges : OK
      ~ User Account Control (UAC): Deactivate by program


      ---\\ Navigateurs Internet
      MSIE: Internet Explorer v11.0.9600.16518
      MFIE: Mozilla Firefox 27.0 (Defaut)
      GCIE: Google Chrome v32.0.1700.107

      ---\\ Informations sur les produits Windows
      ~ Langage: Français
      Windows Vista (TM) Ultimate, 64-bit Service Pack 1 (Build 6000)
      Windows Server License Manager Script : OK
      ~ Windows(R) 7, OEM_SLP channel
      System Locked Preinstallation (OEM_SLP) : OK
      Windows ID Activation : OK
      ~ Windows Partial Key : 8TFF7
      Windows License : OK
      ~ Windows Remaining Initializations Number : 3
      Software Protection Service (Protection logicielle) : OK
      Windows Automatic Updates : OK

      ---\\ Logiciels de protection du système
      avast! Free Antivirus v9.0.2013
      Malwarebytes Anti-Malware version 1.75.0.1300

      ---\\ Logiciels d'optimisation du système
      CCleaner v4.10 =>Piriform Ltd

      ---\\ Logiciels de partage PeerToPeer

      ---\\ Surveillance de Logiciels
      Adobe Flash Player 12 Plugin
      Adobe Reader XI
      Java 7 Update 17
      Java 7 Update 51

      ---\\ Informations sur le système
      ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
      ~ Operating System: 64 Bits
      Boot mode: Normal (Normal boot)
      Total RAM: 3939 MB (47% free)
      System Restore: Activé (Enable)
      System drive C: has 826 GB (93%) free of 880 GB

      ---\\ Mode de connexion au système
      ~ Computer Name: JEAN-PIERRE-PC
      ~ User Name: jean-pierre
      ~ All Users Names: jean-pierre, HomeGroupUser$, Administrateur,
      ~ Unselected Option: None
      Logged in as Administrator

      ---\\ Variables d'environnement
      ~ System Unit : C:\
      ~ %AppZHP% : C:\Users\jean-pierre\AppData\Roaming\ZHP\
      ~ %AppData% : C:\Users\jean-pierre\AppData\Roaming\
      ~ %Desktop% : C:\Users\jean-pierre\Desktop\
      ~ %Favorites% : C:\Users\jean-pierre\Favorites\
      ~ %LocalAppData% : C:\Users\jean-pierre\AppData\Local\
      ~ %StartMenu% : C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\
      ~ %Windir% : C:\Windows\
      ~ %System% : C:\Windows\System32\

      ---\\ Enumération des unités disques
      C: Hard drive, Flash drive, Thumb drive (Free 826 Go of 880 Go)
      D: Hard drive, Flash drive, Thumb drive (Free 15 Go of 50 Go)
      E: CD-ROM drive (Not Inserted)
      G: Floppy drive, Flash card reader, USB Key (Not Inserted)
      Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



      ---\\ Etat du Centre de Sécurité Windows
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
      ~ Security Center: 44 Legitimates Filtered in 00mn 00s



      ---\\ Recherche particulière de fichiers génériques
      [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
      [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
      [MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/02/2014 - 10:24:52.) -- C:\Windows\System32\wininet.dll [2334208]
      [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
      [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
      [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
      [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
      [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
      [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
      [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
      [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
      [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
      [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
      [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
      [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
      [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
      [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
      [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
      [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
      [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
      [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
      ~ Generic Processes: Scanned in 00mn 00s



      ---\\ Etat des fichiers cachés (Caché/Total)
      ~ Mes images (My Pictures) : 1/2016
      ~ Mes musiques (My Musics) : 1/53
      ~ Mes Videos (My Videos) : 1/95
      ~ Mes Favoris (My Favorites) : 1/135
      ~ Mes Documents (My Documents) : 3/2394
      ~ Mon Bureau (My Desktop) : 1/33
      ~ Menu demarrer (Programs) : 1/28
      ~ Hidden Files: Scanned in 00mn 02s



      ---\\ Processus lancés
      [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1820]
      [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.5084] =>Toolbar.Google
      [MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.4176]
      [MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.4760]
      [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4460]
      [MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.2604]
      [MD5.E287233EF87AA90FC9D4DD31575DF3DF] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5208]
      [MD5.4BDF29F145793074F9E370EFD10D54F4] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.6112]
      [MD5.00FCB1A620DAE030FBF2FD39C2F334CB] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe [1863048] [PID.5672]
      [MD5.516175BCB724F8501E7F8754C90ABB14] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8336384] [PID.1208]
      [MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1328]
      [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1864]
      [MD5.F2E8CEFC8CF4D6454F4121C5FF93136A] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [193696] [PID.1888]
      [MD5.6ADDB884025A0D1BCC3AD66E9FC57EFF] - (.Pas de propriétaire - DedicarzService.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe [1970544] [PID.1964]
      [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1264]
      [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1436]
      [MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2112]
      [MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.3036]
      [MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2632]
      [MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.3260]
      [MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3752]
      [MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.6824]
      [MD5.1584DEEAE5AA0E3FB045F3D0EAC585EA] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.5732]
      [MD5.FC43877B4625F6EB773C98233EB625C5] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.6636]
      ~ Processes Running: Scanned in 00mn 01s



      ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
      C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences
      G1 - GCS: Preference [User Data\Default] http://www.awesomehp.com =>PUP.Awesomehp
      G0 - GCSP: Preference [User Data\Default][HomePage] http://www.awesomehp.com =>PUP.Awesomehp
      G2 - GCE: Preference [User Data\Default] [ajakpekbmnkgnjbpajgkdhimcbeoocam] Savings Wizard v.1.0, (Activé)
      G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
      G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
      G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.0 (Activé)
      G2 - GCE: Preference [User Data\Default] [pkndmigholgfjlniaohblojbhgjbkakn] Lightning speedDial v.1.1.7, (Activé)
      ~ Google Browser: 18 Legitimates Filtered in 00mn 00s



      ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
      C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\nbjapirm.default\prefs.js
      C:\Users\jean-pierre\AppData\Roaming\Mozilla\Firefox\Profiles\xd1tkm86.default\prefs.js
      M2 - MFEP: prefs.js [jean-pierre - nbjapirm.default\{090AF4A1-CDA6-D91F-096A-378C214EE20C}] [] Savings Wizard v1.0 (..)
      ~ Firefox Browser: 13 Legitimates Filtered in 00mn 00s



      ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
      R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
      ~ IE Browser: 23 Legitimates Filtered in 00mn 00s



      ---\\ Internet Explorer, Proxy Management (R5)
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
      ~ Proxy management: Scanned in 00mn 00s



      ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
      F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
      F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
      F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
      ~ Keys: Scanned in 00mn 00s



      ---\\ Hosts file redirection (O1)
      O1 - Hosts: 54.204.28.26 ajakpekbmnkgnjbpajgkdhimcbeoocam
      ~ Hosts File: Scanned in 00mn 00s
      ~ Nombre de lignes (Lines number): 23



      ---\\ Internet Explorer Toolbars (O3)
      O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
      O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
      O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Bing Client Extensions.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll =>Toolbar.Bing
      O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
      O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
      ~ Toolbar: Scanned in 00mn 00s



      ---\\ Autres liens utilisateurs (O4)
      O4 - GS\Desktop [Public]: FlvPlayer.lnk . (...) -- C:\Program Files (x86)\FlvPlayer\FLVPlayerApp.exe (.not file.)
      O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
      O4 - GS\Desktop [Public]: Obtenir une assistance logicielle complète de Lexmark.LNK - Clé orpheline
      O4 - GS\Program [Public]: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation - Windows 7 Upgrade Advisor.) -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe
      O4 - GS\Program [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
      O4 - GS\Program [Public]: Home Cinema.lnk . (.CyberLink Corp. - CyberLink PowerStarter Main Program.) -- C:\Program Files (x86)\CyberLink\Media Suite\PS.exe
      O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
      O4 - GS\QuickLaunch [jean-pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
      O4 - GS\QuickLaunch [jean-pierre]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
      O4 - GS\TaskBar [jean-pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      O4 - GS\TaskBar [jean-pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
      O4 - GS\TaskBar [jean-pierre]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      O4 - GS\Program [jean-pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
      O4 - GS\SystemTools [jean-pierre]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
      ~ Global Startup: 74 Legitimates Filtered in 00mn 02s



      ---\\ Applications lancées au démarrage du sytème (O4)
      O4 - HKLM\..\RunOnce: [MedionReminder] . (.CyberLink - PowerRecover.) -- C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
      O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean-pierre\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
      O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
      O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
      O4 - HKCU\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\\KiesTrayAgent.exe =>.Samsung Electronics Co
      O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
      O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc
      O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
      O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
      O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
      O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean-pierre\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
      O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
      O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
      O4 - HKUS\S-1-5-21-3259216411-87914992-101164176-1001\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\\KiesTrayAgent.exe =>.Samsung Electronics Co
      ~ Application: Scanned in 00mn 00s



      ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
      O9 - Extra button: eBay.fr [64Bits] - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} . (...) -- C:\Program Files\Internet Explorer\Custom\eBay.ico =>Toolbar.eBay
      O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
      O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
      O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
      ~ IE Extra Buttons: Scanned in 00mn 00s



      ---\\ Modification Domaine/Adresses DNS (O17)
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CS1\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CS1\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CS2\Services\Tcpip\..\{8644234C-95A7-41DF-AFA3-30110ED8651A}: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CS2\Services\Tcpip\..\{F2A81608-1BE9-40C2-88FE-A03471EA26DC}: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      ~ Domain: Scanned in 00mn 00s



      ---\\ Protocole additionnel (O18)
      O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
      O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
      ~ Protocole Additionnel: Scanned in 00mn 00s



      ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
      O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
      ~ Winlogon: Scanned in 00mn 00s



      ---\\ Liste des services NT non Microsoft et non désactivés (O23)
      O23 - Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire - DedicarzService.) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
      O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      ~ Services: 17 Legitimates Filtered in 00mn 14s



      ---\\ Tâches planifiées en automatique (O39)
      [MD5.00000000000000000000000000000000] [APT] [PCRegistryShield_Popup] (...) -- C:\Program Files (x86)\PC Registry Shield\Splash.exe (.not file.) [0] =>Rogue.PCRegistryShield
      [MD5.00000000000000000000000000000000] [APT] [PCRegistryShield_Start] (...) -- C:\Program Files (x86)\PC Registry Shield\PcRegistryShield.exe (.not file.) [0] =>Rogue.PCRegistryShield
      ~ Scheduled Task: 33 Legitimates Filtered in 00mn 07s



      ---\\ Logiciels installés (O42)
      O42 - Logiciel: Firefox Packages - (...) [HKCU][64Bits] -- Firefox Packages
      O42 - Logiciel: Qtrax Music Downloader Packages - (...) [HKCU][64Bits] -- Qtrax Music Downloader Packages =>P2P.Qtrax
      ~ Logic: 22 Legitimates Filtered in 00mn 00s



      ---\\ HKCU & HKLM Software Keys
      [HKCU\Software\ForumerIT] =>Toolbar.Forumer
      [HKCU\Software\PCRegistryShieldLanguage]
      [HKCU\Software\UpdaterEX] =>PUP.Dealply
      [HKLM\Software\Wow6432Node\Savings Wizard]
      [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
      [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
      [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
      ~ Key Software: 285 Legitimates Filtered in 00mn 00s



      ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
      O43 - CFD: 10/02/2014 - 15:56:33 - [0] ----D C:\Program Files (x86)\PC Registry Shield =>Rogue.PCRegistryShield
      O43 - CFD: 14/02/2014 - 18:44:32 - [0] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
      O43 - CFD: 01/02/2014 - 20:07:58 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
      O43 - CFD: 15/06/2013 - 12:50:48 - [1,063] ----D C:\Users\jean-pierre\AppData\Roaming\0F0C1V0F1L1I1P0E2V2Z1C1T1R2Z1F1C
      O43 - CFD: 01/02/2014 - 19:58:38 - [1,063] ----D C:\Users\jean-pierre\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
      O43 - CFD: 14/02/2014 - 18:44:32 - [0] ----D C:\Users\jean-pierre\AppData\Local\genienext
      O43 - CFD: 09/02/2014 - 10:20:49 - [0] ----D C:\Users\jean-pierre\AppData\Local\PCRegistryShield
      O43 - CFD: 30/11/2011 - 21:43:55 - [0,001] ----D C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor
      ~ Program Folder: 198 Legitimates Filtered in 00mn 16s



      ---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
      O45 - LFCP:[MD5.2466615C78663531E5DDB788E3019402] - 12/02/2014 - 19:12:46 ---A- - C:\Windows\Prefetch\NIRCMD.DAT-D94FAB33.pf
      O45 - LFCP:[MD5.6389608DC40BBE133B35C3EC412D7434] - 12/02/2014 - 19:12:46 ---A- - C:\Windows\Prefetch\WGET.DAT-410B285D.pf
      O45 - LFCP:[MD5.70882D9E1642398E1A3825FACF138705] - 12/02/2014 - 19:13:47 ---A- - C:\Windows\Prefetch\WGET.DAT-AD59F08D.pf
      O45 - LFCP:[MD5.0B5C7F1B388769DDE85E2A3CCBBDBE3B] - 12/02/2014 - 19:13:55 ---A- - C:\Windows\Prefetch\JRT.EXE-B349F86E.pf
      O45 - LFCP:[MD5.2108B1E21671C90A36920AB12621323C] - 12/02/2014 - 19:17:38 ---A- - C:\Windows\Prefetch\SORT.EXE-522F521C.pf
      O45 - LFCP:[MD5.685F7017B8E8DA2F678324A7A8E86456] - 12/02/2014 - 19:17:39 ---A- - C:\Windows\Prefetch\FC.EXE-F6221E79.pf
      O45 - LFCP:[MD5.1ABC3797E3E7FE4034DA5115744FFF43] - 12/02/2014 - 19:18:09 ---A- - C:\Windows\Prefetch\CUT.DAT-85DBF066.pf
      O45 - LFCP:[MD5.A17116CE9F1F25841983B21D744937A6] - 12/02/2014 - 19:18:19 ---A- - C:\Windows\Prefetch\FIND.EXE-9AADDA11.pf
      O45 - LFCP:[MD5.6CD8BF03D2BD4EE57F92B40F1C6BB7FA] - 12/02/2014 - 19:19:14 ---A- - C:\Windows\Prefetch\SHORTCUT.DAT-7943285E.pf
      O45 - LFCP:[MD5.B168BEA683E69FEA87EA278BB69CC420] - 12/02/2014 - 19:19:21 ---A- - C:\Windows\Prefetch\SED.DAT-09522796.pf
      O45 - LFCP:[MD5.3F038B360D0D0FBA1E98C9A9F84CFA5A] - 12/02/2014 - 19:19:22 ---A- - C:\Windows\Prefetch\NIRCMD.DAT-7B96A063.pf
      O45 - LFCP:[MD5.65561F8AF719B842322AA2E68596510F] - 12/02/2014 - 20:13:33 ---A- - C:\Windows\Prefetch\REMINDER.EXE-41D2E779.pf
      O45 - LFCP:[MD5.68BA906D81F0A3FAE321DE10364F0A8F] - 13/02/2014 - 20:44:29 ---A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf
      O45 - LFCP:[MD5.FE10EDFE82482FAB1DFD1D03FC191B0C] - 14/02/2014 - 15:00:49 ---A- - C:\Windows\Prefetch\OLICENSEHEARTBEAT.EXE-3846C330.pf
      ~ Prefetcher: 141 Legitimates Filtered in 00mn 00s



      ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
      O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
      O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
      ~ MWPS: 18 Legitimates Filtered in 00mn 00s



      ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
      O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
      ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



      ---\\ Liste des pilotes du système (SDL) (O58)
      O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 26/11/2013 - 16:39:22 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
      O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 19/01/2014 - 22:06:28 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
      O58 - SDL:[MD5.FFCCD922F305B8CFBA8D99F65E35EDD7] - 22/12/2009 - 03:31:04 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\System32\Drivers\dgderdrv.sys [20568]
      O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
      O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
      O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
      O58 - SDL:[MD5.3C23BE0DAD748BAE77E87F18F34EBA0E] - 30/04/2013 - 09:51:09 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40616]
      O58 - SDL:[MD5.48D9D00C2E0E72C3D4F52772C80355F6] - 22/12/2009 - 03:31:26 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
      O58 - SDL:[MD5.4F63FF698DC72EC2EC0262427F8B53CB] - 22/12/2009 - 03:31:02 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136]
      O58 - SDL:[MD5.48D9D00C2E0E72C3D4F52772C80355F6] - 22/12/2009 - 03:31:26 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
      ~ Drivers: 18 Legitimates Filtered in 00mn 02s



      ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
      O61 - LFC: 14/02/2014 - 18:56:44 ---A- . (...) -- C:\Users\jean-pierre\AppData\Local\Google\Toolbar\broker_metrics.xml [10500]
      O61 - LFC: 14/02/2014 - 18:56:57 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\ZHP\Log.txt [125362] =>.Nicolas Coolman
      O61 - LFC: 14/02/2014 - 18:56:57 ---A- . (...) -- C:\Users\jean-pierre\AppData\Roaming\ZHP\TestsZHPDiag.txt [3041] =>.Nicolas Coolman
      ~ 1 Fichiers temporaires (Temporary files)
      ~ Files: 36 Legitimates Filtered in 00mn 22s



      ---\\ Liste des outils de désinfection (LATC) (O63)
      O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
      ~ ADS: Scanned in 00mn 00s



      ---\\ Menu de démarrage Internet (SMI) (O68)
      O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
      ~ Keys: Scanned in 00mn 00s



      ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
      O69 - SBI: SearchScopes [HKCU] 75ED7D0EB0BC4BB9B6C3732714C6D6EE - (Google) - https://www.google.com/?gws_rd=ssl
      O69 - SBI: SearchScopes [HKCU] F568FB0C2A354EF48EA23B30A741A761 - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
      O69 - SBI: SearchScopes [HKCU] Live Search - (Live Search) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
      O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
      O69 - SBI: SearchScopes [HKCU] {15040F32-1CFC-096C-3936-5162CE978470} - (Google) - https://www.google.com/?gws_rd=ssl
      O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
      ~ Keys: Scanned in 00mn 00s



      ---\\ Recherche particulière à la racine du système (SPRF) (O84)
      [MD5.FEC17D5FB09A03376D3AA204C65562A7] [SPRF][25/10/2013] (...) -- C:\Users\jean-pierre\Desktop\sqlite3.dll [362029]
      ~ Files: 1 Legitimates Filtered in 00mn 00s



      ---\\ Enumère les codes produits des logiciels (PUC) (O90)
      O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\Windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing
      ~ Update Products: 245 Legitimates Filtered in 00mn 00s



      ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
      ~ WIS: 250 Legitimates Filtered in 00mn 18s



      ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
      SS - | Demand 05/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      SS - | Demand 16/12/2013 247968 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
      SS - | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      SS - | Auto 17/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      SS - | Demand 17/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      SS - | Demand 23/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
      SS - | Demand 04/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
      SS - | Demand 11/11/2008 620544 | (ServiceLayer) . (.Nokia..) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
      SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
      SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

      SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      SR - | Auto 10/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      SR - | Auto 16/12/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
      SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
      SR - | Auto 17/10/2013 1970544 | (Dedicarz Service) . (...) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
      SR - | Auto 22/12/2009 117584 | (dgdersvc) . (.Devguru Co., Ltd..) - C:\Windows\system32\dgdersvc.exe
      SR - | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      SR - | Auto 11/03/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      SR - | Auto 14/04/2010 1052328 | (lxea_device) . (...) - C:\Windows\system32\lxeacoms.exe
      SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
      SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
      SR - | Auto 28/09/2011 25824 | (MemeoBackgroundService) . (.Memeo.) - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
      SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
      SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
      SR - | Auto 11/03/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
      SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

      ~ Services: Scanned in 00mn 19s



      ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
      Run by jean-pierre at 14/02/2014 18:57:43
      ~ OS 64 not supported by MBR tool

      ~ MBR: 0 Legitimates Filtered in 00mn 00s



      ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
      Written by ad13, http://ad13.geekstog
      Run by jean-pierre at 14/02/2014 18:57:46

      ********* Dump file Name *********
      C:\PhysicalDisk0_MBR.bin

      ~ MBR: Scanned in 00mn 02s



      ---\\ Scan Additionnel (O88)
      Database Version : 13031 - (12/02/2014)
      Clés trouvées (Keys found) : 5
      Valeurs trouvées (Values found) : 3
      Dossiers trouvés (Folders found) : 3
      Fichiers trouvés (Files found) : 6

      [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCRegistryShield_Popup] =>Rogue.PCRegistryShield^
      [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCRegistryShield_Start] =>Rogue.PCRegistryShield^
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Qtrax Music Downloader Packages] =>P2P.Qtrax^
      [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite] =>Adware.ScanQuery
      [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly
      [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
      [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
      C:\Program Files (x86)\PC Registry Shield =>Rogue.PCRegistryShield^
      C:\Program Files (x86)\SupTab =>PUP.SupTab^
      C:\ProgramData\WPM =>PUP.WpManager^
      C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
      [HKCU\Software\ForumerIT] =>Toolbar.Forumer^
      [HKCU\Software\UpdaterEX] =>PUP.Dealply^
      [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
      [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
      [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
      ~ Additionnel Scan: 245977 Items scanned in 00mn 44s



      ---\\ Récapitulatif des détections trouvées sur votre station
      ~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
      ~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
      ~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer
      ~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
      ~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
      ~ http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
      ~ http://nicolascoolman.webs.com/apps/blog/show/30990124-adware-scanquery =>Adware.ScanQuery
      ~ MSI: 7 link(s) detected in 00mn 44s



      ~ 1522 Legitimates filtered by white list
      End of the scan (535 lines in 02mn 59s)(0)
      0
  4. kingk06 Messages postés 10790 Statut Membre 536
     
    puis fais ceci =>

    Utilisation de l'outil ZHPFix :

    /!\Ce script est exclusivement réservé à l'utilisateur actuel du sujet, vous ne devez en aucun cas l'utiliser de votre propre chef sur un autre pc, sous risque d'endommager le système /!\

    => Copie tout le texte existant dans le fichier hébergé :
    <<< ouvre le fiches ICI >>> http://cjoint.com/data3/3BotBJ2zhpi.htm (Sélectionne-le, clique droit dessus et choisis "tout sélectionner").

    => Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.(icône seringue)
    (Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur)

    => Une fois ZHPFix ouvert

    => clique sur "importer" Vérifie bien que toutes les lignes se collent automatiquement dans ZHPFix. image ici

    clic sur "GO" en bas de page et confirme par oui pour lancer le nettoyage des données

    ==> laisse travailler l'outil et ne touche à rien ...

    ==> Si il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !

    le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt .

    ==> Copie/colle la totalité du rapport dans ta prochaine réponse.
    ==> : https://www.cjoint.com/ Copie le lien dans ta prochaine réponse.

    ( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt )

    Redémarre le PC et poste le rapport stp.

    tuto ici ==> ZHPFi

    ici tu a un tutorial en vidéo => https://www.youtube.com/watch?v=PgsbvafSLuI ou ici => Pour t'aider
    0
    1. alain3164 Messages postés 5 Statut Membre
       
      Bonsoir,

      Tu trouveras ci-dessous le dernier rapport. MERCI ENCORE POUR TON AIDE. : C'EST TRES SYMPA. JEAN PIERRE.

      Rapport de ZHPFix 2014.2.12.2 par Nicolas Coolman, Update du 12/02/2014
      Fichier d'export Registre :
      Run by jean-pierre at 15/02/2014 18:39:20
      High Elevated Privileges : OK
      Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

      Corbeille vidée (00mn 04s)
      Réparation des raccourcis navigateur

      ========== Processus mémoire ==========
      SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      SUPPRIMÉ: Memory Process: C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe

      ========== Clés du Registre ==========
      SUPPRIMÉ: HKCU\Software\UpdaterEX
      SUPPRIMÉ: HKLM\Software\Wow6432Node\Savings Wizard
      SUPPRIMÉ: HKLM\Software\Wow6432Node\Wpm
      SUPPRIMÉ: HKLM\Software\Wow6432Node\supTab
      SUPPRIMÉ: HKLM\Software\Wow6432Node\supWPM
      SUPPRIMÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
      SUPPRIMÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
      SUPPRIMÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Qtrax Music Downloader Packages
      SUPPRIMÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
      SUPPRIMÉ: [HKLM\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}]
      SUPPRIMÉ: Service: Bonjour Service
      SUPPRIMÉ:* CLSID Extra Buttons: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}
      SUPPRIMÉ: HKCU\Software\ForumerIT
      SUPPRIMÉ: [HKLM\Software\Classes\Installer\Products\\617DD6FF01B79624F991FF0BA74CDC59]
      SUPPRIMÉ: [HKLM\Software\Classes\Installer\Features\617DD6FF01B79624F991FF0BA74CDC59]
      SUPPRIMÉ: Service: BBUpdate
      SUPPRIMÉ: Service: BBSvc

      ========== Valeurs du Registre ==========
      SUPPRIMÉ RunValue: mobilegeni daemon
      SUPPRIMÉ MWPS Value: EnableUIADesktopToggle
      SUPPRIMÉ MWPS Value: FilterAdministratorToken
      SUPPRIMÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
      SUPPRIMÉ: Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f}
      SUPPRIMÉ RunValue: swg
      ProxyFix : Configuration proxy supprimée avec succès
      SUPPRIMÉ ProxyServer Value
      SUPPRIMÉ ProxyEnable Value
      SUPPRIMÉ EnableHttp1_1 Value
      SUPPRIMÉ ProxyHttp1.1 Value
      SUPPRIMÉ ProxyOverride Value
      Aucune Valeur Standard Profile: FirewallRaz :
      Aucune Valeur Domain Profile: FirewallRaz :
      SUPPRIMÉ: FirewallRaz (None) : {36834A2A-C42A-47B8-86E0-6EAB60FF5F9E}
      SUPPRIMÉ: FirewallRaz (None) : {3475A7CF-660D-49ED-8707-92818E19906B}

      ========== Eléments de donnée du Registre ==========
      SUPPRIMÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
      SUPPRIMÉ: R1 Search Page =
      REMPLACÉ Value NoActiveDesktopChanges : Good (0) - Bad (1)
      SUPPRIMÉ: R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy

      ========== Préférences navigateur ==========
      PRESENT Chrome File: C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences
      SUPPRIMÉ Chrome Site: http://www.awesomehp.com
      PRESENT Chrome File: C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences
      ABSENT Chrome Site: http://www.awesomehp.com
      SUPPRIMÉ Folder Chrome: C:\Users\jean-pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajakpekbmnkgnjbpajgkdhimcbeoocam

      ========== Dossiers ==========
      SUPPRIMÉ: C:\Users\jean-pierre\AppData\Local\{490CA552-A384-4C6F-89FA-44508AA467DC}
      SUPPRIMÉS Temporaires Windows (12)

      ========== Fichiers ==========
      SUPPRIMÉ: c:\users\jean-pierre\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk ((http://www.awesomehp.com/?type=sc&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN
      CRÉÉ: C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      SUPPRIMÉ: c:\users\jean-pierre\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk ((http://www.awesomehp.com/?type=sc&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN
      CRÉÉ: C:\Users\jean-pierre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
      SUPPRIMÉ: c:\users\jean-pierre\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk ((http://www.awesomehp.com/?type=sc&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN
      CRÉÉ: C:\Users\jean-pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
      SUPPRIMÉ: c:\users\jean-pierre\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk ((http://www.awesomehp.com/?type=sc&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN
      CRÉÉ: C:\Users\jean-pierre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
      SUPPRIMÉ: c:\users\public\desktop\mozilla firefox.lnk ((http://www.awesomehp.com/?type=sc&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN
      CRÉÉ: C:\Users\Public\Desktop\Mozilla Firefox.lnk
      SUPPRIMÉ: c:\programdata\microsoft\windows\start menu\programs\mozilla firefox.lnk ((http://www.awesomehp.com/?type=sc&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN
      CRÉÉ: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      SUPPRIMÉ: c:\users\jean-pierre\appdata\roaming\microsoft\internet explorer\quick launch\google chrome.lnk ((http://www.awesomehp.com/?type=sc&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN
      CRÉÉ: C:\Users\jean-pierre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
      SUPPRIMÉ: c:\programdata\microsoft\windows\start menu\programs\google chrome.lnk ((http://www.awesomehp.com/?type=sc&ts=1391281520&from=amt&uid=ST1000DM003-9YN162_W1D0LCYNXXXXW1D0LCYN
      CRÉÉ: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      SUPPRIMÉ: c:\users\jean-pierre\appdata\local\google\chrome\user data\default\preferences
      SUPPRIMÉ: c:\users\public\desktop\mozilla firefox.lnk (http://www.awesomehp.com)
      SUPPRIMÉ: c:\programdata\microsoft\windows\start menu\programs\google chrome.lnk (http://www.awesomehp.com)
      SUPPRIMÉ: c:\programdata\microsoft\windows\start menu\programs\mozilla firefox.lnk (http://www.awesomehp.com)
      SUPPRIMÉ: c:\users\jean-pierre\appdata\roaming\microsoft\internet explorer\quick launch\google chrome.lnk (http://www.awesomehp.com)
      SUPPRIMÉ: c:\users\jean-pierre\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://www.awesomehp.com)
      SUPPRIMÉ: c:\users\jean-pierre\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk (http://www.awesomehp.com)
      SUPPRIMÉ: c:\users\jean-pierre\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://www.awesomehp.com)
      SUPPRIMÉ: c:\users\jean-pierre\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk (http://www.awesomehp.com)
      SUPPRIMÉ Redémarrage: c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
      SUPPRIMÉ: c:\program files\internet explorer\custom\ebay.ico
      SUPPRIMÉ: c:\users\jean-pierre\appdata\local\google\toolbar\broker_metrics.xml
      SUPPRIMÉ: c:\users\public\desktop\flvplayer.lnk
      SUPPRIMÉS Flash Cookies (0) (0 octets)
      SUPPRIMÉS Temporaires Windows (7) (1 505 691 octets)

      ========== Fichier HOSTS ==========
      Le fichier Hosts n'est pas réparé, veuillez désactiver votre antivirus.

      ========== Tache planifiée ==========
      SUPPRIMÉ: PCRegistryShield_Popup
      SUPPRIMÉ: PCRegistryShield_Start
      SUPPRIMÉ: PCRegistryShield_Popup
      SUPPRIMÉ: PCRegistryShield_Start

      ========== Restauration Système ==========
      Point de restauration du système créé avec succès


      ========== Récapitulatif ==========
      2 : Processus mémoire
      17 : Clés du Registre
      16 : Valeurs du Registre
      4 : Eléments de donnée du Registre
      2 : Dossiers
      31 : Fichiers
      5 : Préférences navigateur
      1 : Fichier HOSTS
      4 : Tache planifiée
      1 : Restauration Système


      End of clean in 00mn 33s

      ========== Chemin de fichier rapport ==========
      C:\Users\jean-pierre\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25/10/2013 17:45:05 [36022]
      C:\Users\jean-pierre\AppData\Roaming\ZHP\ZHPFix[R2].txt - 15/02/2014 18:39:25 [8234]
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. kingk06 Messages postés 10790 Statut Membre 536
     
    Re,

    ok

    ==> As tu encore des soucis? - sinon on passe phase finale "Désinstallation des outils de désinfection" !
    0