liens + fenêtres indésirables, persistantes Fermé

Question

configuration: windows 7 pro

bonjours,

malgrés mes recherches sur les sujets résolus et mes nettoyages (: spybot+ malware en mode sans echec..+ antivirus "microsoft security essential" => résultat = no virus), mon ordinateur continue, quand je me connecte a internet de "laguer" bloquer, ou carrement de freeze, et de me spammer des fenetres et des liens en chaine.

à noter: ma seule protection activée et "microsoft security essential"..ce n' est peut-être pas suffisant.

je vous link le rapport zhp diag:
..............................................................................................
~ Rapport de ZHPDiag v2014.4.3.2 - Nicolas Coolman  (03.04.2014)
~ Lancé par Jean-Pierre (03.04.2014 14:48:39)
~ Adresse du Site Web  https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Désactivée par l'utilisateur
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16521
GCIE: Google Chrome v32.0.1700.102

---\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7TP9F
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\ Logiciels de protection du système
Microsoft Security Client v4.5.0216.0
Spybot - Search & Destroy v2.2.25
Windows Defender W7

---\ Logiciels d'optimisation du système
CCleaner v4.03  =>.Piriform Ltd

---\ Logiciels de partage PeerToPeer

---\ Surveillance de Logiciels
Adobe Flash Player 12 ActiveX
Adobe Reader XI
Java 7 Update 51

---\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3767.6 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 281 GB (60%) free of 466 GB

---\ Mode de connexion au système
~ Computer Name: JEAN-PIERRE-PC
~ User Name: Jean-Pierre
~ All Users Names: Jean-Pierre, HomeGroupUser$, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Jean-Pierre\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Jean-Pierre\AppData\Roaming\
~ %Desktop% : C:\Users\Jean-Pierre\Desktop\
~ %Favorites% : C:\Users\Jean-Pierre\Favorites\
~ %LocalAppData% : C:\Users\Jean-Pierre\AppData\Local\
~ %StartMenu% : C:\Users\Jean-Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 281 Go of 466 Go)
D: Hard drive, Flash drive, Thumb drive (Free 127 Go of 244 Go)
E: Hard drive, Flash drive, Thumb drive (Free 149 Go of 222 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)



---\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyDocs: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyMusic: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyPics: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center: 46 Scanned in 00mn 00s



---\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25.02.2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14.07.2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01.03.2014 - 04:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20.11.2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20.11.2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28.09.2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14.07.2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14.07.2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20.11.2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20.11.2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20.11.2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14.07.2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14.07.2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27.04.2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20.11.2010 - 10:23:20.) -- C:\Windows\system32\Drivers
etBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12.04.2013 - 15:45:08.) -- C:\Windows\system32\Drivers
tfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14.07.2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20.11.2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20.11.2010 - 12:06:41.) -- C:\Windows\system32\Driversdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14.07.2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20.11.2010 - 10:21:56.) -- C:\Windows\system32\Drivers	dx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25.02.2011 - 07:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes:  Scanned in 00mn 00s



---\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/368
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/116
~ Mes Documents (My Documents) : 3/99
~ Mon Bureau (My Desktop) : 1/270
~ Menu demarrer (Programs) : 1/36
~ Hidden Files:  Scanned in 00mn 00s



---\ Processus lancés
[MD5.B96D0EF94EEA9324DFFEA8C8E3130E2F] - (...) -- C:\Program Files (x86)\Pass-Widget-soft\PassWidget_wd.exe   [93696] [PID.1876]  =>PUP.PassWidget
[MD5.AF49D1C79EA49A7833017F290EE63B82] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe   [5624784] [PID.2196]
[MD5.3A3BEA53F039CE2E997A918E26E30B1D] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [808152] [PID.3924]
[MD5.CC02FE4520CA886508069245D9A6962F] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe   [222720] [PID.28664]
[MD5.E75DA1FAAFC9B69CCD0940F95C9D1CF7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8182272] [PID.32940]
[MD5.22BA7E3D7D6CBBE2D5171FA017BAA117] - (.Cherished Technololgy LIMITED - IePlugin Service.) -- C:\ProgramData\IePluginService\PluginService.exe   [508016] [PID.1276]  =>Trojan.SProtector
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe   [136176] [PID.1960]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65432] [PID.2544]
[MD5.5B7DE9D87B9D2713BDD6A53678DC2A49] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe   [166720] [PID.2700]
[MD5.EB2516CD1621D36296C4B236F903CF2A] - (...) -- C:\Program Files (x86)\Pass-Widget-soft\PassWidget157.exe   [196096] [PID.2788]  =>PUP.PassWidget
[MD5.A0937771070BF59468B4939DD0AE59FD] - (.PC Tools - StartMan Application.) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe   [793048] [PID.2824]
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe   [3921880] [PID.2876]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe   [1042272] [PID.2252]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe   [171416] [PID.2396]
[MD5.E70FD0D2C95F559A17321D831875593D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe   [277824] [PID.1568]
[MD5.C485FB802F6C4A306B8F89BA087E5CA2] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe   [365376] [PID.3976]
~ Processes Running:  Scanned in 00mn 00s



---\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Jean-Pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] https://www.google.com/?gws_rd=ssl  =>PUP.SweetPage
G0 - GCSP: Preference [User Data\Default][HomePage] http://securedsearch2.lavasoft.com

---\ Liste des dossiers d'extension Google Chrome

~ Google Lines Browser: 2 Scanned in 00mn 00s



---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.30214.0.) -- c:\Program Files\Microsoft Silverlight\5.1.30214.0
pctrl.dll
P2 - FPN: [HKCU] [@tnt2ghost.com/Plugin] - (.Findwide - npAPI Ghost Plugin.) -- C:\Users\Jean-Pierre\AppData\Local\TNT2\2.0.0.1746
pTNT2ghost.dll
P2 - FPN: [HKCU] [@tnt2npapi.com/Plugin] - (.Findwide - npAPI Plugin.) -- C:\Users\Jean-Pierre\AppData\Local\TNT2\2.0.0.1746
pTNT2.dll
~ Firefox Browser: 3 Scanned in 00mn 00s



---\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?gws_rd=ssl
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.google.com/?gws_rd=ssl
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/?gws_rd=ssl
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.findwide.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (11.00.9600.16428 (winblue_gdr.131013-1700)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 19 Scanned in 00mn 00s



---\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13828   =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\ Hosts file redirection (O1)
O1 - Hosts: 54.225.95.126 gpccbgnnmhlpdilognneiahbojndgchh
Votre fichier Hosts comporte 15518 adresses détournées
~ Hosts File:  Scanned in 00mn 03s
~ Nombre de lignes (Lines number): 15518



---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: shoepndrop [64Bits] - {1C7C2708-21FF-4C47-4F8A-E556CE62AB8C} . (...) -- C:\ProgramData\shoepndrop\1H.dll  =>PUP.ShopDrope
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll  =>PUP.SupTab
O2 - BHO: HtimlConverttor [64Bits] - {84213CB0-769E-3B91-90CD-7329CC666A50} . (...) -- C:\ProgramData\HtimlConverttor\ALDYY9g.dll
O2 - BHO: SeaRRch-NewTab [64Bits] - {B10D1F1D-AD23-5B06-E203-BFADCBCF0608} . (...) -- C:\Program Files (x86)\SeaRRch-NewTab\oBU.dll  =>Adware.FastSaveApp
O2 - BHO: SafewEb [64Bits] - {E14B5213-F1F3-336D-8FB1-294053C9F071} . (...) -- C:\Program Files (x86)\SafewEb\bI2fvJ7RM.dll  =>PUP.SafeWeb
O2 - BHO: SaveRPro [64Bits] - {784C359F-0EE2-AE23-10B9-6A967A217517} Clé orpheline
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll  =>Toolbar.Google
~ BHO: 12 Scanned in 00mn 00s



---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{D629FDE2-1C75-40B2-9B20-CE72D3A430AF} Clé orpheline
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll  =>Toolbar.Google
O3 - Toolbar: (no name) - [HKLM]{1D852BF5-42E4-4C18-9AD8-9FC0DBDFFC51} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{d1dac034-9fd9-4c13-a388-d2e10e57707f} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Deluge.lnk . (...)  -- C:\Program Files (x86)\Deluge\deluge.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe https://www.google.com/?gws_rd=ssl  =>PUP.SweetPage
O4 - GS\Desktop [Public]: Play League of Legends.lnk . (...)  -- C:\Riot Games\League of Legends\lol.launcher.exe
O4 - GS\Desktop [Public]: Skype.lnk . (...)  -- C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
O4 - GS\Desktop [Public]: VLC media player.lnk . (.VideoLAN - VLC media player 2.1.2.)  -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe   =>.VideoLAN
O4 - GS\Program [Public]: Adobe Reader XI.lnk . (...)  -- C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico 
O4 - GS\Program [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.)  -- C:\Windows\ehome\ehshell.exe   =>.Microsoft Corporation
O4 - GS\Program [Public]: Microsoft Security Essentials.lnk . (...)  -- C:\Program Files (x86)\Microsoft Security Client\msseces.exe (.not file.)
O4 - GS\Program [Public]: Sidebar.lnk . (.Microsoft Corporation - Gadgets du Bureau Windows.)  -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe   =>.Microsoft Corporation
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.)  -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe 
O4 - GS\Program [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Interface utilisateur de Mise à niveau expr.)  -- C:\Windows\system32\WindowsAnytimeUpgradeUI.exe 
O4 - GS\Program [Public]: Windows DVD Maker.lnk . (...)  -- C:\Program Files (x86)\DVD Maker\DVDMaker.exe (.not file.)
O4 - GS\Program [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe   =>.Microsoft Corporation
O4 - GS\Program [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe   =>.Microsoft Corporation
O4 - GS\Program [Public]: XPS Viewer.lnk . (.Microsoft Corporation - Visionneuse XPS.)  -- C:\Windows\system32\xpsrchvw.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.)  -- C:\Windows\system32\calc.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Afficher le commutateur.)  -- C:\Windows\system32\displayswitch.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Accessoire du panneau de saisie mathématiqu.)  -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Centre de mobilité Windows.)  -- C:\Windows\system32\mblctr.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: NetworkProjection.lnk . (.Microsoft Corporation - Connect to a Network Projector.)  -- C:\Windows\system32\NetProj.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.)  -- C:\Windows\system32\mspaint.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Connexion Bureau à distance.)  -- C:\Windows\system32\mstsc.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture.)  -- C:\Windows\system32\SnippingTool.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Magnétophone Windows.)  -- C:\Windows\system32\SoundRecorder.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Pense-bête.)  -- C:\Windows\system32\StikyNot.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.)  -- C:\Windows\System32\mobsync.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Mise en route.)  -- C:\Windows\system32\OobeFldr.dll   =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Application Windows Wordpad.)  -- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe   =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Table des caractères.)  -- C:\Windows\system32\charmap.exe   =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Défragmenteur de disque Microsoft®.)  -- C:\Windows\system32\dfrgui.exe   =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Gestionnaire de nettoyage de disque pour Wi.)  -- C:\Windows\system32\cleanmgr.exe   =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Moniteur de ressources et de performances.)  -- C:\Windows\system32\perfmon.exe   =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - Informations système.)  -- C:\Windows\system32\msinfo32.exe   =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Restauration du système de Microsoft® Windo.)  -- C:\Windows\system32strui.exe   =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...)  -- C:\Windows\system32	askschd.msc
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Application post-migration de transfert de.)  -- C:\Windows\system32\migwiz\postmig.exe   =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Application Transfert de fichiers et paramè.)  -- C:\Windows\system32\migwiz\migwiz.exe   =>.Microsoft Corporation
O4 - GS\QuickLaunch [Jean-Pierre]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.)  -- C:\Users\Jean-Pierre\AppData\Roaming\BitTorrent\BitTorrent.exe   =>P2P.BitTorrent
O4 - GS\QuickLaunch [Jean-Pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch [Jean-Pierre]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch [Jean-Pierre]: Upgrade to Paltalk Extreme.lnk - Clé orpheline
O4 - GS\TaskBar [Jean-Pierre]: ETEINDRE PC.lnk . (.Microsoft Corporation - Outil d'arrêt et d'annotation Windows.)  -- C:\WINDOWS\system32\shutdown.exe 
O4 - GS\TaskBar [Jean-Pierre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\TaskBar [Jean-Pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\TaskBar [Jean-Pierre]: Play League of Legends.lnk . (...)  -- C:\Riot Games\League of Legends\lol.launcher.exe
O4 - GS\TaskBar [Jean-Pierre]: REBOOTER PC.lnk . (.Microsoft Corporation - Outil d'arrêt et d'annotation Windows.)  -- C:\WINDOWS\system32\shutdown.exe 
O4 - GS\TaskBar [Jean-Pierre]: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe   =>.Microsoft Corporation
O4 - GS\TaskBar [Jean-Pierre]: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe   =>.Microsoft Corporation
O4 - GS\Program [Jean-Pierre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Program [Jean-Pierre]: Spotify.lnk . (.Spotify Ltd - Spotify.)  -- C:\Users\Jean-Pierre\AppData\Roaming\Spotify\spotify.exe 
O4 - GS\Accessories [Jean-Pierre]: Command Prompt.lnk . (.Microsoft Corporation - Interpréteur de commandes Windows.)  -- C:\Windows\system32\cmd.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Jean-Pierre]: Notepad.lnk . (.Microsoft Corporation - Bloc-notes.)  -- C:\Windows\system32
otepad.exe   =>.Microsoft Corporation
O4 - GS\Accessories [Jean-Pierre]: Run.lnk - Clé orpheline
O4 - GS\Accessories [Jean-Pierre]: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe   =>.Microsoft Corporation
O4 - GS\SystemTools [Jean-Pierre]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\SystemTools [Jean-Pierre]: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe   =>.Microsoft Corporation
O4 - GS\SendTo [Jean-Pierre]: Skype.lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - GS\Desktop [Jean-Pierre]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.)  -- C:\Users\Jean-Pierre\AppData\Roaming\BitTorrent\BitTorrent.exe   =>P2P.BitTorrent
O4 - GS\Desktop [Jean-Pierre]: Microsoft Office 2007.lnk . (...)  -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 
O4 - GS\Desktop [Jean-Pierre]: Spotify.lnk . (.Spotify Ltd - Spotify.)  -- C:\Users\Jean-Pierre\AppData\Roaming\Spotify\spotify.exe 
O4 - GS\Desktop [Jean-Pierre]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.)  -- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe   =>.Nicolas Coolman
O4 - GS\Desktop [Jean-Pierre]: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.)  -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe   =>.Nicolas Coolman
~ Global Startup: 62 Scanned in 00mn 05s



---\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe   =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe 
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll 
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
~ Application:  Scanned in 00mn 00s



---\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32
apinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll  =>.Microsoft Corporation
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll  =>.Microsoft Corporation
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll  =>.Microsoft Corporation
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Winsock: 8 Scanned in 00mn 00s



---\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2EEF405-7400-491A-9168-1C04241522BB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2EEF405-7400-491A-9168-1C04241522BB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C2EEF405-7400-491A-9168-1C04241522BB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll  =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s



---\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Browser System Enahncer (671c50b0) . (...) - c:\progra~3\browser system enahncer\browsersystemenahncerSvc.dll (.not file.)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: SW-Sustainer (d0e87c27) . (...) - C:\Program Files (x86)\sw-booster\assistantSvc.dll (.not file.)
O23 - Service: Speed Streamer (d458591c) . (...) - c:\progra~3\speed streamer\speedstreamerSvc.dll (.not file.)
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  =>.Google Inc
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe  =>Trojan.SProtector
O23 - Service: Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: PassWidget (PassWidget) . (...) - C:\Program Files (x86)\Pass-Widget-soft\PassWidget157.exe  =>PUP.PassWidget
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) . (.PC Tools - StartMan Application.) - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Software Updater (SrvUpdater) . (.Pas de propriétaire - Updater.) - C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe  =>PUP.Eorezo
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 14 Scanned in 00mn 03s



---\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) -  (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s



---\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sdnclean64.exe) - File not found
~ BEX: 2 Scanned in 00mn 00s



---\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\Adobe Flash Player Updater.job   [1002]
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\bench-S-1-5-21-2732167015-1485579317-3881261573-1000.job   [356]  =>PUP.GiganticSavings
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job   [1074]
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job   [1078]
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\PassWidget Update.job   [412]  =>PUP.PassWidget
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\PassWidget_wd.job   [412]  =>PUP.PassWidget
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\RMSchedule.job   [280]
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\SW-Booster-S-5121721648.job   [452]
[MD5.9D96B0D5855FD1B98023B3EEC9F06786] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe   [257928]
[MD5.00000000000000000000000000000000] [APT] [bench-S-1-5-21-2732167015-1485579317-3881261573-1000] (...) -- C:\Program Files (x86)\Bench\Updater\Updater.exe (.not file.)   [0]  =>PUP.GiganticSavings
[MD5.4999625054FFA2AFFCAFD085C1218307] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe   [3611416]  =>.Piriform Ltd
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe   [136176]
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe   [136176]
[MD5.D202A33D8E8D6893D845854D40E83A90] [APT] [PassWidget Update] (...) -- C:\Program Files (x86)\Pass-Widget-soft\passw.exe   [321024]  =>PUP.PassWidget
[MD5.B96D0EF94EEA9324DFFEA8C8E3130E2F] [APT] [PassWidget_wd] (...) -- C:\Program Files (x86)\Pass-Widget-soft\PassWidget_wd.exe   [93696]  =>PUP.PassWidget
[MD5.00000000000000000000000000000000] [APT] [RMSchedule] (...) -- C:\Program Files (x86)\Registry Mechanic\RegMech.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [RMSmartUpdate] (...) -- C:\Program Files (x86)\Registry Mechanic\update.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [SW-Booster-S-5121721648] (...) -- c:\programdata\snowapp\sw-booster\SW-Booster.exe (.not file.)   [0]
[MD5.BB5F70AB5B8AF42878FFE1C5784F6D67] [APT] [{16D6144D-6E9E-440B-A4B0-582AAA3D8EEF}] (.Nicolas Coolman.) -- C:\Users\Jean-Pierre\Downloads\ZHPDiag2.exe   [6863561]
[MD5.00000000000000000000000000000000] [APT] [{499072C4-9201-4168-8B27-966FC8A4206B}] (...) -- C:\Users\Jean-Pierre\Desktop\PIRATRAX\piratrax-free-setup.exe (.not file.)   [0]
[MD5.C155A13687144076286989EF078112C2] [APT] [{65E71BB7-3900-4DC1-BF51-9FD665C3980E}] (.Nicolas Coolman.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe   [1917440]
[MD5.C155A13687144076286989EF078112C2] [APT] [{C4923667-9E30-45E4-8FA1-0EC1C8995B99}] (.Nicolas Coolman.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe   [1917440]
[MD5.BB5F70AB5B8AF42878FFE1C5784F6D67] [APT] [{CA197B53-7595-4832-8882-D7652407CB8D}] (.Nicolas Coolman.) -- C:\Users\Jean-Pierre\Downloads\ZHPDiag2.exe   [6863561]
[MD5.00000000000000000000000000000000] [APT] [{CBD13ADA-E55E-4391-8965-C788DBBC9E3F}] (...) -- C:\Users\Jean-Pierre\AppData\Roaming\sweet-page\UninstallManager.exe (.not file.)   [0]  =>PUP.SweetPage
[MD5.0074AFB0570FC1A6AC9771D0133DF44A] [APT] [Check for updates] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe   [3907304]
[MD5.DF474E01CFC5F28CA952B0DBD6B132A9] [APT] [Refresh immunization] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe   [3633312]
[MD5.CDEB46FE688F062D3033209B29755203] [APT] [Scan the system] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe   [3885120]
~ Scheduled Task: 30 Scanned in 00mn 06s



---\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll  =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll  =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32	hemeui.dll
O40 - ASIC: Internet Explorer [64Bits] - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe  =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe  =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll  =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Active Setup: 10 Scanned in 00mn 00s



---\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver:  (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver:  (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS
etbios.sys
O41 - Driver: C:\Windows\System32\drivers
etbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS
etbt.sys
O41 - Driver: C:\Windows\System32\drivers
siproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers
siproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERSdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\driversdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\driversdprefmp.sys
O41 - Driver:  (Serial) . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\System32	cpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS	dx.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers	ermdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\System32ascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver:  (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
~ Drivers: 63 Scanned in 00mn 00s



---\ Logiciels installés (O42)
O42 - Logiciel: AMD APP SDK Runtime - (.Advanced Micro Devices Inc..) [HKLM][64Bits] -- {503F672D-6C84-448A-8F8F-4BC35AC83441}
O42 - Logiciel: AMD Catalyst Install Manager - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {914F7627-B645-9895-F723-BAEAAC865E75}
O42 - Logiciel: ASUS Product Register Program - (.ASUS.) [HKLM][64Bits] -- {49BE9B8A-E858-4533-A74A-64306C13DB59}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {A0087DDE-69D0-11E2-AD57-43CA6188709B}
O42 - Logiciel: Adobe Flash Player 12 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader XI (11.0.06) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Auslogics Disk Defrag - (.Auslogics Software Pty Ltd.) [HKLM][64Bits] -- {DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
O42 - Logiciel: BitTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- BitTorrent  =>P2P.BitTorrent
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner  =>.Piriform Ltd
O42 - Logiciel: Deluge 1.3.6 - (...) [HKLM][64Bits] -- Deluge
O42 - Logiciel: EPSON SX430 Series Printer Uninstall - (.SEIKO EPSON Corporation.) [HKLM][64Bits] -- EPSON SX430 Series
O42 - Logiciel: FindWide.com - (.FindWide.com.) [HKCU][64Bits] -- {99F01EC8-1029-4F78-A892-6CF0A5ACC496}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}  =>Toolbar.Google
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}  =>Toolbar.Google
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HtimlConverttor - (.HHtMlConveurtor.) [HKLM][64Bits] -- {98275A18-3FCB-AD3A-81AC-E29858C2ED53}
O42 - Logiciel: IePluginService12.27.0.3326 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- IePlugins  =>Trojan.SProtector
O42 - Logiciel: Intel(R) Control Center - (.Intel Corporation.) [HKLM][64Bits] -- {F8A9085D-4C7A-41a9-8A77-C8998A96C421}
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Intel(R) SDK for OpenCL - CPU Only Runtime Package - (.Intel Corporation.) [HKLM][64Bits] -- {FCB3772C-B7D0-4933-B1A9-3707EBACC573}
O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] -- {977D1ABF-4089-4CA7-BA33-CC75808B7ACE}
O42 - Logiciel: Java 7 Update 51 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217025FF}
O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM][64Bits] -- League of Legends 3.0.1
O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM][64Bits] -- {3E75652D-99B1-417E-B163-BEF33CAD3F16}
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM][64Bits] -- {BFAE8D5B-F918-486F-B74E-90762DF11C5C}
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Security Client
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: PassWidget - (.PassWidget Software.) [HKLM][64Bits] -- 79f4bfb4-b06a-4e49-a046-ca1b8f831900  =>PUP.PassWidget
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Revo Uninstaller 1.92 - (.VS Revo Group.) [HKLM][64Bits] -- Revo Uninstaller
O42 - Logiciel: SafewEb - (.sAfeweBB.) [HKLM][64Bits] -- {497C131E-2032-051B-B32A-C69A960FBB13}  =>PUP.SafeWeb
O42 - Logiciel: SaveRPro - (.SaverPro.) [HKLM][64Bits] -- {94851E46-5E5B-DD67-2593-709E8D27DC4C}
O42 - Logiciel: Skype(TM) 6.14 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
O42 - Logiciel: SoftwareUpdater - (...) [HKLM][64Bits] -- SoftwareUpdater  =>PUP.Eorezo
O42 - Logiciel: SpeedUpMyComputer - (.SmartTweak Software.) [HKLM][64Bits] -- SpeedUpMyComputer  =>PUP.SpeedUpMyComputer
O42 - Logiciel: Spotify - (.Spotify AB.) [HKCU][64Bits] -- Spotify
O42 - Logiciel: Spybot - Search & Destroy - (.Safer-Networking Ltd..) [HKLM][64Bits] -- {B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] -- {048298C9-A4D3-490B-9FF9-AB023A9238F3}
O42 - Logiciel: SupTab - (...) [HKLM][64Bits] -- SupTab  =>PUP.SupTab
O42 - Logiciel: VLC media player 2.1.2 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player  =>.VideoLAN
O42 - Logiciel: WinRAR 4.20 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: YoutubeAdblocker - (.YoutubeAdblocker.) [HKLM][64Bits] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507}  =>PUP.TubeAdBlocker
O42 - Logiciel: shoepndrop - (.shopnddrOp.) [HKLM][64Bits] -- {7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}  =>PUP.ShopDrope
~ Logic: 47 Scanned in 00mn 00s



---\ HKCU & HKLM Software Keys
[HKCU\Software\APNDTX]
[HKCU\Software\ASUS]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow\Software\PassWidget]  =>PUP.PassWidget
[HKCU\Software\AppDataLow\Software\adawarebp]
[HKCU\Software\AppDataLow\Software\ilividmoviestoolbar181]  =>Adware.Bandoo
[HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}]
[HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}]
[HKCU\Software\AppDataLow]
[HKCU\Software\Auslogics]
[HKCU\Software\Beyersdorf]
[HKCU\Software\BugSplat]
[HKCU\Software\ClassesB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Digital River]
[HKCU\Software\EPSON]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lavalys]
[HKCU\Software\LogiShrd]
[HKCU\Software\Logitech]
[HKCU\Software\LowRegistry]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\PCTools]
[HKCU\Software\Paltalk]
[HKCU\Software\ParetoLogic]  =>PUP.Paretologic
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\RegisteredApplicationsEx]  =>PUP.SfKpCouponApp
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Skype]
[HKCU\Software\TNT2]
[HKCU\Software\TeleCharger]
[HKCU\Software\Trolltech]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\Valve]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\ilividmoviestoolbar181]  =>Adware.Bandoo
[HKCU\Software\kde.org]
[HKCU\Software\pth264]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\BrowserChoice]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DTS]
[HKLM\Software\Dolby]
[HKLM\Software\EPSON]
[HKLM\Software\Google]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Knowles]
[HKLM\Software\Logishrd]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\PCTools]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\SonicFocus]
[HKLM\Software\Sonic]
[HKLM\Software\Waves Audio]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node\ASUS]
[HKLM\Software\Wow6432Node\ATI Technologies]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\AdwCleaner]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\EPSON]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\IM Providers]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\JavaSoft]
[HKLM\Software\Wow6432Node\JreMetrics]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\Licenses]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Wow6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\Wow6432Node\MediaPlayerV1]
[HKLM\Software\Wow6432Node\MediaPlayerV1alpha171]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\OKitSpace]  =>PUP.Onekit
[HKLM\Software\Wow6432Node\PCTools]
[HKLM\Software\Wow6432Node\ParetoLogic]  =>PUP.Paretologic
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\Wow6432Node\Realtek]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\Riot Games]
[HKLM\Software\Wow6432Node\SW-Booster]
[HKLM\Software\Wow6432Node\Safer Networking Limited]
[HKLM\Software\Wow6432Node\Skype]
[HKLM\Software\Wow6432Node\Valve]
[HKLM\Software\Wow6432Node\Video Player]
[HKLM\Software\Wow6432Node\VideoLAN]
[HKLM\Software\Wow6432Node\VideoPlayerV3]
[HKLM\Software\Wow6432Node\Vittalia]  =>Adware.Vittalia
[HKLM\Software\Wow6432Node\Volatile]
[HKLM\Software\Wow6432Node\Wpm]  =>PUP.WpManager
[HKLM\Software\Wow6432Node\iRobinHoodInstall]  =>Toolbar.iRobinHood
[HKLM\Software\Wow6432Node\supTab]  =>PUP.SupTab
[HKLM\Software\Wow6432Node\sweet-pageSoftware]  =>PUP.SweetPage
[HKLM\Software\Wow6432Node]
[HKLM\Software\ZSMC]
~ Key Software: 227 Scanned in 00mn 00s



---\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28.06.2013 - 17:14:11 - [121.023] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 28.06.2013 - 18:04:49 - [2.145] ----D C:\Program Files (x86)\AMD APP
O43 - CFD: 27.06.2013 - 19:09:15 - [3.224] ----D C:\Program Files (x86)\ASUS
O43 - CFD: 28.06.2013 - 14:12:42 - [8.967] ----D C:\Program Files (x86)\Auslogics
O43 - CFD: 02.04.2014 - 07:48:51 - [384.074] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 08.01.2014 - 12:16:25 - [42.597] ----D C:\Program Files (x86)\Deluge
O43 - CFD: 08.07.2013 - 21:56:57 - [493.484] ----D C:\Program Files (x86)\Google
O43 - CFD: 08.02.2014 - 10:00:44 - [9.529] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 28.06.2013 - 10:21:22 - [196.996] ----D C:\Program Files (x86)\Intel
O43 - CFD: 13.03.2014 - 04:19:53 - [9.681] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 02.04.2014 - 06:29:54 - [0] ----D C:\Program Files (x86)\iRobinHood  =>Toolbar.iRobinHood
O43 - CFD: 18.01.2014 - 08:42:50 - [121.317] ----D C:\Program Files (x86)\Java
O43 - CFD: 02.04.2014 - 06:42:11 - [0] ----D C:\Program Files (x86)\Lavasoft
O43 - CFD: 03.07.2013 - 10:15:13 - [0] ----D C:\Program Files (x86)\Microsoft
O43 - CFD: 03.07.2013 - 10:39:45 - [561.100] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 03.04.2014 - 03:00:50 - [1.485] ----D C:\Program Files (x86)\Microsoft Security Client
O43 - CFD: 13.03.2014 - 04:21:01 - [40.879] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 28.06.2013 - 14:07:58 - [0.014] ----D C:\Program Files (x86)\Microsoft Visual Studio
O43 - CFD: 28.06.2013 - 14:06:15 - [1.323] ----D C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 01.07.2013 - 13:35:02 - [3.554] ----D C:\Program Files (x86)\Microsoft Works
O43 - CFD: 28.06.2013 - 14:07:47 - [7.797] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 28.06.2013 - 14:08:01 - [0.025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 03.04.2014 - 12:17:51 - [0] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 14.03.2014 - 03:11:47 - [1.389] ----D C:\Program Files (x86)\Pass-Widget-soft  =>PUP.PassWidget
O43 - CFD: 27.06.2013 - 19:05:30 - [6.035] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 14.07.2009 - 07:32:38 - [37.357] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 14.03.2014 - 02:51:42 - [0.862] ----D C:\Program Files (x86)\SafewEb  =>PUP.SafeWeb
O43 - CFD: 14.03.2014 - 02:53:27 - [0.862] ----D C:\Program Files (x86)\SeaRRch-NewTab  =>Adware.FastSaveApp
O43 - CFD: 02.12.2013 - 23:26:37 - [0] ----D C:\Program Files (x86)\SecretSauce  =>Adware.SecretSauce
O43 - CFD: 03.03.2014 - 18:34:18 - [23.259] R---D C:\Program Files (x86)\Skype
O43 - CFD: 14.01.2014 - 15:32:14 - [2.018] ----D C:\Program Files (x86)\SmartTweak
O43 - CFD: 14.03.2014 - 03:12:15 - [0.563] ----D C:\Program Files (x86)\SoftwareUpdater  =>PUP.Eorezo
O43 - CFD: 30.03.2014 - 13:05:33 - [262.133] ----D C:\Program Files (x86)\Spybot - Search & Destroy 2
O43 - CFD: 14.03.2014 - 03:12:27 - [2.359] ----D C:\Program Files (x86)\SupTab  =>PUP.SupTab
O43 - CFD: 31.03.2014 - 12:09:50 - [0] ----D C:\Program Files (x86)\SW-Booster
O43 - CFD: 27.06.2013 - 19:02:30 - [0] --H-D C:\Program Files (x86)\Temp
O43 - CFD: 08.01.2014 - 12:12:18 - [0.795] ----D C:\Program Files (x86)\TNT2
O43 - CFD: 14.07.2009 - 06:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 10.01.2014 - 11:21:17 - [98.590] ----D C:\Program Files (x86)\VideoLAN
O43 - CFD: 28.06.2013 - 14:12:16 - [6.497] ----D C:\Program Files (x86)\VS Revo Group
O43 - CFD: 11.07.2013 - 07:03:08 - [0.500] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 29.06.2013 - 20:16:11 - [5.895] ----D C:\Program Files (x86)\Windows Mail  =>.Microsoft Corporation
O43 - CFD: 12.12.2013 - 04:31:14 - [4.791] ----D C:\Program Fil

billmaxime · Answer

salut

désinstalle spybot, il est obsolète et gène les outils de désinfection

ensuite, fait ceci et poste le rapport

télécharge adwcleaner sur ton bureau 

le lien http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner 

utlisateurs vista-w7-w8 exécuter en tant qu'administrateur (clic droit) 

clique sur Scanner puis patiente le temps du scan 

une fois le scan terminé clique sur le bouton Nettoyer 

clique sur rapport pour qu'il s'affiche sur ton bureau 

le rapport est aussi sauvegarder dans C:\AdwCleaner[S0].txt 

poste le rapport via 1 copier/coller 

merci

@+

fantazero444 · Answer

# AdwCleaner v3.023 - Rapport créé le 03/04/2014 à 15:54:36
# Mis à jour le 01/04/2014 par Xplode
# Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)
# Nom d'utilisateur : Jean-Pierre - JEAN-PIERRE-PC
# Exécuté depuis : C:\Users\Jean-Pierre\Downloads\adwcleaner (1).exe
# Option : Nettoyer

***** [ Services ] *****

[#] Service Supprimé : 671c50b0
Service Supprimé : IePluginService
Service Supprimé : SrvUpdater

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\Browser System Enahncer
Dossier Supprimé : C:\ProgramData\IePluginService
Dossier Supprimé : C:\ProgramData\ParetoLogic
Dossier Supprimé : C:\ProgramData\YoutubeAdblocker
Dossier Supprimé : C:\ProgramData\SeaRRch-NewTab
/!\ Non Supprimé ( Junction ) : C:\ProgramData\SeaRRch-NewTab
/!\ Non Supprimé ( Junction ) : C:\ProgramData\YoutubeAdblocker
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Dossier Supprimé : C:\Program Files (x86)\iRobinHood
Dossier Supprimé : C:\Program Files (x86)\SoftwareUpdater
Dossier Supprimé : C:\Program Files (x86)\SupTab
Dossier Supprimé : C:\Program Files (x86)\SeaRRch-NewTab
Dossier Supprimé : C:\Users\Jean-Pierre\AppData\Local	orch
Dossier Supprimé : C:\Users\Jean-Pierre\AppData\LocalLow\iRobinHood
Dossier Supprimé : C:\Users\Jean-Pierre\AppData\Roaming\DriverCure
Dossier Supprimé : C:\Users\Jean-Pierre\AppData\Roaming\ParetoLogic
Dossier Supprimé : C:\Users\Jean-Pierre\AppData\Roaming\SupTab
Dossier Supprimé : C:\Users\Jean-Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Fichier Supprimé : C:\Users\Jean-Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Fichier Supprimé : C:\Windows\Tasks\PassWidget Update.job
Fichier Supprimé : C:\Windows\System32\Tasks\PassWidget Update

***** [ Raccourcis ] *****

Raccourci Désinfecté : C:\Users\Public\Desktop\Google Chrome.lnk
Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Clé Supprimée : HKCU\Software\ParetoLogic
Clé Supprimée : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Clé Supprimée : HKCU\Software\AppDataLow\Software\PassWidget
Clé Supprimée : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clé Supprimée : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Clé Supprimée : HKLM\Software\ParetoLogic
Clé Supprimée : HKLM\Software\SoftwareUpdater
Clé Supprimée : HKLM\Software\supTab
Clé Supprimée : HKLM\Software\sweet-pageSoftware
Clé Supprimée : HKLM\Software\Vittalia
Clé Supprimée : HKLM\Software\Wpm
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\supTab
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Navigateurs ] *****

-\ Internet Explorer v11.0.9600.16521


-\ Mozilla Firefox v

[ Fichier : C:\Users\Jean-Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

Ligne Supprimée : user_pref("browser.startup.homepage", "hxxp://websearch.searchsun.info/?pid=724&r=2014/03/14&hid=3801706527682394718&lg=EN&cc=CH");
Ligne Supprimée : user_pref("browser.search.order.1", "WebSearch");
Ligne Supprimée : user_pref("browser.search.defaultenginename", "WebSearch");
Ligne Supprimée : user_pref("browser.search.selectedEngine", "WebSearch");
Ligne Supprimée : user_pref("browser.search.order.1,S", "WebSearch");
Ligne Supprimée : user_pref("browser.search.defaultenginename,S", "WebSearch");
Ligne Supprimée : user_pref("browser.search.selectedEngine,S", "WebSearch");
Ligne Supprimée : user_pref("keyword.URL", "hxxp://websearch.searchsun.info/?pid=724&r=2014/03/14&hid=3801706527682394718&lg=EN&cc=CH&l=1&q=");
Ligne Supprimée : user_pref("browser.search.defaulturl", "hxxp://websearch.searchsun.info/?pid=724&r=2014/03/14&hid=3801706527682394718&lg=EN&cc=CH&l=1&q=");

-\ Google Chrome v32.0.1700.102

[ Fichier : C:\Users\Jean-Pierre\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [39328 octets] - [23/02/2014 16:18:14]
AdwCleaner[R1].txt - [6731 octets] - [03/04/2014 15:53:06]
AdwCleaner[S0].txt - [30173 octets] - [23/02/2014 16:19:12]
AdwCleaner[S1].txt - [6018 octets] - [03/04/2014 15:54:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6078 octets] ##########

billmaxime · Answer

re

ok, relance adwcleaner et choisis "désinstaller" 

ensuite, fait ceci et poste le rapport via ce lien https://www.cjoint.com/

http://www.sosvirus.net/canned-speech-shortcut-module-t613.html

merci

@+

fantazero444 · Answer

voila si j' ai bien compris, tu peux consulter le rapport sur ce lien :
http://upload.sosvirus.net/uploadme.php
merci.

billmaxime · Answer

re

le rapport n'est pas dans ton lien, poste le rapport via ce lien https://www.cjoint.com/

le tuto de cjoint http://www.forum-entraide-informatique.com/support/cjoint-com-tutoriel-t2939.html

merci

@+

fantazero444 · Answer

oui, mon lien n' est pas bon, voila le lien ou le rapport est consultable:

http://cjoint.com/14av/DDdttLKWBbz_shortcut_module_03_04_2014_17_13_07.txt

merci

billmaxime · Answer

re

ok, refais moi 1 zhpdiag comme sur l'image et poste le rapport via ce lien https://www.cjoint.com/

aide en image >> clique ici

merci

@+

fantazero444 · Answer

voila le lien: 
http://cjoint.com/14av/DDduqESM3li.htm

fantazero444 · Answer

dsl je refais un scan comme indiqué

fantazero444 · Answer

voila le rapport correct:
https://www.cjoint.com/?DDdu4u5V2xA

billmaxime · Answer

re

chrome n'est pas a jour, met le a jour

https://support.google.com/chrome/answer/95414?hl=fr
===================================================

ensuite, fait ceci et poste le rapport

copie tout le texte depuis ce lien https://www.cjoint.com/?DDeoGxkH83N

lance zhpfix en tant qu'administrateur (clic droit) 

clique sur importer et le texte s'affichera dans la fenêtre qui s'ouvre 

clic sur GO en bas de page et confirme par OUI  pour 

lancer le nettoyage des données 

le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt 

poste le rapport via ce lien https://www.cjoint.com/ 

merci

@+

fantazero444 · Answer

la je coince,

je n' arrive pas a mettre les mises a jour chrome.


dans le menus chrome, je clik sur a propos de Google chrome et j' arrive sur une page avec ce message:

-"l' administrateur a desactivé les mises a jour"

fantazero444 · Answer

j' ai réinitialisé les parametres, mais sans résultats, je reagrde une solution sur ce lien:
https://forums.commentcamarche.net/forum/affich-29216929-mise-a-jour-de-google-chrome-impossible

billmaxime · Answer

re

fait la manipulation avec ZHPFIX et poste le rapport
================================================

ensuite, fait ceci et poste le rapport  

http://sosvirus.net/viewtopic.php?f=281&t=594

merci

@+

billmaxime · Answer

re

pour les mises a jour de chrome, tu regarderas ceci

Il y a une page d'aide officielle Google sur ce sujet :
https://support.google.com/chrome/a/answer/187207?hl=fr&topic=2936229&ctx=topic

Il faut passer par la base de registre, et modifier une valeur :
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\UpdateDefault sur la valeur (chaîne) REG_SZ  il faut changer 0 en 1

PLus d'infos sur regedit ici pour modifier les clés de registre :
https://www.journaldunet.com/web-tech/developpeur/1004512-comment-manipuler-la-base-de-registre-windows/

@+ 
 
le taux de radiation est plus élevé au pôle emploi qu'à Tchernobyl

fantazero444 · Answer

voila le rapport zhpdiag (complet) :

http://cjoint.com/14av/DDerug3HBAi.htm

je fais la suite

billmaxime · Answer

re

c'est ZHPFIX que je t'ai demandé d'exécuter

fait ceci et poste le rapport 

copie tout le texte depuis ce lien https://www.cjoint.com/?DDeoGxkH83N 

lance zhpfix en tant qu'administrateur (clic droit) 

clique sur importer et le texte s'affichera dans la fenêtre qui s'ouvre 

clic sur GO en bas de page et confirme par OUI pour 

lancer le nettoyage des données 

le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt 

poste le rapport via ce lien https://www.cjoint.com/ 

merci 

@+ 
 
le taux de radiation est plus élevé au pôle emploi qu'à Tchernobyl

fantazero444 · Answer

voila desolé:

https://www.cjoint.com/?DDer5tF9Ab3

i were a little.."lost in the see"^^

merci

fantazero444 · Answer

voila le rapport malwarebytes:

http://cjoint.com/14av/DDesIFXRbzU.htm

fantazero444 · Answer

j' ai pas réussi a faire autrement que de : désinstaler ->nettoyage avec cc cleaner -> et réinstaller Google chrome..

mais il est maintenant a jour.

je suis par là au besoin, autrement je referai un petit up demain (on sait jamais), sinon, lundi...et ..je te souhaite bon w- end :)

billmaxime · Answer

re

tu peux me refaire 1 zhpdiag comme sur l'image et poster le rapport via ce lien 

https://www.cjoint.com/

aide en image >> clique ici

merci

@+ 
 
le taux de radiation est plus élevé au pôle emploi qu'à Tchernobyl

fantazero444 · Answer

voila le rapport zhpdiag (loupe+):

https://www.cjoint.com/?DDeu2PT1zZh

merci

billmaxime · Answer

salut

fait ceci et poste le rapport

copie tout le texte depuis ce lien https://www.cjoint.com/?DDfquLp1JZx

lance zhpfix en tant qu'administrateur (clic droit) 

clique sur importer et le texte s'affichera dans la fenêtre qui s'ouvre 

clic sur GO en bas de page et confirme par OUI  pour 

lancer le nettoyage des données 

le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt 

poste le rapport via ce lien https://www.cjoint.com/ 

merci

@+

Liens + fenêtres indésirables, persistantes

23 réponses

Discussions similaires