comment supprimer l'icone clavier tactile enbas à droit?? Fermé

Question

je possède un pc de bureau avec Win 8.1 avec ses dernière mise à jours. 
en bas à droit de l'écran je vois l'icone de clavier tactile qui réapparait même apres avoir décoché dans Propriété + Barre d'outils. quand je le désactive l'icone est disparu mais après mon prochain démarrage d'ordi il réapparait.
je m'en sers jamais de ce clavier et il me donne presque mal de tète chaque fois que je vois son icône clavier.
quelqu'un ou quelqu'une pourrait me guider à le faire disparaitre complètement?

desi_munda · Answer

??

desi_munda · Answer

personne ne sait??

desi_munda · Answer

??

desi_munda · Answer

???

bendrop · Answer

Bonsoir,

tu fais un clic droit dans la barre des taches,
tu sélectionnes propriétés,
Ensuite tu choisis l'onglet barres d'outils et tu décoches clavier tactile.
tu valides et c'est fini.

Cdlt.

desi_munda · Answer

j'ai déjà mentionné ce truc dans ma question, sur le coup le clavier disparait mais après le redémarrage de pc le clavier réapparait.

Utilisateur anonyme · Answer

Bonjour desi munda.

Appuie sur la touche Win + R (Simultanément)
Tape "msconfig" puis OK
dans l'onglet "Démarrage" décoche les logiciels que tu souhaite désactiver au démarrage de Windows.

Et avec ça, ton PC démarrera plus vite.
Voilà de quoi en faire d'une pierre, deux coups !

Cordialement.

desi_munda · Answer

je suis allé dans msconfig mais
il n'y a meme pas de clavier tactile dans l'onglet "Démarrage"

desi_munda · Answer

mon système d'exploitation est Windows 8.1 Professionnel et c'est un ordinateur de bureau pas un laptop ou ecran tactile.

Edawards · Answer

Bonsoir,
Dans Rechercher en haut à droite dans la barre de charm, tapez clavier tactile et voyez ce dont vous pouvez faire.

Desi_munda · Answer

Déjà essayer mais ça n'a pas aidé

Utilisateur anonyme · Answer

Tu devrais essayer de désinstaller l'application, généralement les pilotes reste.

Utilisateur anonyme · Answer

salut
essais ça et décoche:
https://pix.toile-libre.org/upload/original/1398587587.png 
redémarre et dit moi ?

bendrop · Answer

On va faire une prise de sang de système.
Tu télécharges ZHPdiag de nicolas Coolman , tu auras ici la procédure de téléchargement et comment l'utiliser http://nicolascoolman.webs.com/tutorials.htm 
Tu postes ensuite le rapport. 

Cordialement.

desi_munda · Answer

~ Rapport de ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014) ~ Lancé par Mon-iNFO (29/04/2014 20:29:27) ~ Adresse du Site Web https://nicolascoolman.webs.com/ ~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17031 GCIE: Google Chrome v34.0.1847.131 (Defaut) ---\ Informations sur les produits Windows ~ Langage: Français Windows 8.1 Pro, 32-bit (Build 9600) Windows Server License Manager Script : OK ~ Windows(R) Operating System, VOLUME_KMSCLIENT channel Windows ID Activation : OK ~ Windows Partial Key : 9D6T9 Windows License : OK ~ Windows Remaining Initializations Number : 997 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ Logiciels de protection du système Windows Defender W8 ---\ Logiciels d'optimisation du système CCleaner v4.10 ---\ Logiciels de partage PeerToPeer ---\ Surveillance de Logiciels Java 7 Update 55 ---\ Informations sur le système ~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 767 MB (16% free) System Restore: Activé (Enable) System drive C: has 85 GB (34%) free of 250 GB ---\ Mode de connexion au système ~ Computer Name: PCCLIENT ~ User Name: Mon-iNFO ~ All Users Names: UpdatusUser, Mon-iNFO, HomeGroupUser$, Bilal Bushera, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\mon-pc\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\mon-pc\AppData\Roaming\ ~ %Desktop% : C:\Users\mon-pc\Desktop\ ~ %Favorites% : C:\Users\mon-pc\Favorites\ ~ %LocalAppData% : C:\Users\mon-pc\AppData\Local\ ~ %StartMenu% : C:\Users\mon-pc\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 85 Go of 250 Go) D: Hard drive, Flash drive, Thumb drive (Free 196 Go of 336 Go) J: CD-ROM drive (Not Inserted) ---\ Etat du Centre de Sécurité Windows ~ Security Center: 43 Legitimates Filtered in 00mn 00s ---\ Recherche particulière de fichiers génériques [MD5.119E091B5386379BC5AA598BE9440C75] - (.Microsoft Corporation - Explorateur Windows.) (.04/03/2014 - 06:16:50.) -- C:\Windows\Explorer.exe [2088160] [MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/08/2013 - 21:49:55.) -- C:\Windows\System32\Wininit.exe [112640] [MD5.F89C2BDB6E385ED6CA2AC0085BB6643A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2014 - 03:32:18.) -- C:\Windows\System32\wininet.dll [1789440] [MD5.70C57DC69D4A7D92D2CAC90C3AD16E6F] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.22/02/2014 - 04:21:25.) -- C:\Windows\System32\Winlogon.exe [459264] [MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 03:08:12.) -- C:\Windows\System32\sppcomapi.dll [438272] [MD5.2AF7DA157FFF947A507FCB4AB8BB4C7C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 01:13:54.) -- C:\Windows\system32\Drivers\AFD.sys [455168] [MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 00:33:25.) -- C:\Windows\system32\Drivers\atapi.sys [23392] [MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/08/2013 - 23:11:55.) -- C:\Windows\system32\Drivers\Cdfs.sys [73728] [MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/08/2013 - 20:59:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [124928] [MD5.55758EBBC45E1628161121D7CFEAD4A1] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 03:23:11.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.A31901DE6A22EA67AB83AAF7036F98CC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/08/2013 - 23:10:12.) -- C:\Windows\system32\Drivers\HDAudBus.sys [69632] [MD5.5043E69532392A43549E5D41E22638AA] - (.Microsoft Corporation - Pilote de port i8042.) (.21/08/2013 - 23:10:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [82944] [MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 06:03:35.) -- C:\Windows\system32\Drivers\IpNat.sys [126976] [MD5.3225D40D8CBA74A79D3B10879A14755E] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06/03/2014 - 03:21:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [333824] [MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) (.21/08/2013 - 23:08:26.) -- C:\Windows\system32\Drivers etBT.sys [218624] [MD5.BAFDB3519A9D1A6A0665A70696BA98D5] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.19/03/2014 - 20:09:53.) -- C:\Windows\system32\Drivers tfs.sys [1679704] [MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Pilote de port parallèle.) (.21/08/2013 - 23:11:49.) -- C:\Windows\system32\Drivers\Parport.sys [81408] [MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/08/2013 - 23:07:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [81920] [MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.29/09/2013 - 22:51:00.) -- C:\Windows\system32\Drivers dpdr.sys [143872] [MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 01:13:54.) -- C:\Windows\system32\Drivers dx.sys [87040] [MD5.085918BF459BCB835CFC535BE7138539] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/02/2014 - 09:08:17.) -- C:\Windows\system32\Drivers\volsnap.sys [265048] ~ Generic Processes: Scanned in 00mn 01s ---\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/23 ~ Mes musiques (My Musics) : 2/191 ~ Mes Videos (My Videos) : 1/154 ~ Mes Favoris (My Favorites) : 1/78 ~ Mes Documents (My Documents) : 2/1134 ~ Mon Bureau (My Desktop) : 4/294 ~ Menu demarrer (Programs) : 1/33 ~ Hidden Files: Scanned in 00mn 09s ---\ Processus lancés [MD5.2197DED64442B4B342971598208A7D1A] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\WINDOWS\system32 askhostex.exe [66624] [PID.5404] [MD5.C640F23B2E64585D33ADC99C6591C924] - (.Microsoft Corporation - Clavier tactile et volet d'écriture manuscr.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [292824] [PID.5884] [MD5.6CCFD72201C5840CB6244604A7EBCF2D] - (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe [390144] [PID.4208] [MD5.7F29C4ABC8153E07024148EA9E8EB710] - (.Microsoft - AudioSetterServer.) -- C:\Program Files\Thoro Software\Audio Setter Server\AudioSetterServer.exe [264192] [PID.4788] [MD5.1412E262BE0C7C3E9499DD5766FD71C7] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office15\MsoSync.exe [448704] [PID.2452] [MD5.723DB99F24FBDCC8DE746D5689B20E79] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe [1266520] [PID.2892] =>P2P.BitTorrent [MD5.8AE516A7DB3C78AB8ECF3F95255EE45B] - (.SpeedBit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe [2807296] [PID.1676] [MD5.3EBF452B807F412EC0F19141ADA060E5] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [811696] [PID.5548] [MD5.E936FA1DF62070DCE5F08A7E68F68094] - (.Eyeo GmbH - Adblock Plus Engine.) -- C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe [4227336] [PID.5080] [MD5.4AEC4F771E0F7A2B0332907592BE0FEE] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [870392] [PID.1588] [MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.2332] [MD5.77453B17EB0D6A4AB366200C3193CBD6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.7.) -- C:\WINDOWS\system32 vvsvc.exe [634808] [PID.824] [MD5.50CA14EBEBF27C81EBF342BCE5A6CE6C] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display vxdsync.exe [865208] [PID.880] [MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1656] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1700] [MD5.B78436CA173FF723A1EACE5CD4900375] - (.SEIKO EPSON CORPORATION - Epson Customer Participation.) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600] [PID.1752] [MD5.4865B463A5E23C54BAE869962E19A1A7] - (.Splashtop Inc. - Splashtop® Streamer Service.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [790880] [PID.1904] [MD5.B6412CCB17B27C9491A676D588E9E34E] - (.Microsoft Corporation - Device Association Framework Provider Host.) -- C:\WINDOWS\system32\dashost.exe [64000] [PID.1948] [MD5.504C33FE3B4E2AF11FE5875DDCA8EBEA] - (.Splashtop Inc. - Splashtop Software Updater Service.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056] [PID.1980] =>Adware.IncrediBar [MD5.949A54971EF61E9D84B7C559B405A585] - (...) -- C:\Program Files\003\xmkysecqun32.exe [541696] [PID.360] =>PUP.AdPeak [MD5.A472FD6FC27C458D1DC19B8973554354] - (.Splashtop Inc. - Splashtop® Streamer.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe [3918176] [PID.5372] [MD5.DBC897D9AD5D3E0CD93C357DA1E4AA41] - (.Splashtop Inc. - Splashtop® Streamer Feature.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe [7177056] [PID.2044] [MD5.0577914E806EF61FAD24BDC82A890C47] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1259448] [PID.1056] ~ Processes Running: Scanned in 00mn 05s ---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@tongbu.com/tongbu,version=0.1] - (.?????? - ipa block for Chrome.) -- C:\Program Files\Tongbu\Addin pTongbuAddin.dll ~ Firefox Browser: 15 Legitimates Filtered in 00mn 01s ---\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.sweetpacks.com/ =>PUP.SweetIM ~ IE Browser: 9 Legitimates Filtered in 00mn 00s ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\ Browser Helper Objects de navigateur (O2) O2 - BHO: Í¬²½Ò»¼ü°²×°Ö§³Ö - {F72C8153-7140-4FEE-8F69-CA4579D71195} . (.?????? - ??????????.) -- C:\Program Files\Tongbu\Addin bIEAddin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} . (.SpeedBit Ltd. - Download Accelerator Plus (DAP) MSIE Loader.) -- C:\Program Files\DAP\dapieloader.dll O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} . (.Adblock Plus - Adblock Plus Module.) -- C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll ~ BHO: 12 Legitimates Filtered in 00mn 00s ---\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKCU\..\Run: [ishutdown2] . (.Pas de propriétaire - ilauncher.) -- C:\Program Files\ishutdown\iShutdown\ilauncher.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] Clé orpheline O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] Clé orpheline O4 - HKUS\S-1-5-21-4152902473-1497224444-1697345771-1001\..\Run: [ishutdown2] . (.Pas de propriétaire - ilauncher.) -- C:\Program Files\ishutdown\iShutdown\ilauncher.exe O4 - HKUS\S-1-5-21-4152902473-1497224444-1697345771-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Cliquer pour appeler Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{25AC6AF5-130C-46A3-89FD-829719C083B1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{25AC6AF5-130C-46A3-89FD-829719C083B1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 ~ Domain: Scanned in 00mn 00s ---\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - ,C:\Program Files\Amazon\AMAZON~1\AMAZON~1.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service KMSELDI (Service KMSELDI) . (.Pas de propriétaire - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico O23 - Service: xmkysecqun32 (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak ~ Services: 9 Legitimates Filtered in 00mn 04s ---\ Tâches planifiées en automatique (O39) [MD5.0F94B4386D8D5E2FD028954684A6464E] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe [571904] =>PUP.KMSpico [MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-codedownloader] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-codedownloader.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-enabler] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-enabler.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-updater] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-updater.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-chromeinstaller] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-chromeinstaller.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-codedownloader] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-codedownloader.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-enabler] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-enabler.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-firefoxinstaller] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-updater] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-updater.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [{03D84E01-501E-4F5E-AAB6-F3ADC20F9B65}] (...) -- C:\Users\Mon-iNFO\Desktop\Nouveau dossier\spad-setup.exe (.not file.) [0] O39 - APT: FTdownloader V6.0-codedownloader - (...) -- C:\Windows\Tasks\FTdownloader V6.0-codedownloader.job [1236] =>Adware.Downware O39 - APT: FTdownloader V6.0-codedownloader - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-codedownloader [1236] =>Adware.Downware O39 - APT: FTdownloader V6.0-enabler - (...) -- C:\Windows\Tasks\FTdownloader V6.0-enabler.job [1146] =>Adware.Downware O39 - APT: FTdownloader V6.0-enabler - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-enabler [1146] =>Adware.Downware O39 - APT: FTdownloader V6.0-updater - (...) -- C:\Windows\Tasks\FTdownloader V6.0-updater.job [1344] =>Adware.Downware O39 - APT: FTdownloader V6.0-updater - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-updater [1344] =>Adware.Downware O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1074] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1078] O39 - APT: Torntv V6.0-chromeinstaller - (...) -- C:\Windows\Tasks\Torntv V6.0-chromeinstaller.job [2170] =>Hijacker.TornTV O39 - APT: Torntv V6.0-chromeinstaller - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-chromeinstaller [2170] =>Hijacker.TornTV O39 - APT: Torntv V6.0-codedownloader - (...) -- C:\Windows\Tasks\Torntv V6.0-codedownloader.job [1466] =>Hijacker.TornTV O39 - APT: Torntv V6.0-codedownloader - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-codedownloader [1466] =>Hijacker.TornTV O39 - APT: Torntv V6.0-enabler - (...) -- C:\Windows\Tasks\Torntv V6.0-enabler.job [1354] =>Hijacker.TornTV O39 - APT: Torntv V6.0-enabler - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-enabler [1354] =>Hijacker.TornTV O39 - APT: Torntv V6.0-firefoxinstaller - (...) -- C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job [2426] =>Hijacker.TornTV O39 - APT: Torntv V6.0-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-firefoxinstaller [2426] =>Hijacker.TornTV O39 - APT: Torntv V6.0-updater - (...) -- C:\Windows\Tasks\Torntv V6.0-updater.job [1526] =>Hijacker.TornTV O39 - APT: Torntv V6.0-updater - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-updater [1526] =>Hijacker.TornTV ~ Scheduled Task: 33 Legitimates Filtered in 00mn 08s ---\ Pilotes lancés au démarrage du système (O41) O41 - Driver: oem5.inf (Eve) . (...) - C:\Windows\system32\DRIVERS\eve.sys O41 - Driver: (MpKslcb6712f0) . (...) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{81B0EA90-FBCF-499F-BD42-29CBD68FEBC7}\MpKslcb6712f0.sys ~ Drivers: 36 Legitimates Filtered in 00mn 00s ---\ Logiciels installés (O42) O42 - Logiciel: Audio Setter Server - (.Thoro Software.) [HKLM] -- {576B8458-7827-4305-B774-6C3531AD8A38} O42 - Logiciel: Bonjour Browser - (...) [HKLM] -- Bonjour Browser_is1 O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM] -- Download Accelerator Plus (DAP) O42 - Logiciel: KMSpico v9.0.3.20131029 (Beta) - (...) [HKLM] -- KMSpico_is1 =>PUP.KMSpico O42 - Logiciel: PPÖúÊÖ PC°æ 1.0.5.0 - (.¹ãÖÝÌúÈËÍøÂç¿Æ¼¼ÓÐÏÞ¹«Ë¾.) [HKLM] -- PPÖúÊÖ PC°æ O42 - Logiciel: Remote Helper - (.Remote HD.) [HKLM] -- {C14ACB14-1995-493E-8543-E560071197AB} O42 - Logiciel: Savevid - (.Bandoo Media Inc.) [HKCU] -- Savevid =>Adware.Bandoo O42 - Logiciel: Tongbu Assistant 2.1.3.0 - (.Xiamen Tongbu Network Ltd..) [HKLM] -- Tongbu2 ~ Logic: 19 Legitimates Filtered in 00mn 01s ---\ HKCU & HKLM Software Keys [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\IM] [HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver [HKCU\Software\Remote HD] [HKCU\Software\SpeedBit] [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\Teiron] [HKCU\Software\WNLT] =>Adware.IncrediBar [HKCU\Software\WSVCUPlugin] [HKLM\Software\DomaIQ] =>Adware.DomaIQ [HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher [HKLM\Software\SpeedBit] [HKLM\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\deskSvc] ~ Key Software: 262 Legitimates Filtered in 00mn 01s ---\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 04/04/2014 - 18:56:20 - [] ----D C:\Program Files\003 =>PUP.AdPeak O43 - CFD: 21/02/2014 - 22:02:30 - [] ----D C:\Program Files\ishutdown O43 - CFD: 21/03/2014 - 15:27:44 - [] ----D C:\Program Files\Jumi O43 - CFD: 11/04/2014 - 22:02:07 - [] ----D C:\Program Files\KMSpico =>PUP.KMSpico O43 - CFD: 21/02/2014 - 16:17:09 - [] ----D C:\Program Files\PPÖúÊÖ O43 - CFD: 13/02/2014 - 21:18:04 - [] ----D C:\Program Files\Remote HD O43 - CFD: 26/04/2014 - 14:09:24 - [] ----D C:\Program Files\Savevid =>Adware.Bandoo O43 - CFD: 21/03/2014 - 19:33:32 - [] ----D C:\Program Files\Tongbu O43 - CFD: 30/10/2013 - 11:40:51 - [] ----D C:\Program Files\Uninstaller O43 - CFD: 30/10/2013 - 11:40:38 - [] ----D C:\Program Files\Common Files\337 =>Hijacker.22Find O43 - CFD: 30/10/2013 - 11:41:47 - [] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity O43 - CFD: 31/10/2013 - 08:04:34 - [] ----D C:\ProgramData\SpeedBit O43 - CFD: 28/04/2014 - 20:38:46 - [0] ----D C:\ProgramData\xml_param O43 - CFD: 28/12/2013 - 17:47:35 - [] ----D C:\Users\mon-pc\AppData\Roaming\Mark Bridges O43 - CFD: 14/02/2014 - 21:36:05 - [] ----D C:\Users\mon-pc\AppData\Roaming ewnext.me =>PUP.NextLive O43 - CFD: 16/03/2014 - 14:15:14 - [] ----D C:\Users\mon-pc\AppData\Roaming\RemoteHelper O43 - CFD: 03/11/2013 - 16:00:06 - [0] ----D C:\Users\mon-pc\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} O43 - CFD: 27/01/2014 - 09:15:43 - [] ----D C:\Users\mon-pc\AppData\Local\genienext =>PUP.NextLive O43 - CFD: 03/03/2014 - 21:18:18 - [] ----D C:\Users\mon-pc\AppData\Local\iSpirit O43 - CFD: 18/01/2014 - 22:33:14 - [] ----D C:\Users\mon-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jumi ~ 105 Dossier CLSID vide (CLSID Empty Folder) ~ Program Folder: 297 Legitimates Filtered in 00mn 03s ---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.1AF704CC724454A4E41A7181B2E735C5] - 18/04/2014 - 19:03:25 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_55-b14.log [4224] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 29/04/2014 - 13:06:15 ---A- . (...) -- C:\Recovery.txt [0] ~ Files: 27 Legitimates Filtered in 00mn 11s ---\ Déni du service (Local Security Authority) (O48) ~ LSA: 3 Legitimates Filtered in 00mn 00s ---\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "SafeModeBlockNonAdmins"=1 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\ Liste des pilotes du système (SDL) (O58) O58 - SDL:12/08/2013 - 18:25:32 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [16088] O58 - SDL:28/03/2013 - 19:50:04 ---A- . (...) -- C:\Windows\System32\Drivers\eve.sys [33624] O58 - SDL:03/06/2010 - 10:07:18 ---A- . (.Windows (R) Win 7 DDK provider - Jumi Virtual Hid Device.) -- C:\Windows\System32\Drivers\jumi.sys [13112] O58 - SDL:22/08/2013 - 00:32:57 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26976] O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056] O58 - SDL:17/08/2013 - 14:47:28 ---A- . (.Windows (R) Win 7 DDK provider - VB Virtual Audio Device.) -- C:\Windows\System32\Drivers\vbaudio_cable_win7.sys [32128] ~ Drivers: 47 Legitimates Filtered in 00mn 04s ---\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8 O69 - SBI: SearchScopes [HKCU] {F38FA138-F44A-4624-8A90-5990653279E2} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl ~ Keys: Scanned in 00mn 00s ---\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{DD44B8C4-7F5E-418E-8103-EF6523AB2A5F}C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe =>P2P.BitTorrent O87 - FAEL: "UDP Query User{E8BC2780-E9CC-4D5D-BB38-D7809C20E903}C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe =>P2P.BitTorrent O87 - FAEL: "{A8E4B9B5-C9F1-4517-9F41-9E2C9D90D611}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{9F4B6730-47B0-4539-A891-58FA3C05CDBF}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{2D7BC572-E338-4D3B-9B36-9F3B3C5A5C1D}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{9B7D2B07-44C0-49C5-AC5A-1175CC8514AA}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Firewall: 6 Legitimates Filtered in 00mn 07s ---\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32 =>PUP.SaltarSmart HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS =>PUP.SaltarSmart ~ BTK: 51 Legitimates Filtered in 00mn 00s ---\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{25EB66FC-03A7-40AA-A073-EAAF723CDD90}] (SavevidComponent Class) =>Adware.Bandoo ~ BCK: 6505 Legitimates Filtered in 00mn 10s ---\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 09/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 09/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 21/02/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Disabled 01/04/2014 2117960 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SS - | Disabled 18/05/2010 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe SS - | Disabled 05/02/2014 796152 | (SavevidService) . (...) - C:\Program Files\Savevid\SavevidService.exe =>Adware.Bandoo SS - | Auto 29/10/2013 571392 | (Service KMSELDI) . (...) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 09/06/2011 521600 | (EpsonCustomerParticipation) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe SR - | Auto 03/01/2013 634808 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32 vvsvc.exe SR - | Auto 03/01/2013 1259448 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 24/03/2014 790880 | (SplashtopRemoteService) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe SR - | Auto 08/10/2013 609056 | (SSUService) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe SR - | Auto 30/10/2013 22224 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe SR - | Demand 22/08/2013 31552 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 04/04/2014 541696 | (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak ~ Services: Scanned in 00mn 14s ---\ Scan Additionnel (O88) Database Version : 13045 - (28/04/2014) Clés trouvées (Keys found) : 24 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 10 Fichiers trouvés (Files found) : 34 [HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI] =>PUP.KMSpico^ [HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun32] =>PUP.AdPeak^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1] =>PUP.KMSpico^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savevid] =>Adware.Bandoo^ [HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask [HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar [HKCU\Software\AppDataLow\AskToolbarInfo] =>Toolbar.AskTBar [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\WNLT] =>Adware.IncrediBar [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider [HKLM\Software\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk] =>Spyware.GophotoIt [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity [HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox [HKLM\Software\Classes\CrossriderApp0045167.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0045960.BHO] =>PUP.CrossRider C:\Program Files\003 =>PUP.AdPeak^ C:\Program Files\KMSpico =>PUP.KMSpico^ C:\Program Files\Savevid =>Adware.Bandoo^ C:\Program Files\Common Files\337 =>Hijacker.22Find^ C:\ProgramData\eSafe =>PUP.eSafeSecurity^ C:\Users\mon-pc\AppData\Roaming ewnext.me =>PUP.NextLive^ C:\Users\mon-pc\AppData\Local\genienext =>PUP.NextLive^ C:\Program Files\Gophoto.it =>Spyware.GophotoIt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUP.KMSpico C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk =>Spyware.GophotoIt C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^ C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe =>Adware.IncrediBar^ C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak^ C:\Program Files\KMSpico\AutoPico.exe =>PUP.KMSpico^ C:\Windows\Tasks\FTdownloader V6.0-codedownloader.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-codedownloader =>Adware.Downware^ C:\Windows\Tasks\FTdownloader V6.0-enabler.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-enabler =>Adware.Downware^ C:\Windows\Tasks\FTdownloader V6.0-updater.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-updater =>Adware.Downware^ C:\Windows\Tasks\Torntv V6.0-chromeinstaller.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-chromeinstaller =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-codedownloader.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-codedownloader =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-enabler.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-enabler =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-firefoxinstaller =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-updater.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-updater =>Hijacker.TornTV^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKLM\Software\DomaIQ] =>Adware.DomaIQ^ [HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^ [HKCR\CLSID\{25EB66FC-03A7-40AA-A073-EAAF723CDD90}] (SavevidComponent Class) =>Adware.Bandoo^ C:\Users\mon-pc\AppData\Local\Temp si17BD.exe =>Toolbar.Conduit C:\Users\mon-pc\AppData\Local\Temp sl4BA7.exe =>Toolbar.Conduit C:\Users\mon-pc\AppData\Local\Temp sn3CBD.exe =>Toolbar.Conduit C:\Users\mon-pc\AppData\Local\Temp ss14EE.exe =>Toolbar.Conduit C:\Users\mon-pc\AppData\Local\Temp sz4190.exe =>Toolbar.Conduit ~ Additionnel Scan: 299785 Items scanned in 00mn 56s ---\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.IncrediBar http://nicolascoolman.webs.com/apps/blog/show/42126939-pup-adpeak =>PUP.AdPeak http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM http://nicolascoolman.webs.com/apps/blog/show/29633319-pup-kmspico =>PUP.KMSpico http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find http://nicolascoolman.webs.com/apps/blog/show/26690384-adware-downware =>Adware.Downware http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv =>Hijacker.TornTV http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver http://nicolascoolman.webs.com/apps/blog/show/30393137-adware-domaiq =>Adware.DomaIQ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive http://nicolascoolman.webs.com/apps/blog/show/33293281-pup-saltarsmart =>PUP.SaltarSmart http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider http://nicolascoolman.webs.com/apps/blog/show/27793524-spyware-gophotoit =>Spyware.GophotoIt http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox ~ MSI: 19 link(s) detected in 00mn 00s ~ 787 Legitimates filtered by white list End of the scan (559 lines in 02mn 48s)(0)

desi_munda · Answer

quelqu'un pourrait me dire quoi faire apres

bendrop · Answer

Tu es infecté,
* Télécharges Adwcleaner (de Xplode) sur ton Bureau ! https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/
* Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista, sinon double-clique pour XP
1. Choisis l'option Scanner
2. Choisis l'option Nettoyer
* Accepte l'avertissement en cliquant sur OK
* Accepte les avertissements/informations en cliquant sur OK
* Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC
dans ta réponse.

Ensuite tu refait zhpdiag, par contre quand tu l'a lancé tu clique sur configurer et ensuite sur la loupe avec un +. une fois le scan finit, tu le postes.

cdlt.

desi_munda · Answer

voici le nouveau rapport apres le nettoyage avec Adwcleaner (de Xplode ~ Rapport de ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014) ~ Lancé par Mon-iNFO (30/04/2014 18:06:12) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17031 GCIE: Google Chrome v34.0.1847.131 (Defaut) ---\ Informations sur les produits Windows ~ Langage: Français Windows 8.1 Pro, 32-bit (Build 9600) Windows Server License Manager Script : OK ~ Windows(R) Operating System, VOLUME_KMSCLIENT channel Windows ID Activation : OK ~ Windows Partial Key : 9D6T9 Windows License : OK ~ Windows Remaining Initializations Number : 997 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ Logiciels de protection du système Windows Defender W8 ---\ Logiciels d'optimisation du système CCleaner v4.10 ---\ Logiciels de partage PeerToPeer ---\ Surveillance de Logiciels Java 7 Update 55 ---\ Informations sur le système ~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 767 MB (13% free) System Restore: Activé (Enable) System drive C: has 85 GB (33%) free of 250 GB ---\ Mode de connexion au système ~ Computer Name: PCCLIENT ~ User Name: Mon-iNFO ~ All Users Names: UpdatusUser, Mon-iNFO, HomeGroupUser$, Bilal Bushera, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\mon-pc\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\mon-pc\AppData\Roaming\ ~ %Desktop% : C:\Users\mon-pc\Desktop\ ~ %Favorites% : C:\Users\mon-pc\Favorites\ ~ %LocalAppData% : C:\Users\mon-pc\AppData\Local\ ~ %StartMenu% : C:\Users\mon-pc\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 85 Go of 250 Go) D: Hard drive, Flash drive, Thumb drive (Free 280 Go of 336 Go) J: CD-ROM drive (Not Inserted) ---\ Etat du Centre de Sécurité Windows ~ Security Center: 43 Legitimates Filtered in 00mn 00s ---\ Recherche particulière de fichiers génériques [MD5.119E091B5386379BC5AA598BE9440C75] - (.Microsoft Corporation - Explorateur Windows.) (.04/03/2014 - 06:16:50.) -- C:\Windows\Explorer.exe [2088160] [MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/08/2013 - 21:49:55.) -- C:\Windows\System32\Wininit.exe [112640] [MD5.F89C2BDB6E385ED6CA2AC0085BB6643A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2014 - 03:32:18.) -- C:\Windows\System32\wininet.dll [1789440] [MD5.70C57DC69D4A7D92D2CAC90C3AD16E6F] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.22/02/2014 - 04:21:25.) -- C:\Windows\System32\Winlogon.exe [459264] [MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 03:08:12.) -- C:\Windows\System32\sppcomapi.dll [438272] [MD5.2AF7DA157FFF947A507FCB4AB8BB4C7C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 01:13:54.) -- C:\Windows\system32\Drivers\AFD.sys [455168] [MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 00:33:25.) -- C:\Windows\system32\Drivers\atapi.sys [23392] [MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/08/2013 - 23:11:55.) -- C:\Windows\system32\Drivers\Cdfs.sys [73728] [MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/08/2013 - 20:59:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [124928] [MD5.55758EBBC45E1628161121D7CFEAD4A1] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 03:23:11.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.A31901DE6A22EA67AB83AAF7036F98CC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/08/2013 - 23:10:12.) -- C:\Windows\system32\Drivers\HDAudBus.sys [69632] [MD5.5043E69532392A43549E5D41E22638AA] - (.Microsoft Corporation - Pilote de port i8042.) (.21/08/2013 - 23:10:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [82944] [MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 06:03:35.) -- C:\Windows\system32\Drivers\IpNat.sys [126976] [MD5.3225D40D8CBA74A79D3B10879A14755E] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06/03/2014 - 03:21:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [333824] [MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) (.21/08/2013 - 23:08:26.) -- C:\Windows\system32\Drivers etBT.sys [218624] [MD5.BAFDB3519A9D1A6A0665A70696BA98D5] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.19/03/2014 - 20:09:53.) -- C:\Windows\system32\Drivers tfs.sys [1679704] [MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Pilote de port parallèle.) (.21/08/2013 - 23:11:49.) -- C:\Windows\system32\Drivers\Parport.sys [81408] [MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/08/2013 - 23:07:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [81920] [MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.29/09/2013 - 22:51:00.) -- C:\Windows\system32\Drivers dpdr.sys [143872] [MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 01:13:54.) -- C:\Windows\system32\Drivers dx.sys [87040] [MD5.085918BF459BCB835CFC535BE7138539] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/02/2014 - 09:08:17.) -- C:\Windows\system32\Drivers\volsnap.sys [265048] ~ Generic Processes: Scanned in 00mn 00s ---\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/23 ~ Mes musiques (My Musics) : 2/191 ~ Mes Videos (My Videos) : 1/154 ~ Mes Favoris (My Favorites) : 1/79 ~ Mes Documents (My Documents) : 2/1134 ~ Mon Bureau (My Desktop) : 4/299 ~ Menu demarrer (Programs) : 1/33 ~ Hidden Files: Scanned in 00mn 09s ---\ Processus lancés [MD5.2197DED64442B4B342971598208A7D1A] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\WINDOWS\system32 askhostex.exe [66624] [PID.4016] [MD5.C640F23B2E64585D33ADC99C6591C924] - (.Microsoft Corporation - Clavier tactile et volet d'écriture manuscr.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [292824] [PID.5308] [MD5.6CCFD72201C5840CB6244604A7EBCF2D] - (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe [390144] [PID.5820] [MD5.7F29C4ABC8153E07024148EA9E8EB710] - (.Microsoft - AudioSetterServer.) -- C:\Program Files\Thoro Software\Audio Setter Server\AudioSetterServer.exe [264192] [PID.6072] [MD5.1412E262BE0C7C3E9499DD5766FD71C7] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office15\MsoSync.exe [448704] [PID.5372] [MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.5588] [MD5.77453B17EB0D6A4AB366200C3193CBD6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.7.) -- C:\WINDOWS\system32 vvsvc.exe [634808] [PID.832] [MD5.50CA14EBEBF27C81EBF342BCE5A6CE6C] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display vxdsync.exe [865208] [PID.884] [MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1724] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1824] [MD5.B6412CCB17B27C9491A676D588E9E34E] - (.Microsoft Corporation - Device Association Framework Provider Host.) -- C:\WINDOWS\system32\dashost.exe [64000] [PID.1872] [MD5.B78436CA173FF723A1EACE5CD4900375] - (.SEIKO EPSON CORPORATION - Epson Customer Participation.) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600] [PID.1892] [MD5.4865B463A5E23C54BAE869962E19A1A7] - (.Splashtop Inc. - Splashtop® Streamer Service.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [790880] [PID.356] [MD5.504C33FE3B4E2AF11FE5875DDCA8EBEA] - (.Splashtop Inc. - Splashtop Software Updater Service.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056] [PID.624] =>Adware.IncrediBar [MD5.A472FD6FC27C458D1DC19B8973554354] - (.Splashtop Inc. - Splashtop® Streamer.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe [3918176] [PID.3896] [MD5.DBC897D9AD5D3E0CD93C357DA1E4AA41] - (.Splashtop Inc. - Splashtop® Streamer Feature.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe [7177056] [PID.4992] [MD5.F7D5DF520DD7A97C0EC2C186008CB63E] - (.Microsoft Corporation - KMS Connection Broker.) -- C:\WINDOWS\system32\SppExtComObj.exe [518656] [PID.5680] ~ Processes Running: Scanned in 00mn 01s ---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@tongbu.com/tongbu,version=0.1] - (.?????? - ipa block for Chrome.) -- C:\Program Files\Tongbu\Addin pTongbuAddin.dll ~ Firefox Browser: 15 Legitimates Filtered in 00mn 01s ---\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca ~ IE Browser: 9 Legitimates Filtered in 00mn 00s ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\ Browser Helper Objects de navigateur (O2) O2 - BHO: Í¬²½Ò»¼ü°²×°Ö§³Ö - {F72C8153-7140-4FEE-8F69-CA4579D71195} . (.?????? - ??????????.) -- C:\Program Files\Tongbu\Addin bIEAddin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} . (.SpeedBit Ltd. - Download Accelerator Plus (DAP) MSIE Loader.) -- C:\Program Files\DAP\dapieloader.dll O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} . (.Adblock Plus - Adblock Plus Module.) -- C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll ~ BHO: 12 Legitimates Filtered in 00mn 00s ---\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKCU\..\Run: [ishutdown2] . (.Pas de propriétaire - ilauncher.) -- C:\Program Files\ishutdown\iShutdown\ilauncher.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] Clé orpheline O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] Clé orpheline O4 - HKUS\S-1-5-21-4152902473-1497224444-1697345771-1001\..\Run: [ishutdown2] . (.Pas de propriétaire - ilauncher.) -- C:\Program Files\ishutdown\iShutdown\ilauncher.exe O4 - HKUS\S-1-5-21-4152902473-1497224444-1697345771-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Cliquer pour appeler Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{25AC6AF5-130C-46A3-89FD-829719C083B1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{25AC6AF5-130C-46A3-89FD-829719C083B1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 ~ Domain: Scanned in 00mn 00s ---\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - ,C:\Program Files\Amazon\AMAZON~1\AMAZON~1.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service KMSELDI (Service KMSELDI) . (.Pas de propriétaire - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico O23 - Service: xmkysecqun32 (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe (.not file.) =>PUP.AdPeak ~ Services: 8 Legitimates Filtered in 00mn 03s ---\ Tâches planifiées en automatique (O39) [MD5.0F94B4386D8D5E2FD028954684A6464E] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe [571904] =>PUP.KMSpico [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-codedownloader] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-codedownloader.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-enabler] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-enabler.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-updater] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-updater.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-chromeinstaller] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-chromeinstaller.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-codedownloader] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-codedownloader.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-enabler] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-enabler.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-firefoxinstaller] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-updater] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-updater.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [{03D84E01-501E-4F5E-AAB6-F3ADC20F9B65}] (...) -- C:\Users\Mon-iNFO\Desktop\Nouveau dossier\spad-setup.exe (.not file.) [0] O39 - APT: FTdownloader V6.0-codedownloader - (...) -- C:\Windows\Tasks\FTdownloader V6.0-codedownloader.job [1236] =>Adware.Downware O39 - APT: FTdownloader V6.0-codedownloader - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-codedownloader [1236] =>Adware.Downware O39 - APT: FTdownloader V6.0-enabler - (...) -- C:\Windows\Tasks\FTdownloader V6.0-enabler.job [1146] =>Adware.Downware O39 - APT: FTdownloader V6.0-enabler - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-enabler [1146] =>Adware.Downware O39 - APT: FTdownloader V6.0-updater - (...) -- C:\Windows\Tasks\FTdownloader V6.0-updater.job [1344] =>Adware.Downware O39 - APT: FTdownloader V6.0-updater - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-updater [1344] =>Adware.Downware O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1074] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1078] O39 - APT: Torntv V6.0-chromeinstaller - (...) -- C:\Windows\Tasks\Torntv V6.0-chromeinstaller.job [2170] =>Hijacker.TornTV O39 - APT: Torntv V6.0-chromeinstaller - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-chromeinstaller [2170] =>Hijacker.TornTV O39 - APT: Torntv V6.0-codedownloader - (...) -- C:\Windows\Tasks\Torntv V6.0-codedownloader.job [1466] =>Hijacker.TornTV O39 - APT: Torntv V6.0-codedownloader - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-codedownloader [1466] =>Hijacker.TornTV O39 - APT: Torntv V6.0-enabler - (...) -- C:\Windows\Tasks\Torntv V6.0-enabler.job [1354] =>Hijacker.TornTV O39 - APT: Torntv V6.0-enabler - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-enabler [1354] =>Hijacker.TornTV O39 - APT: Torntv V6.0-firefoxinstaller - (...) -- C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job [2426] =>Hijacker.TornTV O39 - APT: Torntv V6.0-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-firefoxinstaller [2426] =>Hijacker.TornTV O39 - APT: Torntv V6.0-updater - (...) -- C:\Windows\Tasks\Torntv V6.0-updater.job [1526] =>Hijacker.TornTV O39 - APT: Torntv V6.0-updater - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-updater [1526] =>Hijacker.TornTV ~ Scheduled Task: 32 Legitimates Filtered in 00mn 09s ---\ Pilotes lancés au démarrage du système (O41) O41 - Driver: oem5.inf (Eve) . (...) - C:\Windows\system32\DRIVERS\eve.sys O41 - Driver: (MpKslcb6712f0) . (. - .) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{81B0EA90-FBCF-499F-BD42-29CBD68FEBC7}\MpKslcb6712f0.sys (.not file.) ~ Drivers: 36 Legitimates Filtered in 00mn 00s ---\ Logiciels installés (O42) O42 - Logiciel: Audio Setter Server - (.Thoro Software.) [HKLM] -- {576B8458-7827-4305-B774-6C3531AD8A38} O42 - Logiciel: Bonjour Browser - (...) [HKLM] -- Bonjour Browser_is1 O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM] -- Download Accelerator Plus (DAP) O42 - Logiciel: KMSpico v9.0.3.20131029 (Beta) - (...) [HKLM] -- KMSpico_is1 =>PUP.KMSpico O42 - Logiciel: PPÖúÊÖ PC°æ 1.0.5.0 - (.¹ãÖÝÌúÈËÍøÂç¿Æ¼¼ÓÐÏÞ¹«Ë¾.) [HKLM] -- PPÖúÊÖ PC°æ O42 - Logiciel: Remote Helper - (.Remote HD.) [HKLM] -- {C14ACB14-1995-493E-8543-E560071197AB} O42 - Logiciel: Savevid - (.Bandoo Media Inc.) [HKCU] -- Savevid =>Adware.Bandoo O42 - Logiciel: Tongbu Assistant 2.1.3.0 - (.Xiamen Tongbu Network Ltd..) [HKLM] -- Tongbu2 ~ Logic: 19 Legitimates Filtered in 00mn 00s ---\ HKCU & HKLM Software Keys [HKCU\Software\Remote HD] [HKCU\Software\SpeedBit] [HKCU\Software\Teiron] [HKCU\Software\WSVCUPlugin] [HKLM\Software\SpeedBit] ~ Key Software: 244 Legitimates Filtered in 00mn 00s ---\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 21/02/2014 - 22:02:30 - [] ----D C:\Program Files\ishutdown O43 - CFD: 21/03/2014 - 15:27:44 - [] ----D C:\Program Files\Jumi O43 - CFD: 11/04/2014 - 22:02:07 - [] ----D C:\Program Files\KMSpico =>PUP.KMSpico O43 - CFD: 21/02/2014 - 16:17:09 - [] ----D C:\Program Files\PPÖúÊÖ O43 - CFD: 13/02/2014 - 21:18:04 - [] ----D C:\Program Files\Remote HD O43 - CFD: 26/04/2014 - 14:09:24 - [] ----D C:\Program Files\Savevid =>Adware.Bandoo O43 - CFD: 21/03/2014 - 19:33:32 - [] ----D C:\Program Files\Tongbu O43 - CFD: 30/10/2013 - 11:41:47 - [] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity O43 - CFD: 31/10/2013 - 08:04:34 - [] ----D C:\ProgramData\SpeedBit O43 - CFD: 28/04/2014 - 20:38:46 - [0] ----D C:\ProgramData\xml_param O43 - CFD: 28/12/2013 - 17:47:35 - [] ----D C:\Users\mon-pc\AppData\Roaming\Mark Bridges O43 - CFD: 16/03/2014 - 14:15:14 - [] ----D C:\Users\mon-pc\AppData\Roaming\RemoteHelper O43 - CFD: 03/11/2013 - 16:00:06 - [0] ----D C:\Users\mon-pc\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} O43 - CFD: 03/03/2014 - 21:18:18 - [] ----D C:\Users\mon-pc\AppData\Local\iSpirit O43 - CFD: 18/01/2014 - 22:33:14 - [] ----D C:\Users\mon-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jumi ~ 105 Dossier CLSID vide (CLSID Empty Folder) ~ Program Folder: 289 Legitimates Filtered in 00mn 05s ---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 29/04/2014 - 13:06:15 ---A- . (...) -- C:\Recovery.txt [0] O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 30/04/2014 - 16:51:08 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576] ~ Files: 30 Legitimates Filtered in 00mn 10s ---\ Déni du service (Local Security Authority) (O48) ~ LSA: 3 Legitimates Filtered in 00mn 00s ---\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "SafeModeBlockNonAdmins"=1 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\ Liste des pilotes du système (SDL) (O58) O58 - SDL:12/08/2013 - 18:25:32 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [16088] O58 - SDL:28/03/2013 - 19:50:04 ---A- . (...) -- C:\Windows\System32\Drivers\eve.sys [33624] O58 - SDL:03/06/2010 - 10:07:18 ---A- . (.Windows (R) Win 7 DDK provider - Jumi Virtual Hid Device.) -- C:\Windows\System32\Drivers\jumi.sys [13112] O58 - SDL:22/08/2013 - 00:32:57 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26976] O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056] O58 - SDL:17/08/2013 - 14:47:28 ---A- . (.Windows (R) Win 7 DDK provider - VB Virtual Audio Device.) -- C:\Windows\System32\Drivers\vbaudio_cable_win7.sys [32128] ~ Drivers: 48 Legitimates Filtered in 00mn 04s ---\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 01s ---\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {F38FA138-F44A-4624-8A90-5990653279E2} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{DD44B8C4-7F5E-418E-8103-EF6523AB2A5F}C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe =>P2P.BitTorrent O87 - FAEL: "UDP Query User{E8BC2780-E9CC-4D5D-BB38-D7809C20E903}C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe =>P2P.BitTorrent O87 - FAEL: "{A8E4B9B5-C9F1-4517-9F41-9E2C9D90D611}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{9F4B6730-47B0-4539-A891-58FA3C05CDBF}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{2D7BC572-E338-4D3B-9B36-9F3B3C5A5C1D}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{9B7D2B07-44C0-49C5-AC5A-1175CC8514AA}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Firewall: 6 Legitimates Filtered in 00mn 06s ---\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google ~ BTK: 49 Legitimates Filtered in 00mn 00s ---\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{25EB66FC-03A7-40AA-A073-EAAF723CDD90}] (SavevidComponent Class) =>Adware.Bandoo ~ BCK: 6501 Legitimates Filtered in 00mn 10s ---\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 09/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 09/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 21/02/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Disabled 01/04/2014 2117960 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SS - | Disabled 18/05/2010 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe SS - | Disabled 05/02/2014 796152 | (SavevidService) . (...) - C:\Program Files\Savevid\SavevidService.exe =>Adware.Bandoo SS - | Auto 29/10/2013 571392 | (Service KMSELDI) . (...) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico SS - | Auto 10/07/1658 0 | (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 09/06/2011 521600 | (EpsonCustomerParticipation) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe SR - | Auto 03/01/2013 634808 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32 vvsvc.exe SR - | Auto 03/01/2013 1259448 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 24/03/2014 790880 | (SplashtopRemoteService) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe SR - | Auto 08/10/2013 609056 | (SSUService) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe SR - | Auto 30/10/2013 22224 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe SR - | Demand 22/08/2013 31552 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 14s ---\ Scan Additionnel (O88) Database Version : 13045 - (28/04/2014) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 4 Fichiers trouvés (Files found) : 19 [HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI] =>PUP.KMSpico^ [HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun32] =>PUP.AdPeak^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1] =>PUP.KMSpico^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savevid] =>Adware.Bandoo^ [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask C:\Program Files\KMSpico =>PUP.KMSpico^ C:\Program Files\Savevid =>Adware.Bandoo^ C:\ProgramData\eSafe =>PUP.eSafeSecurity^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUP.KMSpico C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe =>Adware.IncrediBar^ C:\Program Files\KMSpico\AutoPico.exe =>PUP.KMSpico^ C:\Windows\Tasks\FTdownloader V6.0-codedownloader.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-codedownloader =>Adware.Downware^ C:\Windows\Tasks\FTdownloader V6.0-enabler.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-enabler =>Adware.Downware^ C:\Windows\Tasks\FTdownloader V6.0-updater.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-updater =>Adware.Downware^ C:\Windows\Tasks\Torntv V6.0-chromeinstaller.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-chromeinstaller =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-codedownloader.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-codedownloader =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-enabler.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-enabler =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-firefoxinstaller =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-updater.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-updater =>Hijacker.TornTV^ [HKCR\CLSID\{25EB66FC-03A7-40AA-A073-EAAF723CDD90}] (SavevidComponent Class) =>Adware.Bandoo^ ~ Additionnel Scan: 291689 Items scanned in 00mn 38s ---\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.IncrediBar http://nicolascoolman.webs.com/apps/blog/show/29633319-pup-kmspico =>PUP.KMSpico http://nicolascoolman.webs.com/apps/blog/show/42126939-pup-adpeak =>PUP.AdPeak http://nicolascoolman.webs.com/apps/blog/show/26690384-adware-downware =>Adware.Downware http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv =>Hijacker.TornTV http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ MSI: 8 link(s) detected in 00mn 00s ~ 761 Legitimates filtered by white list End of the scan (489 lines in 02mn 09s)(0)

desi_munda · Answer

# AdwCleaner v3.205 - Rapport créé le 30/04/2014 à 17:58:54
# Mis à jour le 28/04/2014 par Xplode
# Système d'exploitation : Windows 8.1 Pro  (32 bits)
# Nom d'utilisateur : Mon-iNFO - PCCLIENT
# Exécuté depuis : C:\Users\mon-pc\Desktop\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Program Files\003
Dossier Supprimé : C:\Program Files\Gophoto.it
Dossier Supprimé : C:\Program Files\Uninstaller
Dossier Supprimé : C:\Program Files\Common Files\337
Dossier Supprimé : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Dossier Supprimé : C:\WINDOWS\system32\AI_RecycleBin
Dossier Supprimé : C:\WINDOWS\system32\SearchProtect
Dossier Supprimé : C:\Users\mon-pc\AppData\Local\cool_mirage
Dossier Supprimé : C:\Users\mon-pc\AppData\Local\eSupport.com
Dossier Supprimé : C:\Users\mon-pc\AppData\Local\genienext
Dossier Supprimé : C:\Users\mon-pc\AppData\Roaming
ewnext.me
Dossier Supprimé : C:\Users\mon-pc\AppData\Roaming\Systweak
Dossier Supprimé : C:\Users\mon-pc\Documents\Mobogenie
Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Dossier Supprimé : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Fichier Supprimé : C:\WINDOWS\system32oboot.exe
Fichier Supprimé : C:\WINDOWS\System32\Tasks\Desk 365 RunAsStdUser

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E72A374-8C49-45C9-A43C-7E1174C271A0}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E72A374-8C49-45C9-A43C-7E1174C271A0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\driverscanner
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0045167.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0045960.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\distromatic
Clé Supprimée : HKCU\Software\IM
Clé Supprimée : HKCU\Software\ImInstaller
Clé Supprimée : HKCU\Software\installedbrowserextensions
Clé Supprimée : HKCU\Software\SearchProtectINT
Clé Supprimée : HKCU\Software\systweak
Clé Supprimée : HKCU\Software\wnlt
Clé Supprimée : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKCU\Software\AppDataLow\AskToolbarInfo
Clé Supprimée : HKCU\Software\AppDataLow\Software\AskToolbar
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\Re_Markable
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKCU\Software\AppDataLow\Software\Supra Savings
Clé Supprimée : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clé Supprimée : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Clé Supprimée : HKLM\Software\Desksvc
Clé Supprimée : HKLM\Software\DomaIQ
Clé Supprimée : HKLM\Software\hdcode
Clé Supprimée : HKLM\Software\LevelQualityWatcher
Clé Supprimée : HKLM\Software\systweak
Clé Supprimée : HKLM\Software\Uniblue

***** [ Navigateurs ] *****

-\ Internet Explorer v11.0.9600.17037

Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\ Google Chrome v34.0.1847.131

[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée [Search Provider] : hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&barid=320284928303998547638506210632641604737&crg=3.5000006.10059&ppd=&did=10703&st=23
Supprimée [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Supprimée [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=M93D07A04-8D72-47F6-B87D-B1A151B10C40&SearchSource=58&CUI=&UM=5&UP=SP58D64CF4-3A33-49DE-A11D-2F0CE4C0A764&q={searchTerms}&SSPV=
Supprimée [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=M93D07A04-8D72-47F6-B87D-B1A151B10C40&SearchSource=55&CUI=&UM=5&UP=SP58D64CF4-3A33-49DE-A11D-2F0CE4C0A764&SSPV=
Supprimée [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=M93D07A04-8D72-47F6-B87D-B1A151B10C40&SearchSource=55&CUI=&UM=5&UP=SP58D64CF4-3A33-49DE-A11D-2F0CE4C0A764&SSPV=
Supprimée [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Supprimée [Extension] : flpcjncodpafbgdpnkljologafpionhb
Supprimée [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk

[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Fichier : C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [52733 octets] - [30/04/2014 17:50:06]
AdwCleaner[S0].txt - [12641 octets] - [30/04/2014 17:58:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12702 octets] ##########

desi_munda · Answer

~ Rapport de ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014) ~ Lancé par Mon-iNFO (30/04/2014 18:11:17) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17031 GCIE: Google Chrome v34.0.1847.131 (Defaut) ---\ Informations sur les produits Windows ~ Langage: Français Windows 8.1 Pro, 32-bit (Build 9600) Windows Server License Manager Script : OK ~ Windows(R) Operating System, VOLUME_KMSCLIENT channel Windows ID Activation : OK ~ Windows Partial Key : 9D6T9 Windows License : OK ~ Windows Remaining Initializations Number : 997 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ Logiciels de protection du système Windows Defender W8 ---\ Logiciels d'optimisation du système CCleaner v4.10 ---\ Logiciels de partage PeerToPeer ---\ Surveillance de Logiciels Java 7 Update 55 ---\ Informations sur le système ~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 767 MB (14% free) System Restore: Activé (Enable) System drive C: has 85 GB (33%) free of 250 GB ---\ Mode de connexion au système ~ Computer Name: PCCLIENT ~ User Name: Mon-iNFO ~ All Users Names: UpdatusUser, Mon-iNFO, HomeGroupUser$, Bilal Bushera, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\mon-pc\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\mon-pc\AppData\Roaming\ ~ %Desktop% : C:\Users\mon-pc\Desktop\ ~ %Favorites% : C:\Users\mon-pc\Favorites\ ~ %LocalAppData% : C:\Users\mon-pc\AppData\Local\ ~ %StartMenu% : C:\Users\mon-pc\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 85 Go of 250 Go) D: Hard drive, Flash drive, Thumb drive (Free 280 Go of 336 Go) J: CD-ROM drive (Not Inserted) ---\ Etat du Centre de Sécurité Windows ~ Security Center: 43 Legitimates Filtered in 00mn 00s ---\ Recherche particulière de fichiers génériques [MD5.119E091B5386379BC5AA598BE9440C75] - (.Microsoft Corporation - Explorateur Windows.) (.04/03/2014 - 06:16:50.) -- C:\Windows\Explorer.exe [2088160] [MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/08/2013 - 21:49:55.) -- C:\Windows\System32\Wininit.exe [112640] [MD5.F89C2BDB6E385ED6CA2AC0085BB6643A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2014 - 03:32:18.) -- C:\Windows\System32\wininet.dll [1789440] [MD5.70C57DC69D4A7D92D2CAC90C3AD16E6F] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.22/02/2014 - 04:21:25.) -- C:\Windows\System32\Winlogon.exe [459264] [MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 03:08:12.) -- C:\Windows\System32\sppcomapi.dll [438272] [MD5.2AF7DA157FFF947A507FCB4AB8BB4C7C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 01:13:54.) -- C:\Windows\system32\Drivers\AFD.sys [455168] [MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 00:33:25.) -- C:\Windows\system32\Drivers\atapi.sys [23392] [MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/08/2013 - 23:11:55.) -- C:\Windows\system32\Drivers\Cdfs.sys [73728] [MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/08/2013 - 20:59:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [124928] [MD5.55758EBBC45E1628161121D7CFEAD4A1] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 03:23:11.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.A31901DE6A22EA67AB83AAF7036F98CC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/08/2013 - 23:10:12.) -- C:\Windows\system32\Drivers\HDAudBus.sys [69632] [MD5.5043E69532392A43549E5D41E22638AA] - (.Microsoft Corporation - Pilote de port i8042.) (.21/08/2013 - 23:10:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [82944] [MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 06:03:35.) -- C:\Windows\system32\Drivers\IpNat.sys [126976] [MD5.3225D40D8CBA74A79D3B10879A14755E] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06/03/2014 - 03:21:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [333824] [MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) (.21/08/2013 - 23:08:26.) -- C:\Windows\system32\Drivers etBT.sys [218624] [MD5.BAFDB3519A9D1A6A0665A70696BA98D5] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.19/03/2014 - 20:09:53.) -- C:\Windows\system32\Drivers tfs.sys [1679704] [MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Pilote de port parallèle.) (.21/08/2013 - 23:11:49.) -- C:\Windows\system32\Drivers\Parport.sys [81408] [MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/08/2013 - 23:07:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [81920] [MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.29/09/2013 - 22:51:00.) -- C:\Windows\system32\Drivers dpdr.sys [143872] [MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 01:13:54.) -- C:\Windows\system32\Drivers dx.sys [87040] [MD5.085918BF459BCB835CFC535BE7138539] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/02/2014 - 09:08:17.) -- C:\Windows\system32\Drivers\volsnap.sys [265048] ~ Generic Processes: Scanned in 00mn 00s ---\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/23 ~ Mes musiques (My Musics) : 2/191 ~ Mes Videos (My Videos) : 1/308 ~ Mes Favoris (My Favorites) : 1/158 ~ Mes Documents (My Documents) : 2/2268 ~ Mon Bureau (My Desktop) : 4/598 ~ Menu demarrer (Programs) : 1/66 ~ Hidden Files: Scanned in 00mn 12s ---\ Processus lancés [MD5.2197DED64442B4B342971598208A7D1A] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\WINDOWS\system32 askhostex.exe [66624] [PID.4016] [MD5.C640F23B2E64585D33ADC99C6591C924] - (.Microsoft Corporation - Clavier tactile et volet d'écriture manuscr.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [292824] [PID.5308] [MD5.6CCFD72201C5840CB6244604A7EBCF2D] - (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe [390144] [PID.5820] [MD5.7F29C4ABC8153E07024148EA9E8EB710] - (.Microsoft - AudioSetterServer.) -- C:\Program Files\Thoro Software\Audio Setter Server\AudioSetterServer.exe [264192] [PID.6072] [MD5.1412E262BE0C7C3E9499DD5766FD71C7] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office15\MsoSync.exe [448704] [PID.5372] [MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.5588] [MD5.3EBF452B807F412EC0F19141ADA060E5] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [811696] [PID.316] [MD5.E936FA1DF62070DCE5F08A7E68F68094] - (.Eyeo GmbH - Adblock Plus Engine.) -- C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe [4227336] [PID.2856] [MD5.4AEC4F771E0F7A2B0332907592BE0FEE] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [870392] [PID.348] [MD5.8998A4837A47F16F27000C0A61EFC90D] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29920] [PID.4256] [MD5.77453B17EB0D6A4AB366200C3193CBD6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.7.) -- C:\WINDOWS\system32 vvsvc.exe [634808] [PID.832] [MD5.50CA14EBEBF27C81EBF342BCE5A6CE6C] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display vxdsync.exe [865208] [PID.884] [MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1724] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1824] [MD5.B6412CCB17B27C9491A676D588E9E34E] - (.Microsoft Corporation - Device Association Framework Provider Host.) -- C:\WINDOWS\system32\dashost.exe [64000] [PID.1872] [MD5.B78436CA173FF723A1EACE5CD4900375] - (.SEIKO EPSON CORPORATION - Epson Customer Participation.) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600] [PID.1892] [MD5.4865B463A5E23C54BAE869962E19A1A7] - (.Splashtop Inc. - Splashtop® Streamer Service.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [790880] [PID.356] [MD5.504C33FE3B4E2AF11FE5875DDCA8EBEA] - (.Splashtop Inc. - Splashtop Software Updater Service.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056] [PID.624] =>Adware.IncrediBar [MD5.A472FD6FC27C458D1DC19B8973554354] - (.Splashtop Inc. - Splashtop® Streamer.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe [3918176] [PID.3896] [MD5.DBC897D9AD5D3E0CD93C357DA1E4AA41] - (.Splashtop Inc. - Splashtop® Streamer Feature.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe [7177056] [PID.4992] [MD5.0577914E806EF61FAD24BDC82A890C47] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1259448] [PID.5324] [MD5.37EA57301CE18BEAB54417989450D9E1] - (.Microsoft Corporation - Programme d'installation pour les modules W.) -- C:\WINDOWS\servicing\TrustedInstaller.exe [89088] [PID.1088] [MD5.A2AE976FF78F7E7C3B25D3FB8EF9B2AC] - (.Microsoft Corporation - Windows Modules Installer Worker.) -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_9e321813e2be5a14\TiWorker.exe [189440] [PID.732] ~ Processes Running: Scanned in 00mn 02s ---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@tongbu.com/tongbu,version=0.1] - (.?????? - ipa block for Chrome.) -- C:\Program Files\Tongbu\Addin pTongbuAddin.dll ~ Firefox Browser: 15 Legitimates Filtered in 00mn 01s ---\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca ~ IE Browser: 9 Legitimates Filtered in 00mn 00s ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\ Browser Helper Objects de navigateur (O2) O2 - BHO: Í¬²½Ò»¼ü°²×°Ö§³Ö - {F72C8153-7140-4FEE-8F69-CA4579D71195} . (.?????? - ??????????.) -- C:\Program Files\Tongbu\Addin bIEAddin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} . (.SpeedBit Ltd. - Download Accelerator Plus (DAP) MSIE Loader.) -- C:\Program Files\DAP\dapieloader.dll O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} . (.Adblock Plus - Adblock Plus Module.) -- C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll ~ BHO: 24 Legitimates Filtered in 00mn 00s ---\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKCU\..\Run: [ishutdown2] . (.Pas de propriétaire - ilauncher.) -- C:\Program Files\ishutdown\iShutdown\ilauncher.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] Clé orpheline O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] Clé orpheline O4 - HKUS\S-1-5-21-4152902473-1497224444-1697345771-1001\..\Run: [ishutdown2] . (.Pas de propriétaire - ilauncher.) -- C:\Program Files\ishutdown\iShutdown\ilauncher.exe O4 - HKUS\S-1-5-21-4152902473-1497224444-1697345771-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Cliquer pour appeler Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{25AC6AF5-130C-46A3-89FD-829719C083B1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{25AC6AF5-130C-46A3-89FD-829719C083B1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 ~ Domain: Scanned in 00mn 00s ---\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - ,C:\Program Files\Amazon\AMAZON~1\AMAZON~1.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service KMSELDI (Service KMSELDI) . (.Pas de propriétaire - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico O23 - Service: xmkysecqun32 (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe (.not file.) =>PUP.AdPeak ~ Services: 8 Legitimates Filtered in 00mn 04s ---\ Tâches planifiées en automatique (O39) [MD5.0F94B4386D8D5E2FD028954684A6464E] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe [571904] =>PUP.KMSpico [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-codedownloader] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-codedownloader.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-enabler] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-enabler.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-updater] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-updater.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-chromeinstaller] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-chromeinstaller.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-codedownloader] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-codedownloader.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-enabler] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-enabler.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-firefoxinstaller] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-updater] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-updater.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [{03D84E01-501E-4F5E-AAB6-F3ADC20F9B65}] (...) -- C:\Users\Mon-iNFO\Desktop\Nouveau dossier\spad-setup.exe (.not file.) [0] O39 - APT: FTdownloader V6.0-codedownloader - (...) -- C:\Windows\Tasks\FTdownloader V6.0-codedownloader.job [1236] =>Adware.Downware O39 - APT: FTdownloader V6.0-codedownloader - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-codedownloader [1236] =>Adware.Downware O39 - APT: FTdownloader V6.0-enabler - (...) -- C:\Windows\Tasks\FTdownloader V6.0-enabler.job [1146] =>Adware.Downware O39 - APT: FTdownloader V6.0-enabler - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-enabler [1146] =>Adware.Downware O39 - APT: FTdownloader V6.0-updater - (...) -- C:\Windows\Tasks\FTdownloader V6.0-updater.job [1344] =>Adware.Downware O39 - APT: FTdownloader V6.0-updater - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-updater [1344] =>Adware.Downware O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1074] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1078] O39 - APT: Torntv V6.0-chromeinstaller - (...) -- C:\Windows\Tasks\Torntv V6.0-chromeinstaller.job [2170] =>Hijacker.TornTV O39 - APT: Torntv V6.0-chromeinstaller - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-chromeinstaller [2170] =>Hijacker.TornTV O39 - APT: Torntv V6.0-codedownloader - (...) -- C:\Windows\Tasks\Torntv V6.0-codedownloader.job [1466] =>Hijacker.TornTV O39 - APT: Torntv V6.0-codedownloader - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-codedownloader [1466] =>Hijacker.TornTV O39 - APT: Torntv V6.0-enabler - (...) -- C:\Windows\Tasks\Torntv V6.0-enabler.job [1354] =>Hijacker.TornTV O39 - APT: Torntv V6.0-enabler - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-enabler [1354] =>Hijacker.TornTV O39 - APT: Torntv V6.0-firefoxinstaller - (...) -- C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job [2426] =>Hijacker.TornTV O39 - APT: Torntv V6.0-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-firefoxinstaller [2426] =>Hijacker.TornTV O39 - APT: Torntv V6.0-updater - (...) -- C:\Windows\Tasks\Torntv V6.0-updater.job [1526] =>Hijacker.TornTV O39 - APT: Torntv V6.0-updater - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-updater [1526] =>Hijacker.TornTV ~ Scheduled Task: 64 Legitimates Filtered in 00mn 08s ---\ Pilotes lancés au démarrage du système (O41) O41 - Driver: oem5.inf (Eve) . (...) - C:\Windows\system32\DRIVERS\eve.sys O41 - Driver: (MpKslcb6712f0) . (. - .) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{81B0EA90-FBCF-499F-BD42-29CBD68FEBC7}\MpKslcb6712f0.sys (.not file.) ~ Drivers: 36 Legitimates Filtered in 00mn 00s ---\ Logiciels installés (O42) O42 - Logiciel: Audio Setter Server - (.Thoro Software.) [HKLM] -- {576B8458-7827-4305-B774-6C3531AD8A38} O42 - Logiciel: Bonjour Browser - (...) [HKLM] -- Bonjour Browser_is1 O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM] -- Download Accelerator Plus (DAP) O42 - Logiciel: KMSpico v9.0.3.20131029 (Beta) - (...) [HKLM] -- KMSpico_is1 =>PUP.KMSpico O42 - Logiciel: PPÖúÊÖ PC°æ 1.0.5.0 - (.¹ãÖÝÌúÈËÍøÂç¿Æ¼¼ÓÐÏÞ¹«Ë¾.) [HKLM] -- PPÖúÊÖ PC°æ O42 - Logiciel: Remote Helper - (.Remote HD.) [HKLM] -- {C14ACB14-1995-493E-8543-E560071197AB} O42 - Logiciel: Savevid - (.Bandoo Media Inc.) [HKCU] -- Savevid =>Adware.Bandoo O42 - Logiciel: Tongbu Assistant 2.1.3.0 - (.Xiamen Tongbu Network Ltd..) [HKLM] -- Tongbu2 ~ Logic: 19 Legitimates Filtered in 00mn 00s ---\ HKCU & HKLM Software Keys [HKCU\Software\Remote HD] [HKCU\Software\SpeedBit] [HKCU\Software\Teiron] [HKCU\Software\WSVCUPlugin] [HKLM\Software\SpeedBit] ~ Key Software: 244 Legitimates Filtered in 00mn 00s ---\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 21/02/2014 - 22:02:30 - [] ----D C:\Program Files\ishutdown O43 - CFD: 21/03/2014 - 15:27:44 - [] ----D C:\Program Files\Jumi O43 - CFD: 11/04/2014 - 22:02:07 - [] ----D C:\Program Files\KMSpico =>PUP.KMSpico O43 - CFD: 21/02/2014 - 16:17:09 - [] ----D C:\Program Files\PPÖúÊÖ O43 - CFD: 13/02/2014 - 21:18:04 - [] ----D C:\Program Files\Remote HD O43 - CFD: 26/04/2014 - 14:09:24 - [] ----D C:\Program Files\Savevid =>Adware.Bandoo O43 - CFD: 21/03/2014 - 19:33:32 - [] ----D C:\Program Files\Tongbu O43 - CFD: 30/10/2013 - 11:41:47 - [] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity O43 - CFD: 31/10/2013 - 08:04:34 - [] ----D C:\ProgramData\SpeedBit O43 - CFD: 28/04/2014 - 20:38:46 - [0] ----D C:\ProgramData\xml_param O43 - CFD: 28/12/2013 - 17:47:35 - [] ----D C:\Users\mon-pc\AppData\Roaming\Mark Bridges O43 - CFD: 16/03/2014 - 14:15:14 - [] ----D C:\Users\mon-pc\AppData\Roaming\RemoteHelper O43 - CFD: 03/11/2013 - 16:00:06 - [0] ----D C:\Users\mon-pc\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} O43 - CFD: 03/03/2014 - 21:18:18 - [] ----D C:\Users\mon-pc\AppData\Local\iSpirit O43 - CFD: 18/01/2014 - 22:33:14 - [] ----D C:\Users\mon-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jumi ~ 105 Dossier CLSID vide (CLSID Empty Folder) ~ Program Folder: 289 Legitimates Filtered in 00mn 04s ---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 29/04/2014 - 13:06:15 ---A- . (...) -- C:\Recovery.txt [0] O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 30/04/2014 - 16:51:08 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576] ~ Files: 30 Legitimates Filtered in 00mn 06s ---\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.9D5C0EF27FB9886AA8BD646E9AF88832] - 28/04/2014 - 06:35:02 ---A- - C:\Windows\Prefetch\SAVEVIDPLUGINCORE.EXE-650896FA.pf =>Adware.Bandoo O45 - LFCP:[MD5.03206D6422FFFBC4828B98149609848A] - 29/04/2014 - 17:54:56 ---A- - C:\Windows\Prefetch\SAVEVIDPLUGINCORE.EXE-9D97A53F.pf =>Adware.Bandoo O45 - LFCP:[MD5.6CC1A2DD2410393E0584A9C663DB1485] - 26/04/2014 - 13:08:56 ---A- - C:\Windows\Prefetch\SAVEVIDSETUP-R0-N-BU.EXE-3AA560C1.pf =>Adware.Bandoo O45 - LFCP:[MD5.3A4AF4865AB4628D18FFBFF75B63B213] - 29/04/2014 - 16:40:13 ---A- - C:\Windows\Prefetch\SAVEVIDWSSERVER.EXE-1C543837.pf =>Adware.Bandoo O45 - LFCP:[MD5.A6BD71405B1FD9A4966C1615304C6378] - 29/04/2014 - 17:54:56 ---A- - C:\Windows\Prefetch\SAVEVIDWSSERVER.EXE-DC4EE2CC.pf =>Adware.Bandoo ~ Prefetcher: 5 Legitimates Filtered in 00mn 00s ---\ Déni du service (Local Security Authority) (O48) ~ LSA: 3 Legitimates Filtered in 00mn 00s ---\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "SafeModeBlockNonAdmins"=1 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\ Liste des pilotes du système (SDL) (O58) O58 - SDL:12/08/2013 - 18:25:32 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [16088] O58 - SDL:28/03/2013 - 19:50:04 ---A- . (...) -- C:\Windows\System32\Drivers\eve.sys [33624] O58 - SDL:03/06/2010 - 10:07:18 ---A- . (.Windows (R) Win 7 DDK provider - Jumi Virtual Hid Device.) -- C:\Windows\System32\Drivers\jumi.sys [13112] O58 - SDL:22/08/2013 - 00:32:57 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26976] O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056] O58 - SDL:17/08/2013 - 14:47:28 ---A- . (.Windows (R) Win 7 DDK provider - VB Virtual Audio Device.) -- C:\Windows\System32\Drivers\vbaudio_cable_win7.sys [32128] ~ Drivers: 48 Legitimates Filtered in 00mn 04s ---\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 23/04/2014 - 18:12:26 ---A- . (...) -- C:\Users\mon-pc\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll [120648] O61 - LFC: 24/04/2014 - 18:13:20 ---A- . (.Bandoo Media Inc.) -- C:\Users\mon-pc\Desktop\Downloads\SavevidSetup-r0-n-bu.exe [1970680] =>Adware.Bandoo O61 - LFC: 26/04/2014 - 18:12:33 ---A- . (...) -- C:\Users\mon-pc\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10237.bin [217776] O61 - LFC: 26/04/2014 - 18:13:05 ---A- . (.Bandoo Media Inc.) -- C:\Users\mon-pc\Desktop\Downloads\jZipSetup-r113-n-bi.exe [1449696] =>Adware.Bandoo O61 - LFC: 29/04/2014 - 18:12:53 ---A- . (...) -- C:\Users\mon-pc\Desktop\Downloads\cpu-z_1.69-setup-en.exe [1496480] O61 - LFC: 29/04/2014 - 18:12:53 ---A- . (.Copyright © 2010 eSupport.com. All Rights R.) -- C:\Users\mon-pc\Desktop\Downloads\biosagentplus_1218.exe [633360] O61 - LFC: 29/04/2014 - 18:13:08 ---A- . (...) -- C:\Users\mon-pc\Desktop\Downloads\launcher32.dll [19456] O61 - LFC: 30/04/2014 - 18:12:32 ---A- . (.SQLite Development Team.) -- C:\Users\mon-pc\AppData\Local\Microsoft\Windows\INetCache\IE\037XRR4D\SQLite3_300700200[1].dll [536576] O61 - LFC: 30/04/2014 - 18:12:52 ---A- . (...) -- C:\Users\mon-pc\Desktop\Downloads\adwcleaner.exe [1310621] ~ 25 Fichiers temporaires (Temporary files) ~ 1 Fichiers cookies (Cookies files) ~ Files: 14 Legitimates Filtered in 01mn 15s ---\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {F38FA138-F44A-4624-8A90-5990653279E2} [DefaultScope] - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{DD44B8C4-7F5E-418E-8103-EF6523AB2A5F}C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe =>P2P.BitTorrent O87 - FAEL: "UDP Query User{E8BC2780-E9CC-4D5D-BB38-D7809C20E903}C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\mon-pc\appdata oaming\utorrent\updates\3.3.2_30303.exe =>P2P.BitTorrent O87 - FAEL: "{A8E4B9B5-C9F1-4517-9F41-9E2C9D90D611}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{9F4B6730-47B0-4539-A891-58FA3C05CDBF}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{2D7BC572-E338-4D3B-9B36-9F3B3C5A5C1D}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{9B7D2B07-44C0-49C5-AC5A-1175CC8514AA}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\mon-pc\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Firewall: 6 Legitimates Filtered in 00mn 01s ---\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google ~ BTK: 49 Legitimates Filtered in 00mn 00s ---\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{25EB66FC-03A7-40AA-A073-EAAF723CDD90}] (SavevidComponent Class) =>Adware.Bandoo ~ BCK: 6501 Legitimates Filtered in 00mn 09s ---\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 09/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 09/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 21/02/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Disabled 01/04/2014 2117960 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SS - | Disabled 18/05/2010 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe SS - | Disabled 05/02/2014 796152 | (SavevidService) . (...) - C:\Program Files\Savevid\SavevidService.exe =>Adware.Bandoo SS - | Auto 29/10/2013 571392 | (Service KMSELDI) . (...) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico SS - | Auto 10/07/1658 0 | (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 09/06/2011 521600 | (EpsonCustomerParticipation) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe SR - | Auto 03/01/2013 634808 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32 vvsvc.exe SR - | Auto 03/01/2013 1259448 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 24/03/2014 790880 | (SplashtopRemoteService) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe SR - | Auto 08/10/2013 609056 | (SSUService) . (.Splashtop Inc..) - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe SR - | Auto 30/10/2013 22224 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe SR - | Demand 22/08/2013 31552 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 12s ---\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 00mn 02s ---\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Mon-iNFO at 30/04/2014 18:15:04 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\ Scan Additionnel (O88) Database Version : 13045 - (28/04/2014) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 4 Fichiers trouvés (Files found) : 19 [HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI] =>PUP.KMSpico^ [HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun32] =>PUP.AdPeak^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1] =>PUP.KMSpico^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savevid] =>Adware.Bandoo^ [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask C:\Program Files\KMSpico =>PUP.KMSpico^ C:\Program Files\Savevid =>Adware.Bandoo^ C:\ProgramData\eSafe =>PUP.eSafeSecurity^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUP.KMSpico C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe =>Adware.IncrediBar^ C:\Program Files\KMSpico\AutoPico.exe =>PUP.KMSpico^ C:\Windows\Tasks\FTdownloader V6.0-codedownloader.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-codedownloader =>Adware.Downware^ C:\Windows\Tasks\FTdownloader V6.0-enabler.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-enabler =>Adware.Downware^ C:\Windows\Tasks\FTdownloader V6.0-updater.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-updater =>Adware.Downware^ C:\Windows\Tasks\Torntv V6.0-chromeinstaller.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-chromeinstaller =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-codedownloader.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-codedownloader =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-enabler.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-enabler =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-firefoxinstaller =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-updater.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-updater =>Hijacker.TornTV^ [HKCR\CLSID\{25EB66FC-03A7-40AA-A073-EAAF723CDD90}] (SavevidComponent Class) =>Adware.Bandoo^ ~ Additionnel Scan: 291774 Items scanned in 00mn 56s ---\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.IncrediBar http://nicolascoolman.webs.com/apps/blog/show/29633319-pup-kmspico =>PUP.KMSpico http://nicolascoolman.webs.com/apps/blog/show/42126939-pup-adpeak =>PUP.AdPeak http://nicolascoolman.webs.com/apps/blog/show/26690384-adware-downware =>Adware.Downware http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv =>Hijacker.TornTV http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ MSI: 8 link(s) detected in 00mn 00s ~ 826 Legitimates filtered by white list End of the scan (536 lines in 04mn 45s)(0)

bendrop · Answer

tu vas lancer zhpfix et tu vas importé ce script en gras: Script ZHPFix ShortcutFix [MD5.504C33FE3B4E2AF11FE5875DDCA8EBEA] - (.Splashtop Inc. - Splashtop Software Updater Service.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056] [PID.624] =>Adware.IncrediBar O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] Clé orpheline O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] Clé orpheline O20 - AppInit_DLLs: . (...) - ,C:\Program Files\Amazon\AMAZON~1\AMAZON~1.dll (.not file.) O23 - Service: Service KMSELDI (Service KMSELDI) . (.Pas de propriétaire - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico O23 - Service: xmkysecqun32 (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe (.not file.) =>PUP.AdPeak [MD5.0F94B4386D8D5E2FD028954684A6464E] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe [571904] =>PUP.KMSpico [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-codedownloader] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-codedownloader.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-enabler] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-enabler.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [FTdownloader V6.0-updater] (...) -- C:\Program Files\FTdownloader V6.0\FTdownloader V6.0-updater.exe (.not file.) [0] =>Adware.Downware [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-chromeinstaller] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-chromeinstaller.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-codedownloader] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-codedownloader.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-enabler] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-enabler.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-firefoxinstaller] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [Torntv V6.0-updater] (...) -- C:\Program Files\Torntv V6.0\Torntv V6.0-updater.exe (.not file.) [0] =>Hijacker.TornTV [MD5.00000000000000000000000000000000] [APT] [{03D84E01-501E-4F5E-AAB6-F3ADC20F9B65}] (...) -- C:\Users\Mon-iNFO\Desktop\Nouveau dossier\spad-setup.exe (.not file.) [0] O39 - APT: FTdownloader V6.0-codedownloader - (...) -- C:\Windows\Tasks\FTdownloader V6.0-codedownloader.job [1236] =>Adware.Downware O39 - APT: FTdownloader V6.0-codedownloader - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-codedownloader [1236] =>Adware.Downware O39 - APT: FTdownloader V6.0-enabler - (...) -- C:\Windows\Tasks\FTdownloader V6.0-enabler.job [1146] =>Adware.Downware O39 - APT: FTdownloader V6.0-enabler - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-enabler [1146] =>Adware.Downware O39 - APT: FTdownloader V6.0-updater - (...) -- C:\Windows\Tasks\FTdownloader V6.0-updater.job [1344] =>Adware.Downware O39 - APT: FTdownloader V6.0-updater - (...) -- C:\Windows\System32\Tasks\FTdownloader V6.0-updater [1344] =>Adware.Downware O39 - APT: Torntv V6.0-chromeinstaller - (...) -- C:\Windows\Tasks\Torntv V6.0-chromeinstaller.job [2170] =>Hijacker.TornTV O39 - APT: Torntv V6.0-chromeinstaller - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-chromeinstaller [2170] =>Hijacker.TornTV O39 - APT: Torntv V6.0-codedownloader - (...) -- C:\Windows\Tasks\Torntv V6.0-codedownloader.job [1466] =>Hijacker.TornTV O39 - APT: Torntv V6.0-codedownloader - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-codedownloader [1466] =>Hijacker.TornTV O39 - APT: Torntv V6.0-enabler - (...) -- C:\Windows\Tasks\Torntv V6.0-enabler.job [1354] =>Hijacker.TornTV O39 - APT: Torntv V6.0-enabler - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-enabler [1354] =>Hijacker.TornTV O39 - APT: Torntv V6.0-firefoxinstaller - (...) -- C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job [2426] =>Hijacker.TornTV O39 - APT: Torntv V6.0-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-firefoxinstaller [2426] =>Hijacker.TornTV O39 - APT: Torntv V6.0-updater - (...) -- C:\Windows\Tasks\Torntv V6.0-updater.job [1526] =>Hijacker.TornTV O39 - APT: Torntv V6.0-updater - (...) -- C:\Windows\System32\Tasks\Torntv V6.0-updater [1526] =>Hijacker.TornTV O41 - Driver: (MpKslcb6712f0) . (. - .) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{81B0EA90-FBCF-499F-BD42-29CBD68FEBC7}\MpKslcb6712f0.sys (.not file.) O42 - Logiciel: KMSpico v9.0.3.20131029 (Beta) - (...) [HKLM] -- KMSpico_is1 =>PUP.KMSpico O42 - Logiciel: Savevid - (.Bandoo Media Inc.) [HKCU] -- Savevid =>Adware.Bandoo O43 - CFD: 11/04/2014 - 22:02:07 - [] ----D C:\Program Files\KMSpico =>PUP.KMSpico O43 - CFD: 26/04/2014 - 14:09:24 - [] ----D C:\Program Files\Savevid =>Adware.Bandoo O43 - CFD: 30/10/2013 - 11:41:47 - [] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) [HKCR\CLSID\{25EB66FC-03A7-40AA-A073-EAAF723CDD90}] (SavevidComponent Class) =>Adware.Bandoo SS - | Disabled 05/02/2014 796152 | (SavevidService) . (...) - C:\Program Files\Savevid\SavevidService.exe =>Adware.Bandoo SS - | Auto 29/10/2013 571392 | (Service KMSELDI) . (...) - C:\Program Files\KMSpico\Service_KMS.exe =>PUP.KMSpico SS - | Auto 10/07/1658 0 | (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak [HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI] =>PUP.KMSpico^ [HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun32] =>PUP.AdPeak^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1] =>PUP.KMSpico^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savevid] =>Adware.Bandoo^ [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask C:\Program Files\KMSpico =>PUP.KMSpico^ C:\Program Files\Savevid =>Adware.Bandoo^ C:\ProgramData\eSafe =>PUP.eSafeSecurity^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUP.KMSpico C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe =>Adware.IncrediBar^ C:\Program Files\KMSpico\AutoPico.exe =>PUP.KMSpico^ C:\Windows\Tasks\FTdownloader V6.0-codedownloader.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-codedownloader =>Adware.Downware^ C:\Windows\Tasks\FTdownloader V6.0-enabler.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-enabler =>Adware.Downware^ C:\Windows\Tasks\FTdownloader V6.0-updater.job =>Adware.Downware^ C:\Windows\System32\Tasks\FTdownloader V6.0-updater =>Adware.Downware^ C:\Windows\Tasks\Torntv V6.0-chromeinstaller.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-chromeinstaller =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-codedownloader.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-codedownloader =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-enabler.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-enabler =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-firefoxinstaller =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-updater.job =>Hijacker.TornTV^ C:\Windows\System32\Tasks\Torntv V6.0-updater =>Hijacker.TornTV^ [HKCR\CLSID\{25EB66FC-03A7-40AA-A073-EAAF723CDD90}] (SavevidComponent Class) =>Adware.Bandoo^ EmptyFlash SysRestore FirewallRAZ EmptyTemp EmptyClsid Tu cliques sur GO pour nettoyer. un rapport ce créera, tu le postes. Ensuite tu refais zhpdiag en mode complet, et tu postes le rapport. cordialement.

desi_munda · Answer

voici le rapport de ZHPFix: 

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre : 
Run by Mon-iNFO at 30/04/2014 18:43:56
High Elevated Privileges : OK
Windows 8 Business Edition, 32-bit Service Pack 1 (9600)

Corbeille vidée (00mn 03s)
Réparation des raccourcis navigateur

========== Logiciels ==========
SUPPRIMÉ: KMSpico v9.0.3.20131029 (Beta)
ABSENT Uninstall Process: c:\program files\savevid\uninstall.exe

========== Processus mémoire ==========
SUPPRIMÉ: Memory Process: C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe

========== Clés du Registre ==========
SUPPRIMÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savevid]
SUPPRIMÉ: Service: xmkysecqun32
SUPPRIMÉ: HKCR\CLSID\{25EB66FC-03A7-40AA-A073-EAAF723CDD90}
SUPPRIMÉ: Service: SavevidService
SUPPRIMÉ: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

========== Valeurs du Registre ==========
SUPPRIMÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
SUPPRIMÉ RunValue: SpUninstallDeleteDir
Aucune Valeur Standard Profile: FirewallRaz : 
Aucune Valeur Domain Profile: FirewallRaz : 
SUPPRIMÉ: FirewallRaz (Domain) : {A9080F4C-BE69-49F6-87CD-FAE444526D27}
SUPPRIMÉ: FirewallRaz (Domain) : {AF4CD98F-A6B6-4B1C-8D65-661A94CE0BDE}
SUPPRIMÉ: FirewallRaz (Private) : {B0A31A3F-7CA9-4ACF-B0BF-0384508A9352}
SUPPRIMÉ: FirewallRaz (Private) : {CFB75995-D394-446B-9301-490C3D815AE3}

========== Eléments de donnée du Registre ==========
SUPPRIMÉ AppInit: :\Program Files\Amazon\AMAZON~1\AMAZON~1.dll

========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide

========== Fichiers ==========
SUPPRIMÉ:* c:\program files\splashtop\splashtop software updater\ssuservice.exe
SUPPRIMÉS Flash Cookies (0) (0 octets)
SUPPRIMÉS Temporaires Windows (25) (3 393 311 octets)

========== Tache planifiée ==========
SUPPRIMÉ: AutoPico Daily Restart
SUPPRIMÉ: FTdownloader V6.0-codedownloader
SUPPRIMÉ: FTdownloader V6.0-codedownloader
SUPPRIMÉ: FTdownloader V6.0-codedownloader
SUPPRIMÉ: FTdownloader V6.0-codedownloader
SUPPRIMÉ: FTdownloader V6.0-enabler
SUPPRIMÉ: FTdownloader V6.0-enabler
SUPPRIMÉ: FTdownloader V6.0-enabler
SUPPRIMÉ: FTdownloader V6.0-enabler
SUPPRIMÉ: FTdownloader V6.0-updater
SUPPRIMÉ: FTdownloader V6.0-updater
SUPPRIMÉ: FTdownloader V6.0-updater
SUPPRIMÉ: FTdownloader V6.0-updater
SUPPRIMÉ: Torntv V6.0-chromeinstaller
SUPPRIMÉ: Torntv V6.0-chromeinstaller
SUPPRIMÉ: Torntv V6.0-codedownloader
SUPPRIMÉ: Torntv V6.0-codedownloader
SUPPRIMÉ: Torntv V6.0-codedownloader
SUPPRIMÉ: Torntv V6.0-codedownloader
SUPPRIMÉ: Torntv V6.0-enabler
SUPPRIMÉ: Torntv V6.0-enabler
SUPPRIMÉ: Torntv V6.0-enabler
SUPPRIMÉ: Torntv V6.0-enabler
SUPPRIMÉ: Torntv V6.0-firefoxinstaller
SUPPRIMÉ: Torntv V6.0-firefoxinstaller
SUPPRIMÉ: Torntv V6.0-updater
SUPPRIMÉ: Torntv V6.0-updater
SUPPRIMÉ: {03D84E01-501E-4F5E-AAB6-F3ADC20F9B65}

========== Restauration Système ==========
Point de restauration du système créé avec succès


========== Récapitulatif ==========
1 : Processus mémoire
5 : Clés du Registre
8 : Valeurs du Registre
1 : Eléments de donnée du Registre
1 : Dossiers
3 : Fichiers
2 : Logiciels
28 : Tache planifiée
1 : Restauration Système


End of clean in 01mn 07s

========== Chemin de fichier rapport ==========
C:\Users\mon-pc\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/04/2014 18:43:59 [3414]

Utilisateur anonyme · Answer

salut bendrop 
je comprend pas pourquoi tu te casse le c.l a nettoyer ce pc ,c'est un windows illégal?

Comment supprimer l'icone clavier tactile enbas à droit??

23 réponses

Newsletters