Sujet Précédent Sujet Suivant

Webs searches

Fermé
seve1972 Messages postés 6 Date d'inscription jeudi 15 novembre 2007 Statut Membre Dernière intervention 21 avril 2014 - 21 avril 2014 à 17:18
ArnaudLy6 Messages postés 4412 Date d'inscription samedi 22 mai 2010 Statut Membre Dernière intervention 13 février 2016 - 21 avril 2014 à 17:51
Bonjour,
je voudrais supprimer websearches de mon pc !!!
merce de votre aide




A voir également:

2 réponses

Réponse 1 / 2
ArnaudLy6 Messages postés 4412 Date d'inscription samedi 22 mai 2010 Statut Membre Dernière intervention 13 février 2016 189
21 avril 2014 à 17:23
Salut,

Télécharge AdwCleaner : https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/#q=adwcleaner&cur=1&url=%2F
Ensuite suis ces étapes :

- Lance le logiciel
- Clique sur "Scanner"
- Une fois le scan terminé, clique sur "Nettoyer"
- Le logiciel va redémarrer ton ordinateur
- Une fois ta session ouverte, tu devrais avoir un rapport de nettoyage
- Colle ce rapport dans ton prochain message
0
Réponse 2 / 2
seve1972 Messages postés 6 Date d'inscription jeudi 15 novembre 2007 Statut Membre Dernière intervention 21 avril 2014
21 avril 2014 à 17:27
~ Rapport de ZHPDiag v2014.4.19.35 - Nicolas Coolman (19/04/2014)
~ Lancé par severine (21/04/2014 16:34:59)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Basic, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Windows Operating System - Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : P92J4
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système

---\\ Logiciels d'optimisation du système
CCleaner v4.12 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 ActiveX

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2037 MB (27% free)
System Restore: Activé (Enable)
System drive C: has 62 GB (61%) free of 102 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-SEVERINE
~ User Name: severine
~ All Users Names: severine, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\severine\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\severine\AppData\Roaming\
~ %Desktop% : C:\Users\severine\Desktop\
~ %Favorites% : C:\Users\severine\Favorites\
~ %LocalAppData% : C:\Users\severine\AppData\Local\
~ %StartMenu% : C:\Users\severine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 62 Go of 102 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/03/2014 - 00:02:07.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/9
~ Mes musiques (My Musics) : 1/60
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/5
~ Mon Bureau (My Desktop) : 1/191
~ Menu demarrer (Programs) : 1/3
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.143ECB242AF6ECE366AB477828E29D44] - (...) -- C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe [561320] [PID.1432]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3564]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.3724]
[MD5.B3E0C20A53D6A55590468B33AA9BC525] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712] [PID.3732]
[MD5.D4975555E91636FCF4809E51731F80D8] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [166424] [PID.3748]
[MD5.CD12A46AE81306C2F14B19A58E1058B0] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [133656] [PID.3756]
[MD5.6882D187F65ECA79110848A68FDEB2BF] - (.Pas de propriétaire - NTI Backup Now 5 Tray Module.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040] [PID.3796]
[MD5.2B76545CD2572B92E89AC62C076F4699] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [6111232] [PID.3856]
[MD5.EED2120454E74AA5C257947986B4D068] - (.Synaptics, Inc. - Synaptics Pointing Device starter.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400] [PID.3952]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3968]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3992]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.4028]
[MD5.182E32D1CB932FAF9E9076A55D0706AE] - (.Orange - MailNotifier.) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe [883800] [PID.928]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20584608] [PID.1788]
[MD5.8BEB7107A0CE4BB1C4F7294C377DF3E9] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [256536] [PID.852]
[MD5.6760120308750C0819C2F21F7F0385E7] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1021224] [PID.2580]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.1232]
[MD5.FA4D25CE388865F4CC71C73C4D2CE7B7] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_182_ActiveX.exe [844464] [PID.4308]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.4612] =>Toolbar.Google
[MD5.7116680C2C62709EE81BDDC69EF26B93] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757488] [PID.6780]
[MD5.BAD663957F682F95B22C4E83AB49CB52] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [308368] [PID.8152] =>Toolbar.Google
[MD5.1A5B4B58DBB626776920260704FD0116] - (.Adobe Systems Incorporated - Adobe Reader 8.0.) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe [345712] [PID.7100]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.7036]
[MD5.A1C1669580EF1D8F54D7EAFF527AB6A9] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8219648] [PID.9072]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1280]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1800]
[MD5.E91C669DB45EC0F1D18185A9B7006E44] - (.Cherished Technololgy LIMITED - IePlugin Service.) -- C:\ProgramData\IePluginService\PluginService.exe [705136] [PID.1904] =>Trojan.SProtector
[MD5.92281751677E78270C8AE46C951AD7F5] - (.Cherished Technololgy LIMITED - WPM Service.) -- C:\ProgramData\WPM\wprotectmanager.exe [566272] [PID.1936] =>PUP.WpManager
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.2200]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2220]
[MD5.09E6AFFAE6C0E9158BF05C7D08D0107A] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 Agent service..) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384] [PID.2372]
[MD5.6B1F9C8C3757622824705A32BF721E8A] - (.Pas de propriétaire - Acer Empowering Technology Framework Servic.) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576] [PID.2540]
[MD5.204A73A56751C68C6031E9D5D611EC98] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [354840] [PID.2668]
[MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2744]
[MD5.CB76F68BA0D57C5D25B538981B1C611C] - (.NewTech InfoSystems, Inc. - NTI Backup Now 5 BackupSvc Application.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [50424] [PID.2808]
[MD5.DF1C10A75DF7E50195FC417F88A33227] - (...) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072] [PID.2880]
[MD5.30C3DEFEE78AEFB92ECE5536F017F8E8] - (.Iminent - Iminent Protection.) -- C:\Program Files\Common Files\Umbrella\Umbrella282.exe [3052352] [PID.2980] =>Adware.IMBooster
[MD5.949A54971EF61E9D84B7C559B405A585] - (...) -- C:\Program Files\003\xmkysecqun32.exe [541696] [PID.3176] =>PUP.AdPeak
[MD5.066F2BBE2EEC9A42B065B552BF356B4E] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.300]
~ Processes Running: Scanned in 00mn 04s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\severine\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [gebbadcnkcgcfgpbmcdleckpejgopimf] cacaoweb v.1.19 (Désactivé) =>PUP.CacaoWeb
G2 - GCE: Preference [User Data\Default] [iagcajndpnfncplednpbnkahadegklfa] MySearchDial Nouvel onglet v.9.4.10 (Désactivé) =>Adware.MyWebSearch
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.2.3, (Désactivé) =>PUP.QuickStart

---\\ Liste des dossiers d'extension Google Chrome

~ Google Lines Browser: 17 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@tools.Software.com/Software Update;version=3] - (.The Software Group - Software Update.) -- C:\Program Files\Software\Update\1.3.25.0\npSoftwareUpdate3.dll =>Adware.Boxore
P2 - FPN: [HKLM] [@tools.Software.com/Software Update;version=9] - (.The Software Group - Software Update.) -- C:\Program Files\Software\Update\1.3.25.0\npSoftwareUpdate3.dll =>Adware.Boxore
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files\SupTab\SupTab.dll =>PUP.SupTab
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [severine]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [severine]: internet explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 36 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [BkupTray] . (.Pas de propriétaire - NTI Backup Now 5 Tray Module.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SynTPStart] . (.Synaptics, Inc. - Synaptics Pointing Device starter.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eRecoveryService] Clé orpheline
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BrowserSafeguard] C:\Program Files\Browsersafeguard\BrowserSafeguard.exe (.not file.) =>PUP.BrowserSafeguard
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [fst_fr_156] Clé orpheline =>PUP.FreeSoftToday
O4 - HKCU\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKCU\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Users\severine\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKCU\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\severine\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3621640602-560181732-2409184741-1000\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3621640602-560181732-2409184741-1000\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Users\severine\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-21-3621640602-560181732-2409184741-1000\..\Run: [Orange Installer] . (...) -- C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKUS\S-1-5-21-3621640602-560181732-2409184741-1000\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe
O4 - HKUS\S-1-5-21-3621640602-560181732-2409184741-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\severine\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3621640602-560181732-2409184741-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3621640602-560181732-2409184741-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CF3F085-4657-4510-A6C8-B4D1F637CBED}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E45DCC0E-272C-4E99-8DBF-4E04107413FA}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6CF3F085-4657-4510-A6C8-B4D1F637CBED}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E45DCC0E-272C-4E99-8DBF-4E04107413FA}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6CF3F085-4657-4510-A6C8-B4D1F637CBED}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{6CF3F085-4657-4510-A6C8-B4D1F637CBED}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
O23 - Service: Service Software Update (Software_update) (Software_update) . (.The Software Group - Software Update.) - C:\Program Files\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Program Files\Common Files\Umbrella\Umbrella282.exe =>Adware.IMBooster
O23 - Service: SpyHunter 4 Service (SpyHunter 4 Service) . (...) - C:\Program Files\ENIGMA~1\SPYHUN~1\SH4SER~1.exe (.not file.) =>Crapware.SpyHunter
O23 - Service: Update BrowseMark (Update BrowseMark) . (...) - C:\Program Files\BrowseMark\updateBrowseMark.exe (.not file.) =>PUP.BrowseMark
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
O23 - Service: xmkysecqun32 (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak
~ Services: 16 Legitimates Filtered in 00mn 10s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Advanced System Protector_startup] (...) -- C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe (.not file.) [0] =>PUP.AdvancedSystemProtector
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP3] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.95E0514907B680814073BB945DDB800B] [APT] [SoftwareUpdateTaskMachineCore] (.The Software Group.) -- C:\Program Files\Software\Update\SoftwareUpdate.exe [119408] =>Adware.Boxore
[MD5.95E0514907B680814073BB945DDB800B] [APT] [SoftwareUpdateTaskMachineUA] (.The Software Group.) -- C:\Program Files\Software\Update\SoftwareUpdate.exe [119408] =>Adware.Boxore
[MD5.00000000000000000000000000000000] [APT] [SpyHunter4Startup] (...) -- C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe (.not file.) [0] =>Crapware.SpyHunter
[MD5.87948212C71A773AEF4C68029BFAE924] [APT] [wp_update] (...) -- C:\Users\severine\AppData\Roaming\~agylnhz.exe [493272] =>PUP.WpManager
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [368] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [366] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [366] =>PUP.AnyProtect
O39 - APT: SoftwareUpdateTaskMachineCore - (.The Software Group.) -- C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [906] =>Adware.Boxore
O39 - APT: SoftwareUpdateTaskMachineUA - (.The Software Group.) -- C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [910] =>Adware.Boxore
~ Scheduled Task: 30 Legitimates Filtered in 00mn 07s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (DritekPortIO) . (. - .) - C:\Program Files\LAUNCH~1\DPortIO.sys (.not file.)
~ Drivers: 94 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\43960InstEnd]
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Genesis] =>PUP.Genesis
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\TutoTag] =>AgenceExclusive
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\Tutorials] =>AgenceExclusive
[HKLM\Software\Umbrella]
[HKLM\Software\Wpm] =>PUP.WpManager
[HKLM\Software\anset]
[HKLM\Software\free_soft_today] =>Adware.FreeSoftToday
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\supWPM] =>PUP.WpManager
[HKLM\Software\suprasavings] =>PUP.SupraSavings
~ Key Software: 132 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/04/2014 - 19:53:15 - [] ----D C:\Program Files\003 =>PUP.AdPeak
O43 - CFD: 20/04/2014 - 19:41:28 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 20/04/2014 - 19:44:34 - [] ----D C:\Program Files\Common Files\Umbrella
O43 - CFD: 20/04/2014 - 19:41:46 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 20/04/2014 - 19:40:43 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 20/04/2014 - 19:41:23 - [] ----D C:\Users\severine\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 20/04/2014 - 19:38:32 - [] ----D C:\Users\severine\AppData\Roaming\webssearches =>Hijacker.WebsSearches
O43 - CFD: 21/04/2014 - 14:33:00 - [] ----D C:\Users\severine\AppData\Roaming\wp_update =>PUP.WpManager
O43 - CFD: 20/04/2014 - 20:04:05 - [0] ----D C:\Users\severine\AppData\Local\Genesis =>PUP.Genesis
~ Program Folder: 139 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7AE803704F5E4E6E027821D9F4901AFA] - 20/04/2014 - 11:55:36 ---A- . (...) -- C:\Windows\wininit.ini [817]
O44 - LFC:[MD5.168D01D52DA18DBA89743056DA33E2A1] - 20/04/2014 - 18:44:22 ---A- . (.System Speedup - System Speedup.) -- C:\Windows\System32\roboot.exe [17496] =>PUP.SystemSpeedup
O44 - LFC:[MD5.CEAF98D916D2B75B8704BEE7680EE0B5] - 21/04/2014 - 13:30:58 ---A- . (...) -- C:\Windows\System32\agent.log [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/04/2014 - 13:31:09 ---A- . (...) -- C:\Windows\System32\LogConfigTemp.xml [0]
~ Files: 49 Legitimates Filtered in 00mn 32s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.1A3DE8CA658C18807ED943D8D6CBA1AC] - 10/04/2014 - 11:19:13 ---A- - C:\Windows\Prefetch\CACAOWEB.EXE-332BF7FC.pf =>PUP.CacaoWeb
O45 - LFCP:[MD5.4B783E3ECF4AA1257D09073277F96C43] - 20/04/2014 - 22:48:02 ---A- - C:\Windows\Prefetch\BACKUPSVC.EXE-6CF5CF30.pf
O45 - LFCP:[MD5.39130CE53CEF60BB4104BAA45395450F] - 20/04/2014 - 22:48:02 ---A- - C:\Windows\Prefetch\SCHEDULERSVC.EXE-F3CF4F15.pf
O45 - LFCP:[MD5.BEE974DFACF603D7ACB2CF84A3E9629C] - 21/04/2014 - 12:12:48 ---A- - C:\Windows\Prefetch\HIDCHK.EXE-0E572CF7.pf
O45 - LFCP:[MD5.4F53E00A933CE023AE4C66B34BF0786A] - 21/04/2014 - 12:40:53 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-920BBA2A.pf
O45 - LFCP:[MD5.EE53A332FA2253031965E7D0F48B227C] - 21/04/2014 - 14:17:38 ---A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf
~ Prefetcher: 6 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{b470a525-76d4-11e3-948e-001eec4e3bec}\AutoRun\command. (...) -- E:\Shelexec.exe (.not file.)
O51 - MPSK:{b79ad460-7d22-11e3-a4c3-001eec4e3bec}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.84B4C00AE8CDFC52CF68F322D821F34C] - 07/04/2014 - 12:15:27 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.680448905E27BBC6587ADB28597640D6] - 07/04/2014 - 12:15:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.01CE484FF6D70A39479BC6D619DE7ED6] - 22/06/2012 - 10:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [19984]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:32:45 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:32:49 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 13/12/2012 - 14:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 07s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 18/04/2014 - 16:36:40 ---A- . (...) -- C:\Users\severine\AppData\Local\d3d9caps.dat [680]
O61 - LFC: 20/04/2014 - 16:36:40 ---A- . (...) -- C:\Users\severine\AppData\Local\d3d8caps.dat [552]
O61 - LFC: 20/04/2014 - 16:36:44 ---A- . (...) -- C:\Users\severine\AppData\Local\Systweak\Advanced System Protector\ScanEngineErrorLog.txt [180318] =>PUP.AdvancedSystemProtector
O61 - LFC: 20/04/2014 - 16:38:00 ---A- . (...) -- C:\Users\severine\AppData\Roaming\aps.scan.quick.results [1194]
O61 - LFC: 20/04/2014 - 16:38:00 ---A- . (...) -- C:\Users\severine\AppData\Roaming\aps.scan.results [0]
O61 - LFC: 20/04/2014 - 16:38:00 ---A- . (...) -- C:\Users\severine\AppData\Roaming\aps.uninstall.scan.results [314]
O61 - LFC: 20/04/2014 - 16:38:02 ---A- . (...) -- C:\Users\severine\AppData\Roaming\systweak\Advanced System Protector\2.1.1000.12580\ASPLog.txt [11467] =>PUP.AdvancedSystemProtector
O61 - LFC: 20/04/2014 - 16:38:02 ---A- . (...) -- C:\Users\severine\AppData\Roaming\systweak\Advanced System Protector\Logs\log_20-04-14_09-16-55.xml [15369] =>PUP.AdvancedSystemProtector
O61 - LFC: 20/04/2014 - 16:38:02 ---A- . (...) -- C:\Users\severine\AppData\Roaming\systweak\Advanced System Protector\Logs\log_20-04-14_09-17-12.xml [91] =>PUP.AdvancedSystemProtector
O61 - LFC: 20/04/2014 - 16:38:02 ---A- . (...) -- C:\Users\severine\AppData\Roaming\systweak\Advanced System Protector\Settings.db [0] =>PUP.AdvancedSystemProtector
O61 - LFC: 21/04/2014 - 16:36:41 ---A- . (...) -- C:\Users\severine\AppData\Local\GDIPFONTCACHEV1.DAT [72224]
O61 - LFC: 21/04/2014 - 16:36:41 ---A- . (...) -- C:\Users\severine\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [305646]
O61 - LFC: 21/04/2014 - 16:36:42 ---A- . (...) -- C:\Users\severine\AppData\Local\Google\Chrome\User Data\Local State [69949]
O61 - LFC: 21/04/2014 - 16:36:42 ---A- . (...) -- C:\Users\severine\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\CdmAdapterVersion [13]
O61 - LFC: 21/04/2014 - 16:36:42 ---A- . (...) -- C:\Users\severine\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\CdmAdapterVersion [13]
O61 - LFC: 21/04/2014 - 16:36:42 ---A- . (...) -- C:\Users\severine\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\manifest.fingerprint [66]
O61 - LFC: 21/04/2014 - 16:36:43 ---A- . (...) -- C:\Users\severine\AppData\Local\Google\Toolbar Bookmarks\lemistreseve@gmail.com_bookmarks [23879]
O61 - LFC: 21/04/2014 - 16:36:43 ---A- . (...) -- C:\Users\severine\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_element.js.content [2385]
O61 - LFC: 21/04/2014 - 16:36:43 ---A- . (...) -- C:\Users\severine\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_languages.json.content [2033]
O61 - LFC: 21/04/2014 - 16:36:44 ---A- . (...) -- C:\Users\severine\AppData\Local\speedial.crx [358193]
O61 - LFC: 21/04/2014 - 16:38:00 ---A- . (...) -- C:\Users\severine\AppData\Roaming\Google\Local Search History\google%2Eweb.w [60]
O61 - LFC: 21/04/2014 - 16:38:02 ---A- . (...) -- C:\Users\severine\AppData\Roaming\wp_update\currentVersion.txt [1] =>PUP.WpManager
O61 - LFC: 21/04/2014 - 16:38:02 ---A- . (...) -- C:\Users\severine\Documents\bookmark.htm [3713]
O61 - LFC: 21/04/2014 - 16:38:02 ---A- . (...) -- C:\Users\severine\Downloads\facture_33637518379_20140407.pdf [136933]
~ 1 Fichiers cookies (Cookies files)
~ Files: 46 Legitimates Filtered in 01mn 23s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 9361567579BC4119B76E3F7DA85FE0A7 [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.87948212C71A773AEF4C68029BFAE924] [SPRF][05/01/2014] (.Pas de propriétaire - wp_update scheduler.) -- C:\Users\severine\AppData\Roaming\~agylnhz.exe [493272] =>PUP.WpManager
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{C56CE983-E442-499A-B362-D1AC51FF7B65}C:\users\severine\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\severine\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "UDP Query User{A9C1905D-8576-44BC-B502-204FF13C82D8}C:\users\severine\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\severine\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "{F0F6E2EF-B221-49E9-8170-18C97672FE29}" |In - None - P17 - TRUE | .(...) -- C:\Users\severine\AppData\Local\TNT2\2.0.0.1702\TNT2User.exe (.not file.)
O87 - FAEL: "{2737F912-CADD-41DE-B68F-04C0F98EA4F4}" |In - None - P6 - TRUE | .(...) -- C:\Users\severine\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O87 - FAEL: "{601FC333-A51A-4EF0-A22A-B809ECB3BD31}" |In - None - P17 - TRUE | .(...) -- C:\Users\severine\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
~ Firewall: 220 Legitimates Filtered in 00mn 02s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 5244 Legitimates Filtered in 00mn 10s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 21/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/04/2014 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 20/04/2014 119408 | (Software_update) . (.The Software Group.) - C:\Program Files\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 20/04/2014 119408 | (Software_update_m) . (.The Software Group.) - C:\Program Files\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Auto 10/07/1658 0 | (SpyHunter 4 Service) . (...) - C:\Program Files\ENIGMA~1\SPYHUN~1\SH4SER~1.exe =>Crapware.SpyHunter
SS - | Auto 10/07/1658 0 | (Update BrowseMark) . (...) - C:\Program Files\BrowseMark\updateBrowseMark.exe =>PUP.BrowseMark

SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 10/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 03/03/2008 16384 | (BUNAgentSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
SR - | Auto 03/04/2008 24576 | (ETService) . (...) - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
SR - | Auto 12/07/2007 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
SR - | Auto 11/04/2014 705136 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
SR - | Demand 02/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 06/04/2008 50424 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
SR - | Auto 04/04/2008 131072 | (NTISchedulerSvc) . (...) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
SR - | Auto 11/04/2014 3052352 | (SProtection) . (.Iminent.) - C:\Program Files\Common Files\Umbrella\Umbrella282.exe =>Adware.IMBooster
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 20/04/2014 566272 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 20/04/2014 541696 | (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak

~ Services: Scanned in 00mn 12s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by severine at 21/04/2014 16:39:06

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (19/04/2014)
Clés trouvées (Keys found) : 27
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 14
Fichiers trouvés (Files found) : 36

[HKLM\Software\Google\Chrome\Extensions\gebbadcnkcgcfgpbmcdleckpejgopimf] =>PUP.CacaoWeb^
[HKLM\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa] =>Adware.MyWebSearch^
[HKLM\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\Software_update) (Software_update] =>Adware.Boxore^
[HKLM\SYSTEM\CurrentControlSet\Services\SProtection] =>Adware.IMBooster^
[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =>Crapware.SpyHunter^
[HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseMark] =>PUP.BrowseMark^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^
[HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun32] =>PUP.AdPeak^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup] =>PUP.AdvancedSystemProtector^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wp_update] =>PUP.WpManager^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch
[HKLM\Software\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\mysearchdial] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BrowserSafeguard =>PUP.BrowserSafeguard^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Users\severine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbadcnkcgcfgpbmcdleckpejgopimf =>PUP.CacaoWeb^
C:\Users\severine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa =>Adware.MyWebSearch^
C:\Users\severine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
C:\Program Files\003 =>PUP.AdPeak^
C:\Program Files\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\severine\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\severine\AppData\Roaming\webssearches =>Hijacker.WebsSearches^
C:\Users\severine\AppData\Roaming\wp_update =>PUP.WpManager^
C:\Users\severine\AppData\Local\Genesis =>PUP.Genesis^
C:\Program Files\Software =>Adware.Boxore
C:\Program Files\Common Files\Umbrella =>Adware.IMBooster
C:\Users\severine\AppData\Local\Software =>Adware.Boxore
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe =>Toolbar.Google^
C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector^
C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager^
C:\Program Files\Common Files\Umbrella\Umbrella282.exe =>Adware.IMBooster^
C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak^
C:\Program Files\Software\Update\SoftwareUpdate.exe =>Adware.Boxore^
C:\Users\severine\AppData\Roaming\~agylnhz.exe =>PUP.WpManager^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^
C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job =>Adware.Boxore^
C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job =>Adware.Boxore^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\Genesis] =>PUP.Genesis^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\Wpm] =>PUP.WpManager^
[HKLM\Software\free_soft_today] =>Adware.FreeSoftToday^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKLM\Software\supWPM] =>PUP.WpManager^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
C:\Users\severine\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore
C:\Users\severine\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\severine\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
C:\Users\severine\AppData\Local\Temp\nscD50A.exe =>Toolbar.Conduit
C:\Users\severine\AppData\Local\Temp\nshE3CA.exe =>Toolbar.Conduit
C:\Users\severine\AppData\Local\Temp\nsqDC82.exe =>Toolbar.Conduit
C:\Users\severine\AppData\Local\Temp\nsr7512.exe =>Toolbar.Conduit
C:\Users\severine\AppData\Local\Temp\nsx6DE1.exe =>Toolbar.Conduit
~ Additionnel Scan: 238730 Items scanned in 00mn 47s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector
http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
http://nicolascoolman.webs.com/apps/blog/show/42126939-pup-adpeak =>PUP.AdPeak
http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb =>PUP.CacaoWeb
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/41962558-pup-quickstart =>PUP.QuickStart
http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
http://nicolascoolman.webs.com/apps/blog/show/41962428-hijacker-webssearches =>Hijacker.WebsSearches
http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter
http://nicolascoolman.webs.com/apps/blog/show/42099886-pup-browsemark =>PUP.BrowseMark
http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolman.webs.com/apps/blog/show/41695065-pup-anyprotect =>PUP.AnyProtect
http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>AgenceExclusive
http://nicolascoolman.webs.com/apps/blog/show/33340107-adware-freesofttoday =>Adware.FreeSoftToday
http://nicolascoolman.webs.com/apps/blog/show/42067481-pup-suprasavings =>PUP.SupraSavings
http://nicolascoolman.webs.com/apps/blog/show/41499656-pup-systemspeedup =>PUP.SystemSpeedup
http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox
http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 26 link(s) detected in 00mn 00s



~ 1032 Legitimates filtered by white list
End of the scan (699 lines in 04mn 55s)(0)
0
ArnaudLy6 Messages postés 4412 Date d'inscription samedi 22 mai 2010 Statut Membre Dernière intervention 13 février 2016 189
21 avril 2014 à 17:28
Il me faudrait le rapport AdwCleaner ;)
0
seve1972 Messages postés 6 Date d'inscription jeudi 15 novembre 2007 Statut Membre Dernière intervention 21 avril 2014
21 avril 2014 à 17:33
ok je le fais de suite
0
seve1972 Messages postés 6 Date d'inscription jeudi 15 novembre 2007 Statut Membre Dernière intervention 21 avril 2014
21 avril 2014 à 17:47
# AdwCleaner v3.102 - Rapport créé le 21/04/2014 à 17:40:51
# Mis à jour le 21/04/2014 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Nom d'utilisateur : severine - PC-DE-SEVERINE
# Exécuté depuis : C:\Users\severine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HRTC623\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

Service Supprimé : IePluginService
[#] Service Supprimé : Software_update
[#] Service Supprimé : Software_update_m
Service Supprimé : SProtection
Service Supprimé : Wpm

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\IePluginService
Dossier Supprimé : C:\ProgramData\Systweak
Dossier Supprimé : C:\ProgramData\WPM
Dossier Supprimé : C:\Program Files\003
Dossier Supprimé : C:\Program Files\predm
Dossier Supprimé : C:\Program Files\SupTab
Dossier Supprimé : C:\Program Files\Common Files\Umbrella
Dossier Supprimé : C:\Users\severine\AppData\Local\genesis
Dossier Supprimé : C:\Users\severine\AppData\Local\Systweak
Dossier Supprimé : C:\Users\severine\AppData\Local\Temp\Iminent
Dossier Supprimé : C:\Users\severine\AppData\Roaming\SupTab
Dossier Supprimé : C:\Users\severine\AppData\Roaming\Systweak
Dossier Supprimé : C:\Users\severine\AppData\Roaming\webssearches
Dossier Supprimé : C:\Users\severine\AppData\Roaming\wp_update
Dossier Supprimé : C:\Users\severine\AppData\Local\Software
Dossier Supprimé : C:\Program Files\Software
Dossier Supprimé : C:\Users\severine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa
Dossier Supprimé : C:\Users\severine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Fichier Supprimé : C:\Windows\system32\roboot.exe
Fichier Supprimé : C:\Users\severine\AppData\Local\speedial.crx
Fichier Supprimé : C:\Users\severine\AppData\Roaming\aps.scan.quick.results
Fichier Supprimé : C:\Users\severine\AppData\Roaming\aps.scan.results
Fichier Supprimé : C:\Users\severine\AppData\Roaming\aps.uninstall.scan.results
Fichier Supprimé : C:\Users\severine\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Fichier Supprimé : C:\Windows\System32\Tasks\Advanced System Protector_startup
Fichier Supprimé : C:\Windows\Tasks\APSnotifierPP1.job
Fichier Supprimé : C:\Windows\System32\Tasks\APSnotifierPP1
Fichier Supprimé : C:\Windows\Tasks\APSnotifierPP2.job
Fichier Supprimé : C:\Windows\System32\Tasks\APSnotifierPP2
Fichier Supprimé : C:\Windows\Tasks\APSnotifierPP3.job
Fichier Supprimé : C:\Windows\System32\Tasks\APSnotifierPP3
Fichier Supprimé : C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
Fichier Supprimé : C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore
Fichier Supprimé : C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
Fichier Supprimé : C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA
Fichier Supprimé : C:\Windows\System32\Tasks\SpyHunter4Startup

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D673B841-F327-41BA-87F0-C6E18667AB42}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D673B841-F327-41BA-87F0-C6E18667AB42}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9F6AD40-41E1-4537-A781-60E630B42D1F}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9F6AD40-41E1-4537-A781-60E630B42D1F}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05472A7E-FC54-438F-ADB7-6F1E93294395}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05472A7E-FC54-438F-ADB7-6F1E93294395}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35D5F47F-C44B-4978-BA72-CB73DC254557}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35D5F47F-C44B-4978-BA72-CB73DC254557}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9170F288-1BDC-4DAF-86E2-9543C09C1183}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9170F288-1BDC-4DAF-86E2-9543C09C1183}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F90B9D2-C840-4577-BD58-D56321EAB4F9}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F90B9D2-C840-4577-BD58-D56321EAB4F9}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3859E9C-FD54-4900-BDB2-02C29EF25580}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3859E9C-FD54-4900-BDB2-02C29EF25580}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\iLivid.torrent
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.Software.com/Software Update;version=3
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.Software.com/Software Update;version=9
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Clé Supprimée : HKCU\Software\AnyProtect
Clé Supprimée : HKCU\Software\Boxore
Clé Supprimée : HKCU\Software\genesis
Clé Supprimée : HKCU\Software\Iminent
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\systweak
Clé Supprimée : HKCU\Software\TutoTag
Clé Supprimée : HKCU\Software\AppDataLow\Software\blockAndSurf
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\suprasavings
Clé Supprimée : HKLM\Software\LevelQualityWatcher
Clé Supprimée : HKLM\Software\suprasavings
Clé Supprimée : HKLM\Software\supTab
Clé Supprimée : HKLM\Software\supWPM
Clé Supprimée : HKLM\Software\systweak
Clé Supprimée : HKLM\Software\Tutorials
Clé Supprimée : HKLM\Software\Umbrella
Clé Supprimée : HKLM\Software\webssearchesSoftware
Clé Supprimée : HKLM\Software\Wpm
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AnyProtect
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC

***** [ Navigateurs ] *****

-\\ Internet Explorer v9.0.8112.16545

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v34.0.1847.116

[ Fichier : C:\Users\severine\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : icon_url
Supprimée : search_url
Supprimée : keyword

*************************

AdwCleaner[R3].txt - [11123 octets] - [21/04/2014 17:38:44]
AdwCleaner[S3].txt - [10308 octets] - [21/04/2014 17:40:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [10369 octets] ##########
0
ArnaudLy6 Messages postés 4412 Date d'inscription samedi 22 mai 2010 Statut Membre Dernière intervention 13 février 2016 189
21 avril 2014 à 17:48
Télécharge Malwarebytes Anti-Malware : https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

- Décoche "Activer l'essai gratuit de Malwarebytes Anti-Malware Premium"
- Lance MalwareBytes
- Dans l'onglet Tableau de Bord, clique sur Mettre à jour
- Clique ensuite sur l'onglet " Examen "
- Coche " Examen Menaces "
- Clique sur " Examiner maintenant "
- Attends la fin de l'analyse
- Une fois l'analyse terminée, clique sur " Tout mettre en quarantaine "
- Accepte le redémarrage du PC

Une fois que ton ordinateur a redémarré, relance Malwarebytes Anti-Malware et cette fois-ci rends toi dans l'onglet " Historique ",
puis " Journaux de l'application ".
Sélectionne le rapport le plus récent, ouvre-le et clique en bas sur Coller dans le presse-papier.
Il ne te reste plus qu'à coller le rapport dans ton prochain message.
0
seve1972 Messages postés 6 Date d'inscription jeudi 15 novembre 2007 Statut Membre Dernière intervention 21 avril 2014
21 avril 2014 à 17:51
Je viens de redemarer google chrome et j'ai l'impression que webssearches a disparu mais j'attends votre conclusions !!!
0

Discussions similaires

modifier la couleur des pages webs
jack49 -
jack49 -

5 réponses
redirection vers des pages webs non voulues
phival30 -
bazfile -

20 réponses
Profil perso: webs, chaînes, livres...qui m'intéressent ?
Aristide -
Radinoz -

1 réponse