Pubs intempestives : Bing Toolbar, popups....

herault87 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention   -  
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

j utilise un nouvel ordinateur qui est infeste de pop up et autres publicites malveillantes. voici ma config :



j ai utilise le logiciel adwcleaner et il a supprime un programme mais le probleme des pop up reste toujours le meme. En outre, j ai une toolbar "search with Bing" indesirable qui vient se greffer sous le champ ou j inscris les adresses des sites web. A cette toolbar, s ajoute pop up en forme de coin de page replie dans le coin en haut a droite de la fenetre.
Comment faire pour me debarasser de tout ca?

Merci d avance.

Voici le rapport de adwcleaner :

# AdwCleaner v3.201 - Report created 23/04/2014 at 17:59:22
# Updated 22/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Anh Ngo - ANHNGO-VAIO
# Running from : C:\Users\Anh Ngo\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : MgAssistService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\Program Files (x86)\MediaPlayerV1
Folder Deleted : C:\Program Files (x86)\MediaWatchV1
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\StartNow Toolbar
Folder Deleted : C:\Users\Anh Ngo\.android
Folder Deleted : C:\Users\Anh Ngo\AppData\Local\genienext
Folder Deleted : C:\Users\Anh Ngo\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Anh Ngo\AppData\Local\PackageAware
Folder Deleted : C:\Users\Anh Ngo\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Anh Ngo\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Anh Ngo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Anh Ngo\Documents\Mobogenie
Folder Deleted : C:\Users\Anh Ngo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\Users\Anh Ngo\daemonprocess.txt
File Deleted : C:\Users\Anh Ngo\Desktop\Mobogenie.lnk
File Deleted : C:\Users\Anh Ngo\AppData\Roaming\Mozilla\Firefox\Profiles\h4omhny5.default\searchplugins\yahoo-zugo.xml
File Deleted : C:\Users\Anh Ngo\AppData\Roaming\Mozilla\Firefox\Profiles\h4omhny5.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk

***** [ Registry ] *****

12 réponses

Réponse 1 / 12
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Bonjour,

Le rapport est incomplet.

--> Télécharge ZHPDiag (de Nicolas Coolman).

--> Double-clique sur le fichier d'installation. Installe ZHPDiag avec les paramètres par défaut (laisse "Créer une icône sur le Bureau" coché).

--> Lance ZHPDiag en double-cliquant sur le raccourci présent sur ton Bureau.

--> Clique sur "Complet".

--> Une fois le scan terminé, un rapport est créé sur le Bureau.

--> Héberge-le sur pjjoint.malekal.com puis copie-colle le lien donné par le site dans ton prochain message.
1
Réponse 2 / 12
herault87 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
voici le rapport en entier. j avais oublie de copier la totalite.


# AdwCleaner v3.201 - Report created 23/04/2014 at 17:59:22
# Updated 22/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Anh Ngo - ANHNGO-VAIO
# Running from : C:\Users\Anh Ngo\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : MgAssistService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\Program Files (x86)\MediaPlayerV1
Folder Deleted : C:\Program Files (x86)\MediaWatchV1
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\StartNow Toolbar
Folder Deleted : C:\Users\Anh Ngo\.android
Folder Deleted : C:\Users\Anh Ngo\AppData\Local\genienext
Folder Deleted : C:\Users\Anh Ngo\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Anh Ngo\AppData\Local\PackageAware
Folder Deleted : C:\Users\Anh Ngo\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Anh Ngo\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Anh Ngo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Anh Ngo\Documents\Mobogenie
Folder Deleted : C:\Users\Anh Ngo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\Users\Anh Ngo\daemonprocess.txt
File Deleted : C:\Users\Anh Ngo\Desktop\Mobogenie.lnk
File Deleted : C:\Users\Anh Ngo\AppData\Roaming\Mozilla\Firefox\Profiles\h4omhny5.default\searchplugins\yahoo-zugo.xml
File Deleted : C:\Users\Anh Ngo\AppData\Roaming\Mozilla\Firefox\Profiles\h4omhny5.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\MediaViewV1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Anh Ngo\AppData\Roaming\Mozilla\Firefox\Profiles\h4omhny5.default\prefs.js ]

Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394242131833");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Anh Ngo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [4665 octets] - [23/04/2014 17:54:57]
AdwCleaner[S0].txt - [4532 octets] - [23/04/2014 17:59:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4592 octets] ##########
0
Réponse 3 / 12
herault87 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
j ai installe ZHPFix mais je ne trouve pas le bouton "Complet". Je n arrive pas a fabriquer un scan. Comment faire ?
0
Réponse 4 / 12
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
On va se servir de ZHPDiag pour l'instant, on verra ensuite pour ZHPFix.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
herault87 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
voila, j ai poste le rapport de ZHPDial sur pjjoint.malekal.

voici le lien : https://pjjoint.malekal.com/files.php?id=20140423_x7l9y13l6r15
0
Réponse 6 / 12
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
--> Copie tout le texte présent en gras ci-dessous (Sélectionne-le, clique droit dessus et choisis "Copier").


Script ZHPFix
SysRestore
ProxyFix
C:\Users\Anh Ngo\AppData\Local\Google\Chrome\User Data\Default\Preferences
O2 - BHO: MediaViewerV1alpha3758 [64Bits] - {4fb40062-492a-4eb5-ac89-8cb41ae03dd4} . (.No owner - Media Viewer.) -- C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha3758\ie\MediaViewerV1alpha3758.dll
O2 - BHO: MediaViewV1alpha758 [64Bits] - {54632fc6-ebac-4d99-8be7-11a90417afb2} . (.No owner - Media View.) -- C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha758\ie\MediaViewV1alpha758.dll
O2 - BHO: MediaViewV1alpha6969 [64Bits] - {95cf5c16-c6ef-405c-a18f-6a58860930a3} . (.No owner - Media View.) -- C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha6969\ie\MediaViewV1alpha6969.dll
O2 - BHO: MediaViewV1alpha3138 [64Bits] - {fc3a4f53-1f82-4a37-ba8b-f4eed64d8a8c} . (.No owner - Media View.) -- C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3138\ie\MediaViewV1alpha3138.dll
O4 - GS\TaskBar [Anh Ngo]: Mobogenie.lnk . (...) -- C:\Program Files (x86)\Mobogenie\Mobogenie.exe (.not file.)
O42 - Logiciel: Media View - (.Media View.) [HKLM][64Bits] -- MediaViewV1alpha3138
O42 - Logiciel: Media View - (.Media View.) [HKLM][64Bits] -- MediaViewV1alpha6452
O42 - Logiciel: Media View - (.Media View.) [HKLM][64Bits] -- MediaViewV1alpha6969
O42 - Logiciel: Media View - (.Media View.) [HKLM][64Bits] -- MediaViewV1alpha758
O42 - Logiciel: Media Viewer - (.Media Viewer.) [HKLM][64Bits] -- MediaViewerV1alpha3758
O42 - Logiciel: Media Watch - (.Media Watch.) [HKLM][64Bits] -- MediaWatchV1home589
[HKLM\Software\Wow6432Node\MediaPlayerV1]
[HKLM\Software\Wow6432Node\MediaViewerV1]
[HKLM\Software\Wow6432Node\MediaWatchV1]
O43 - CFD: 2/26/2014 - 9:28:08 PM - [] ----D C:\Program Files (x86)\MediaViewerV1
O43 - CFD: 3/16/2014 - 9:01:05 PM - [] ----D C:\Program Files (x86)\MediaViewV1
O43 - CFD: 7/11/2013 - 12:31:29 AM - [] ----D C:\ProgramData\InstallMate
O69 - SBI: prefs.js [Anh Ngo - h4omhny5.default] user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1398247420495");
[MD5.DB5DE86A81CF3A802D51A455F1878B99] [SPRF][1/19/2014] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\Anh Ngo\Desktop\FLVMPlayer2.exe [4958377]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\startnow_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\startnow_RASMANCS
C:\Users\Anh Ngo\Downloads\flvmplayer.exe
[HKLM\Software\Google\Chrome\Extensions\bpbklclpalgegnlbnoildllknggjnidp]
[HKLM\Software\Google\Chrome\Extensions\jamjeaeoikhhdnabkkkgoaaimhdikdle]
[HKLM\Software\Google\Chrome\Extensions\lkpdfffadkhdfmmgdpimabklklijobdc]
[HKLM\Software\Google\Chrome\Extensions\mnpcfjpfdjbpcihccnklbajjjjckjkgo]
[HKLM\Software\Google\Chrome\Extensions\pckehljhbgjbhanabmfcmkbombofcjda]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FB40062-492A-4EB5-AC89-8CB41AE03DD4}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54632FC6-EBAC-4D99-8BE7-11A90417AFB2}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95CF5C16-C6EF-405C-A18F-6A58860930A3}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC3A4F53-1F82-4A37-BA8B-F4EED64D8A8C}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha3138]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha6452]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha6969]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha758]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewerV1alpha3758]
C:\Users\Anh Ngo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpbklclpalgegnlbnoildllknggjnidp
C:\Users\Anh Ngo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jamjeaeoikhhdnabkkkgoaaimhdikdle
C:\Users\Anh Ngo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpdfffadkhdfmmgdpimabklklijobdc
C:\Users\Anh Ngo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnpcfjpfdjbpcihccnklbajjjjckjkgo
C:\Users\Anh Ngo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckehljhbgjbhanabmfcmkbombofcjda
EmptyFlash
EmptyTemp


--> Lance ZHPFix depuis le raccourci situé sur ton Bureau.

--> Clique sur le bouton IMPORTER. Dans l'encadré principal, tu verras les lignes que tu as copié précédemment apparaître.

--> Clique sur GO et confirme pour lancer le nettoyage. Laisse l'outil travailler et ne touche à rien.

--> Accepte la désinstallation des programmes si proposé, mais refuse le redémarrage de ton PC si également proposé, car cela stopperait ZHPFix.

--> Une fois terminé, héberge le rapport sur pjjoint.malekal.com puis copie-colle le lien dans ton prochain message.
0
Réponse 7 / 12
herault87 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
https://pjjoint.malekal.com/files.php?id=20140423_d10j5x14x5c6
0
Réponse 8 / 12
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Plus de souci ?

Redémarre le PC et génère un nouveau rapport ZHPDiag ;)
0
Réponse 9 / 12
herault87 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
ca va mieux, on dirait ! Merci beaucoup de votre aide Destrio 5 ! Voici le rapport : ~ Report of ZHPDiag v2014.4.22.40 - Nicolas Coolman (4/22/2014)
~ Launched by Anh Ngo (4/24/2014 2:19:38 PM)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 27.0.1
GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK

---\\ System protection software
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader X

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3995.3 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 288 GB (64%) free of 446 GB

---\\ Connection to the system mode
~ Computer Name: ANHNGO-VAIO
~ User Name: Anh Ngo
~ All Users Names: HomeGroupUser$, Guest, Anh Ngo, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Anh Ngo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Anh Ngo\AppData\Roaming\
~ %Desktop% : C:\Users\Anh Ngo\Desktop\
~ %Favorites% : C:\Users\Anh Ngo\Favorites\
~ %LocalAppData% : C:\Users\Anh Ngo\AppData\Local\
~ %StartMenu% : C:\Users\Anh Ngo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 288 Go of 446 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn AMs



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.2/24/2012 - 8:18:12 AM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 9:39:52 AM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.3/6/2014 - 2:22:40 PM.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.11/21/2010 - 11:24:29 AM.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.11/21/2010 - 11:24:16 AM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/28/2013 - 9:09:10 AM.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 9:52:21 AM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 7:19:47 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/21/2010 - 11:23:47 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/21/2010 - 11:24:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/21/2010 - 11:23:47 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 7:19:57 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 8:10:03 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2/24/2012 - 8:19:14 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/21/2010 - 11:23:51 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.1/24/2014 - 10:37:55 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 8:00:41 AM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/21/2010 - 11:24:33 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 8:09:09 AM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/21/2010 - 11:24:32 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.1/7/2013 - 2:31:23 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn AMs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/3103
~ Mes musiques (My Musics) : 1/1685
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 1/190
~ Mon Bureau (My Desktop) : 1/562
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 02mn AMs



---\\ Process running
[MD5.D79D267DEE0C5080825A12C24EC25626] - (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [4670704] [PID.3360]
[MD5.070753E47E04181DD440EA2FEFE3115C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376] [PID.3836]
[MD5.74A921A3820CA3139D0D30F453FDEB58] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [936272] [PID.4088]
[MD5.EBE6AD4AE1CB00559C10B206225673F8] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Anh Ngo\AppData\Roaming\Dropbox\bin\Dropbox.exe [33604728] [PID.1100]
[MD5.4D1DA8CE5E364D22B4FF00F163194514] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4704]
[MD5.4AD491D49890D794BFA77AAB935046C5] - (.Sony Corporation - No Comment.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552] [PID.4724]
[MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4860]
[MD5.1BB5FF1FBB115602250440D4D03524A8] - (.No owner - Keyboard Shortcuts.) -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [477816] [PID.4000]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.4448]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.4512]
[MD5.ED561B00BA0DB6F4A51D711A8720395C] - (.Digital Delivery Networks, Inc. - VAIO Messenger.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [1498024] [PID.4284]
[MD5.D6D0EB77C43224ABC8E137FACDAED88E] - (.Google - Hangouts Plugin.) -- C:\Users\Anh Ngo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe [64384] [PID.5272]
[MD5.F482170822E45CF5CB4CC6479A20B6CD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7889408] [PID.4560]
~ Processes Running: Scanned in 00mn AMs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Anh Ngo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Google Chrome Extension Folder
~ Google Lines Browser: 16 Legitimates Filtered in 01mn AMs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Anh Ngo\AppData\Roaming\Mozilla\Firefox\Profiles\h4omhny5.default\prefs.js
M0 - MFSP: prefs.js [Anh Ngo - h4omhny5.default] google.com
~ Firefox Browser: 8 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
~ IE Browser: 18 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Orphan key
~ Toolbar: Scanned in 00mn AMs



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Program [Public]: Intel(R) WiDi.lnk . (...) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe (.not file.)
O4 - GS\Program [Public]: Keyboard Shortcuts.lnk . (...) -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Anh Ngo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Anh Ngo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Anh Ngo]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\QuickLaunch [Anh Ngo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Anh Ngo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Anh Ngo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Anh Ngo]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Anh Ngo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Anh Ngo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Anh Ngo]: RosettaStoneVersion3 - Shortcut.lnk . (.Multidmedia Limited - My Flash Application.) -- C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
O4 - GS\Desktop [Anh Ngo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Anh Ngo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 80 Legitimates Filtered in 02mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - GS\Startup [Anh Ngo]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Anh Ngo\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [Anh Ngo]: OneNote 2010 Screen Clipper and Launcher.lnk . (...) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe (.not file.)
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Yahoo! Pager] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Anh Ngo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [ISBMgr.exe] . (.Sony Corporation - No Comment.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2948125983-1992052818-4033227373-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2948125983-1992052818-4033227373-1000\..\Run: [Yahoo! Pager] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKUS\S-1-5-21-2948125983-1992052818-4033227373-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2948125983-1992052818-4033227373-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Anh Ngo\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn AMs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn AMs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C3A9147-7274-4C6B-99AF-17F1A36DE1A6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C3A9147-7274-4C6B-99AF-17F1A36DE1A6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5C3A9147-7274-4C6B-99AF-17F1A36DE1A6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn AMs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: (Oasis2Service) . (.Digital Delivery Networks, Inc. - Oasis2Service.) - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
~ Services: 25 Legitimates Filtered in 06mn AMs



---\\ Task Planned Automatically (039)
[MD5.0ED398A4D031B9CFB10E3FEDF97AD836] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS.exe [614400] =>Trojan.Keygen
[MD5.DE54B81B68132B3716EAF95DBF66A59F] [APT] [DDNi Startup] (.Digital Delivery Networks, Inc..) -- C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [12200]
[MD5.ED561B00BA0DB6F4A51D711A8720395C] [APT] [VAIOr Messenger (Administrator)] (.Digital Delivery Networks, Inc..) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [1498024]
[MD5.ED561B00BA0DB6F4A51D711A8720395C] [APT] [VAIOr Messenger (Anh Ngo)] (.Digital Delivery Networks, Inc..) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [1498024]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [204]
~ Scheduled Task: 29 Legitimates Filtered in 04mn AMs



---\\ Software installed (O42)
O42 - Logiciel: Oasis2Service - (.DDNi.) [HKLM][64Bits] -- {E50FC5DB-7CBD-407D-A46E-0C13E45BC386}
~ Logic: 24 Legitimates Filtered in 00mn AMs



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\DDNi]
[HKLM\Software\Wow6432Node\MediaWatchV1home589]
[HKLM\Software\Wow6432Node\MinhHoang]
~ Key Software: 280 Legitimates Filtered in 00mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 7/4/2013 - 8:40:34 PM - [] ----D C:\Program Files (x86)\DDNi
O43 - CFD: 7/4/2013 - 8:34:44 PM - [] ----D C:\ProgramData\DDNi
O43 - CFD: 7/4/2013 - 8:40:34 PM - [] --H-D C:\ProgramData\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}
~ Program Folder: 145 Legitimates Filtered in 00mn AMs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.5F1166F7F9A6E6379C9E55EA21E6343C] - 4/24/2014 - 2:10:49 PM ---A- . (...) -- C:\Windows\AutoKMS.log [126067]
~ Files: 44 Legitimates Filtered in 02mn AMs



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn AMs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn AMs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:1/9/2012 - 9:13:12 PM ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapt.) -- C:\Windows\System32\Drivers\AmpPal.sys [195584]
O58 - SDL:1/12/2013 - 3:40:14 AM ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:7/14/2009 - 9:47:48 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:6/11/2009 - 4:31:59 AM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:7/14/2009 - 9:45:55 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 21mn AMs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [Anh Ngo - h4omhny5.default] user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1398262440753");
~ Keys: Scanned in 00mn AMs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.DB5DE86A81CF3A802D51A455F1878B99] [SPRF][1/19/2014] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\Anh Ngo\Desktop\FLVMPlayer2.exe [4958377]
~ Files: 1 Legitimates Filtered in 00mn AMs



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{044BDF9A-9D34-4A3C-BBE1-4209089485ED}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Anh Ngo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{07AAED68-6B5C-40E2-AF09-D9DDD17B1263}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Anh Ngo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 01mn AMs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 7/11/1658 0 | (ACDaemon) . (...) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Demand 3/15/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 4/4/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 2/16/2013 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 4/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 4/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 1/16/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Disabled 2/26/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 12/9/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Auto 2/28/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 9/24/2011 73728 | (Sony SCSI Helper Service) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
SR - | Auto 9/21/2011 78472 | (ActiveDelayDeviceService) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
SR - | Auto 12/18/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 1/9/2012 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 12/21/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 12/20/2011 1014096 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 12/20/2011 1304912 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 12/20/2011 1104208 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 8/30/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 1/12/2012 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 12/9/2011 618256 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 2/2/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 2/22/2012 2429544 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 2/3/2012 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 3/23/2012 127320 | (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 2/20/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 3/23/2012 162648 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 3/23/2012 276824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 7/2/2013 61440 | (Oasis2Service) . (.Digital Delivery Networks, Inc..) - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
SR - | Auto 2/22/2012 473960 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
SR - | Auto 12/9/2011 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 3/23/2012 362840 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 4/7/2012 65464 | (VAIO Event Service) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
SR - | Auto 1/11/2012 535688 | (VAIO Power Management) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
SR - | Auto 3/27/2012 978056 | (VSNService) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
SR - | Demand 5/11/2012 1259104 | (VUAgent) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
SR - | Auto 7/14/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 7/11/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 7/14/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/9/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 07mn AMs



---\\ Scan Additionnel (O88)
Database Version : 13045 - (4/22/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

C:\Windows\AutoKMS.exe =>Trojan.Keygen^
~ Additionnel Scan: 316258 Items scanned in 26mn AMs



---\\ Summary of the detections found on your workstation
~ MSI: 0 link(s) detected in 00mn AMs



~ 753 Legitimates filtered by white list
End of the scan (444 lines in 39mn AMs)(0)
0
Réponse 10 / 12
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Tu n'as pas d'antivirus ?

Réutilise ZHPFix avec le script suivant :

Script ZHPFix
SysRestore
[HKLM\Software\Wow6432Node\MediaWatchV1home589]
O69 - SBI: prefs.js [Anh Ngo - h4omhny5.default] user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1398262440753");
EmptyFlash
EmptyTemp
0
Réponse 11 / 12
herault87 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
Je ne crois pas. Tout ce que j'ai trouve sur ce PC, c'est Windows Defender.

j ai utilise le script. voila le rapport :


Recycle Bin emptied (31mn AMs)

========== Registry keys ==========
REMOVES: HKLM\Software\Wow6432Node\MediaWatchV1home589

========== Preferences browser ==========
REMOVES Mozilla Pref: user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1398262440753");

========== Folders ==========
REMOVES Flash Cookies (0)
Deletes temporary Windows (11)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
Deletes temporary Windows (6) (41,984 octets)

========== System restore ==========
The system successfully created restore point


========== Summary ==========
1 : Registry keys
2 : Folders
2 : Files
1 : Preferences browser
1 : System restore


End of clean in 54mn AMs

========== Path to file report ==========
C:\Users\Anh Ngo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 4/23/2014 6:34:42 PM [652]
C:\Users\Anh Ngo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 4/23/2014 9:40:22 PM [4381]
C:\Users\Anh Ngo\AppData\Roaming\ZHP\ZHPFix[R3].txt - 4/24/2014 3:15:25 PM [1177]
0
Réponse 12 / 12
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Pour finir :


1/

---> Télécharge et installe CCleaner.
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers temporaires de Windows datant de plus de 24 heures.
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


2/

---> Télécharge DelFix sur ton Bureau puis lance-le.
* Coche Purger la restauration système et laisse Supprimer les outils de désinfection coché.
* Clique sur Exécuter.
* Poste le rapport.


==Prévention==

Désinstalle McAfee Security Scan Plus. Comme antivirus, je te propose Avast :
http://www.commentcamarche.net/download/telecharger-151-avast-antivirus-2014

Malwarebytes' Anti-Malware est pratique en cas d'infection :
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

Mets à jour Adobe Reader (décoche McAfee Security Scan Plus).

Mets à jour Adobe Flash Player (décoche aussi McAfee Security Scan Plus).

Un dossier sur la prévention et sécurité sur Internet est disponible ici.
0

Discussions similaires

apparation intempestives de pub type site de rencontre et photo dans le même ton
Crokino -
Crokino -

6 réponses
Publicités : même son coupé, elles sont à fond
Leboss104 -
loisou17 -

5 réponses
Problème de son dans les pubs
SoleneH -
fanou10 -

3 réponses
Pubs sites de rencontre intempestives
ant44 -
Malekal_morte- -

11 réponses
Publicité s'ouvre toute seule ! ?
RRD91 -
Vinz -

52 réponses