Fenêtres Publicitaires Intempestives Fermé

Question

Bonjour tous le monde, Depuis 2-3 jours des fenêtres publicitaire s'ouvrent en même temps que la page web sur laquelle je veux aller... Je me permet de vous envoyer le rapport fait par ZHPDIAG: ~ Rapport de ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014) ~ Lancé par CHRISTINE (26/05/2014 17:08:17) ~ Adresse du Site Web http://nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): ---\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.19518 GCIE: Google Chrome v35.0.1916.114 (Defaut) ---\ Informations sur les produits Windows ~ Langage: Français Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Windows Operating System - Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : RJ34F Windows License : OK Windows Automatic Updates : OK ---\ Logiciels de protection du système Avira Free Antivirus v14.0.3.350 Spybot - Search & Destroy v2.2.25 ---\ Logiciels d'optimisation du système CCleaner v3.21 ---\ Logiciels de partage PeerToPeer ---\ Surveillance de Logiciels Adobe Flash Player 13 Plugin Adobe Reader 9.5.5 - Français Java 7 Update 51 ---\ Informations sur le système ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3061 MB (47% free) System Restore: Activé (Enable) System drive C: has 14 GB (18%) free of 74 GB ---\ Mode de connexion au système ~ Computer Name: PC-DE-CHRISTINE ~ User Name: CHRISTINE ~ All Users Names: CHRISTINE, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\CHRISTINE\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\CHRISTINE\AppData\Roaming\ ~ %Desktop% : C:\Users\CHRISTINE\Desktop\ ~ %Favorites% : C:\Users\CHRISTINE\Favorites\ ~ %LocalAppData% : C:\Users\CHRISTINE\AppData\Local\ ~ %StartMenu% : C:\Users\CHRISTINE\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 14 Go of 74 Go) E: Hard drive, Flash drive, Thumb drive (Free 58 Go of 73 Go) F: CD-ROM drive (Not Inserted) ---\ Etat du Centre de Sécurité Windows ~ Security Center: 42 Legitimates Filtered in 00mn 00s ---\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 7:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 3:23:42.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.5330BB74C2A53788154C3ECF4523D36D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/02/2014 - 11:53:03.) -- C:\Windows\System32\wininet.dll [916992] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 7:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 7:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 3:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 5:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 5:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 3:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 3:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 5:45:37.) -- C:\Windows\system32\Drivers etBT.sys [185856] [MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.3/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers tfs.sys [1082232] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.2/11/2006 - 9:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 3:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 3:23:01.) -- C:\Windows\system32\Drivers dpdr.sys [248832] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 5:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 5:45:56.) -- C:\Windows\system32\Drivers dx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640] ~ Generic Processes: Scanned in 00mn 01s ---\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/3 ~ Mes Favoris (My Favorites) : 1/34 ~ Mes Documents (My Documents) : 1/8 ~ Mon Bureau (My Desktop) : 2/1550 ~ Menu demarrer (Programs) : 1/29 ~ Hidden Files: Scanned in 00mn 01s ---\ Processus lancés [MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.4028] [MD5.1FE2E92576ED4BC83FFA4FDB2831C3B2] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.4036] [MD5.A13F4ABCD303F04A805155F6049D1CB2] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [154136] [PID.4044] [MD5.4F535C9ECC352167B2F5B26D38A247BD] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [129560] [PID.4052] [MD5.DF14865FD7961D9D4FA5A2A3C2F33560] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252440] [PID.4068] [MD5.99C1D6B7C36C891EC099AA8D120185C4] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4911104] [PID.4092] [MD5.DBC3E8226BE6FE67FAE94025C80FE907] - (.TOSHIBA CORPORATION - ConfigFree(TM) Task tray menu.) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [1056768] [PID.2248] [MD5.E1FAAF7915BC07352CCF1DFF37058414] - (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe [581632] [PID.2488] [MD5.137962BA4B4B60A0E5F12D6C9DFA4C2F] - (.Chicony - traybar.) -- C:\Program Files\Camera Assistant Software for Toshiba raybar.exe [413696] [PID.2512] [MD5.B0674AE101707D21F9E30484D6465704] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [431456] [PID.2576] [MD5.B50D6E98F87616444B7E3F8D190A5F09] - (.TOSHIBA Corporation - SmoothView.) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [509816] [PID.1524] [MD5.E9E5692F51D6032A1105C7BE27FC0BAE] - (.TOSHIBA Corporation - TOSHIBA Flash Cards.) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704] [PID.632] [MD5.9EFB4CA9A91F27530E42ABC441DE5049] - (.Sony Corporation - WALKMAN Launcher.) -- C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe [110592] [PID.2684] [MD5.95D0EA1BECAD6D781C3D09AEC1295E8F] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2848] [MD5.766E24A20116AFA41F380B57FFE7AF02] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328] [PID.2860] [MD5.4EB0C6C3EF4D8885CF2B5D0062F31E44] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376] [PID.2876] [MD5.4AB05041D5C922B9A7A5D9059F5538CD] - (.Microsoft Corporation - User session Windows Mobile device handler.) -- C:\Windows\WindowsMobile\wmdSync.exe [215552] [PID.2896] [MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.2904] [MD5.4B96654025B28EEB1E5D8F001E5D1B8A] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160] [PID.564] =>Toolbar.Ask [MD5.DD84FD291B2C324B8E6D6EF6B8643A69] - (...) -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe [4624384] [PID.2320] [MD5.137149B37E9C9DBDE30E4C40867252E4] - (.Pas de propriétaire - fr.) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080] [PID.1868] [MD5.ABBABB9718848FD74C2D156BDFEDBCD5] - (.Agere Systems - LtMoh MFC Application.) -- C:\Program Files\ltmoh\ltmoh.exe [191552] [PID.3064] [MD5.53AF21EEB4894CA7C84A5A65E50D7A49] - (.Gemalto N.V. - RunSanDiskSecureAccess_Win.) -- C:\Users\CHRISTINE\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792] [PID.3148] [MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [275768] [PID.2808] [MD5.95F3F024B8EE19D1B8FD32E9536C5268] - (.APN LLC. - Virtual New Tab Loader.) -- C:\Users\CHRISTINE\AppData\Local\VNT\vntldr.exe [195536] [PID.1820] =>Toolbar.Ask [MD5.F064D3DA9BCEC02D9782D39446603DCA] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager.) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe [405504] [PID.2872] [MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.2800] [MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.3940] [MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.1716] [MD5.AF49D1C79EA49A7833017F290EE63B82] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784] [PID.4356] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.4932] [MD5.EA5B870671079786F335AC7C10846C4F] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [295584] [PID.4156] [MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4916] [MD5.90F7E0DAC46CE6A461B90336D899274F] - (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files\Microsoft Office\Office14\WINWORD.exe [1423008] [PID.5340] [MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7879168] [PID.4184] [MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904] [PID.940] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1320] [MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400] [PID.1808] [MD5.160270FB6706B45392B3C20753BEF1A9] - (.Emsi Software GmbH - a-squared Service.) -- C:\Program Files\a-squared Free\a2service.exe [1872320] [PID.1580] [MD5.39E435C90C9C4F780FA0ED05CA3C3A1B] - (.Agere Systems - Agere Soft Modem Call Progress Service.) -- C:\Windows\system32\agrsmsvc.exe [9216] [PID.1568] [MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1148] [MD5.B342CD9AA44E4AE99E2368EBDBC2E17A] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.756] =>Toolbar.Ask [MD5.596E452B5152EC9AFE8153D296459D2B] - (.TOSHIBA CORPORATION - Service of ConfigFree..) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960] [PID.2012] [MD5.627FA58ADC043704F9D14CA44340956F] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe [360224] [PID.2180] [MD5.E47F35A87FF0DA38DEF37A0EB0C2D2DF] - (.TOSHIBA Corporation - TOSHIBA Navi Support Service.) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312] [PID.2308] [MD5.C5AC715B65B01788ABC22D10749DDDD8] - (.TOSHIBA Corporation - TDCSrv Application.) -- C:\Windows\system32\TODDSrv.exe [129632] [PID.2328] [MD5.DA6903958CBDC091FFCBBCA70CCFF34C] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [431456] [PID.2364] [MD5.22690DFFC7F2A18279A7A0489AA02BAC] - (.TOSHIBA Corporation - TosIPCSrv.exe.) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976] [PID.2400] [MD5.332D341D92B933600D41953B08360DFB] - (.Ulead Systems, Inc. - ULCDRSvr.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152] [PID.2468] [MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.3268] [MD5.3D15C6EDBF84D792ACEBD2289546DBAF] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [1017424] [PID.3552] [MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.4400] [MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.544] [MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.6076] [MD5.358A9CCA612C68EB2F07DDAD4CE1D8D7] - (.Microsoft Corporation - Microsoft Office Software Protection Platfo.) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.exe [4640000] [PID.4744] ~ Processes Running: Scanned in 00mn 04s ---\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\CHRISTINE\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] GoogleÂ Drive v.6.3 (Activé) G2 - GCE: Preference [User Data\Default] [mndjnmbcpincgombkciokepgfnhjhada] BlockAndSurf v.1.170.0.0 (Activé) =>PUP.BlockAndSurf G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] GoogleÂ Wallet v.0.0.6.1 (Activé) G2 - GCE: Preference [User Data\Default] [pcoohmdcpejoeggdnihdfhohjgdbllgm] Avira SearchFree Toolbar plus Web Protection v.32.5, (Activé) =>Toolbar.Avira ---\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 19 Legitimates Filtered in 00mn 09s ---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@google.com/npPicasa2,version=2.0.0] - (...) -- C:\Program Files\Picasa2 pPicasa2.dll (.not file.) ~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s ---\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be ~ IE Browser: 11 Legitimates Filtered in 00mn 00s ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 18s ~ Nombre de lignes (Lines number): 14703 ---\ Internet Explorer Toolbars (O3) O3 - Toolbar: IESizer - [HKLM]{41AF9DA0-7455-11D8-BC79-008048C7A589} . (...) -- C:\Program Files\IESizer\IESizer.dll O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll =>Toolbar.Ask O3 - Toolbar\WebBrowser: (no name) - [HKCU]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [NDSTray.exe] Clé orpheline O4 - HKLM\..\Run: [topi] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information opi.exe =>.Toshiba Corporation O4 - HKLM\..\Run: [Camera Assistant Software] . (.Chicony - traybar.) -- C:\Program Files\Camera Assistant Software for Toshiba raybar.exe O4 - HKLM\..\Run: [TPwrMain] . (.TOSHIBA Corporation - TOSHIBA Power Saver.) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe O4 - HKLM\..\Run: [SmoothView] . (.TOSHIBA Corporation - SmoothView.) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] . (.TOSHIBA Corporation - TOSHIBA Flash Cards.) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba - Vista Registration.) -- C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [WMAAD] . (.Sony Corporation - WALKMAN Launcher.) -- C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co O4 - HKLM\..\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKLM\..\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [Windows Mobile-based device management] . (.Microsoft Corporation - User session Windows Mobile device handler.) -- C:\Windows\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask O4 - HKLM\..\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files\VNT\vntldr.exe =>Toolbar.Ask O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe (.not file.) =>.Oracle Corporation O4 - HKLM\..\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] . (.Pas de propriétaire - DivX Player DFX Audio Plugin.) -- C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] . (.Pas de propriétaire - DivX Player Media Manager Plugin.) -- C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] . (.Pas de propriétaire - DivX Player Player Plugin.) -- C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll O4 - HKCU\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKCU\..\Run: [TOSCDSPD] Clé orpheline O4 - HKCU\..\Run: [LtMoh] . (.Agere Systems - LtMoh MFC Application.) -- C:\Program Files\ltmoh\Ltmoh.exe O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.exe (.not file.) O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] . (.Gemalto N.V. - RunSanDiskSecureAccess_Win.) -- C:\Users\CHRISTINE\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (.not file.) O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (.not file.) O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-21-211013483-3263264774-1690456957-1000\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-21-211013483-3263264774-1690456957-1000\..\Run: [TOSCDSPD] Clé orpheline O4 - HKUS\S-1-5-21-211013483-3263264774-1690456957-1000\..\Run: [LtMoh] . (.Agere Systems - LtMoh MFC Application.) -- C:\Program Files\ltmoh\Ltmoh.exe O4 - HKUS\S-1-5-21-211013483-3263264774-1690456957-1000\..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.exe (.not file.) O4 - HKUS\S-1-5-21-211013483-3263264774-1690456957-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-211013483-3263264774-1690456957-1000\..\Run: [AdobeBridge] Clé orpheline O4 - HKUS\S-1-5-21-211013483-3263264774-1690456957-1000\..\Run: [SanDiskSecureAccess_Manager.exe] . (.Gemalto N.V. - RunSanDiskSecureAccess_Win.) -- C:\Users\CHRISTINE\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe ~ Application: Scanned in 00mn 00s ---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} . (...) -- C:\Toshiba\Webshops\ebay.ico =>Toolbar.eBay O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} . (...) -- C:\Toshiba\Webshops\amazon.ico O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll ~ IE Extra Buttons: Scanned in 00mn 00s ---\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{0ED66951-A3A3-4E06-A401-84237B386BA9}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BF9326C9-3CC6-44C3-BDDB-25E0E1412AD4}: DhcpNameServer = 192.168.254.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{BF9326C9-3CC6-44C3-BDDB-25E0E1412AD4}: DhcpDomain = private O17 - HKLM\System\CS1\Services\Tcpip\..\{0ED66951-A3A3-4E06-A401-84237B386BA9}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{BF9326C9-3CC6-44C3-BDDB-25E0E1412AD4}: DhcpNameServer = 192.168.254.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{BF9326C9-3CC6-44C3-BDDB-25E0E1412AD4}: DhcpDomain = private O17 - HKLM\System\CS3\Services\Tcpip\..\{0ED66951-A3A3-4E06-A401-84237B386BA9}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{BF9326C9-3CC6-44C3-BDDB-25E0E1412AD4}: DhcpNameServer = 192.168.254.254 O17 - HKLM\System\CS3\Services\Tcpip\..\{BF9326C9-3CC6-44C3-BDDB-25E0E1412AD4}: DhcpDomain = private O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 ~ Domain: Scanned in 00mn 00s ---\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll O20 - Winlogon Notify: SDWinLogon . (...) -- SDWinLogon.dll ~ Winlogon: Scanned in 00mn 00s ---\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe ~ Services: 17 Legitimates Filtered in 00mn 16s ---\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{BC058E7F-5CF4-4127-A7D4-42DF8482EA1A}] (...) -- C:\Users\CHRISTINE\Desktop\HISTO CD\start.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C3A86A75-1B60-4D48-882A-030105C94ADA}] (...) -- C:\Windows\System32\spool\drivers\w32x86\3\LXCZUN5C.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{CE458FBC-9990-464F-B348-6F977311AA94}] (...) -- D:\HISTO\start.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy) [644] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy) [616] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy) [446] ~ Scheduled Task: 22 Legitimates Filtered in 00mn 09s ---\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (qefephzh) . (. - .) - C:\Windows\system32\drivers\qefephzh.sys (.not file.) O41 - Driver: ({c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gt) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gt.sys =>PUP.LinkiDoo ~ Drivers: 75 Legitimates Filtered in 00mn 03s ---\ Logiciels installés (O42) O42 - Logiciel: BlockAndSurf - (.BlockAndSurf-software.) [HKLM] -- 4BBF6702-1F9C-E652-8381-159FA2F38585 =>PUP.BlockAndSurf O42 - Logiciel: IESizer (remove only) - (...) [HKLM] -- IESizer (remove only) ~ Logic: 21 Legitimates Filtered in 00mn 01s ---\ HKCU & HKLM Software Keys [HKCU\Software\AskPartnerNetwork] [HKCU\Software\B.U.T nv] [HKCU\Software\ESMP] [HKCU\Software\VNT] [HKLM\Software\AskPartnerNetwork] [HKLM\Software\ESMP] ~ Key Software: 229 Legitimates Filtered in 00mn 01s ---\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 9/03/2014 - 18:45:09 - [] ----D C:\Program Files\AskPartnerNetwork O43 - CFD: 24/05/2014 - 23:39:55 - [0] ----D C:\Program Files\findopolis O43 - CFD: 9/03/2014 - 18:45:10 - [] ----D C:\Program Files\VNT O43 - CFD: 9/03/2014 - 18:35:15 - [] ----D C:\ProgramData\APN O43 - CFD: 9/03/2014 - 18:45:09 - [] ----D C:\ProgramData\AskPartnerNetwork O43 - CFD: 10/12/2010 - 20:40:39 - [] ----D C:\Users\CHRISTINE\AppData\Roaming\LimeWire O43 - CFD: 22/10/2010 - 14:49:03 - [0] ----D C:\Users\CHRISTINE\AppData\Roaming\Lite O43 - CFD: 10/01/2011 - 16:09:57 - [] ----D C:\Users\CHRISTINE\AppData\Roaming\Shareaza O43 - CFD: 9/04/2014 - 15:05:03 - [] ----D C:\Users\CHRISTINE\AppData\Local\AskPartnerNetwork O43 - CFD: 10/12/2010 - 20:38:41 - [] ----D C:\Users\CHRISTINE\AppData\Local\Shareaza O43 - CFD: 9/03/2014 - 18:45:17 - [] ----D C:\Users\CHRISTINE\AppData\Local\VNT ~ 272 Dossier CLSID vide (CLSID Empty Folder) ~ Program Folder: 486 Legitimates Filtered in 00mn 13s ---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 14/05/2014 - 19:41:59 ---A- . (...) -- C:\AVScanner.ini [426] O44 - LFC:[MD5.3B652C8F063D5D3F3BBCE674CAAF7358] - 22/05/2014 - 17:18:34 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gt.sys [55232] =>PUP.LinkiDoo O44 - LFC:[MD5.4F529C95915F3A57FE3B78E0FC584434] - 24/05/2014 - 12:51:22 ---A- . (...) -- C:\Windows\win.ini [356] O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 25/05/2014 - 20:02:46 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576] ~ Files: 22 Legitimates Filtered in 01mn 14s ---\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{5d642337-0ee6-11de-9385-001f3c80edf0}\AutoRun\command. (...) -- D:\fooool.exe (.not file.) O51 - MPSK:{872a0879-1f1c-11df-99b5-001f3c80edf0}\AutoRun\command - Clé orpheline O51 - MPSK:{c83854d4-a683-11e0-b3ea-00a0c6000000}\AutoRun\command. (...) -- D:\SFR_Setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 15 Legitimates Filtered in 00mn 00s ---\ Liste des pilotes du système (SDL) (O58) O58 - SDL:21/01/2008 - 3:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584] O58 - SDL:2/06/2008 - 14:19:12 ---A- . (.PCTools Research Pty Ltd. - File Security Device Driver.) -- C:\Windows\System32\Drivers\ikfilesec.sys [42376] O58 - SDL:2/06/2008 - 14:19:16 ---A- . (.PCTools Research Pty Ltd. - System Filter Device Driver.) -- C:\Windows\System32\Drivers\iksysflt.sys [66952] O58 - SDL:10/06/2008 - 20:22:52 ---A- . (.PCTools Research Pty Ltd. - System Security Device Driver.) -- C:\Windows\System32\Drivers\iksyssec.sys [81288] O58 - SDL:2/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944] O58 - SDL:2/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944] O58 - SDL:2/06/2008 - 14:19:24 ---A- . (.PCTools Research Pty Ltd. - Pas de description.) -- C:\Windows\System32\Drivers\kcom.sys [29576] O58 - SDL:14/04/2010 - 13:28:00 ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter.sys [9216] O58 - SDL:13/12/2013 - 15:03:37 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520] O58 - SDL:21/01/2008 - 3:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648] O58 - SDL:2/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408] O58 - SDL:21/01/2008 - 3:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816] O58 - SDL:22/05/2014 - 17:18:34 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gt.sys [55232] =>PUP.LinkiDoo O58 - SDL:2/11/2006 - 8:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:2/11/2006 - 8:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:2/11/2006 - 8:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:2/11/2006 - 8:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:2/11/2006 - 8:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:2/11/2006 - 8:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:2/11/2006 - 8:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:2/11/2006 - 8:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:2/11/2006 - 8:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:2/11/2006 - 8:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:2/11/2006 - 8:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:2/11/2006 - 8:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:2/11/2006 - 8:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 97 Legitimates Filtered in 00mn 04s ---\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7} ~ ADS: Scanned in 00mn 00s ---\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 22/05/2014 - C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gt.sys ({c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gt) .(.StdLib - StdLib.) - LEGACY_{C486BC7A-4F2C-4A8B-AC38-4952F70809B9}GT =>PUP.LinkiDoo ~ Legacy: 80 Legitimates Filtered in 00mn 00s ---\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) ~ FASS Keys: 13 Legitimates Filtered in 00mn 00s ---\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\CHRISTINE\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {7919E5DA-A2C9-4747-9302-8DF0834E07C3} - (Live Search) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {A4E17D0F-BD57-4F4E-BB83-265CD3D0188A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {F4828874-BDD4-4E60-879C-3D22CC5A4540} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.55A2FAB6BE5C9E2505CE80BF0EDF5D50] [SPRF][11/11/2010] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.5A3F0CEA4ED507AD530166099C8DDD1B] [SPRF][26/09/2009] (...) -- C:\Users\CHRISTINE\AppData\Roaming\wklnhst.dat [112] ~ Files: 2 Legitimates Filtered in 00mn 00s ---\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "25946514D214736534007A857BC0A030" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-4300-A758B70C0A03}\ToolbarIcon.exe =>Toolbar.Avira ~ Update Products: 1 Legitimates Filtered in 00mn 00s ---\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.F95352C3C346D3FC97A0EE9BB9A836EC] [WIS][9/03/2014] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\1531fe.msi [809472] =>Adware.Bandoo ~ WIS: 1 Legitimates Filtered in 00mn 07s ---\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira [HKCR\CLSID\{DF521630-EB03-9984-BAFD-0E502341A6FD}] (BlockAndSurf) =>PUP.BlockAndSurf ~ BCK: 6244 Legitimates Filtered in 00mn 29s ---\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 8/01/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 8/01/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 26/01/2007 75952 | (ICScsiSV) . (.Sony Corporation.) - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe SS - | Demand 26/01/2007 67760 | (IcVzMonLauncher) . (.Sony Corporation.) - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe SS - | Demand 26/01/2007 43184 | (Image Converter video recording monitor for VAIO Entertainment) . (.Sony Corporation.) - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe SS - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Demand 5/02/2007 112184 | (SonicStage Back-End Service) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe SS - | Demand 5/02/2007 75320 | (SSScsiSV) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SR - | Auto 20/04/2010 1872320 | (a2free) . (.Emsi Software GmbH.) - C:\Program Files\a-squared Free\a2service.exe SR - | Auto 5/10/2006 9216 | (AgereModemAudio) . (.Agere Systems.) - C:\Windows\system32\agrsmsvc.exe SR - | Auto 14/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 14/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 14/03/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe SR - | Auto 13/02/2014 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask SR - | Auto 25/12/2007 40960 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 24/10/2009 360224 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe SR - | Auto 15/10/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe SR - | Auto 20/09/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe SR - | Auto 13/09/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe SR - | Auto 21/01/2008 83312 | (TNaviSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe SR - | Auto 21/11/2007 129632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe SR - | Auto 17/01/2008 431456 | (TosCoSrv) . (.TOSHIBA Corporation.) - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe SR - | Auto 3/12/2007 126976 | (TOSHIBA SMART Log Service) . (.TOSHIBA Corporation.) - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe SR - | Auto 23/08/2006 49152 | (UleadBurningHelper) . (.Ulead Systems, Inc..) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 31s ---\ Scan Additionnel (O88) Database Version : 13029 - (24/05/2014) Clés trouvées (Keys found) : 6 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 6 [HKLM\Software\Google\Chrome\Extensions\mndjnmbcpincgombkciokepgfnhjhada] =>PUP.BlockAndSurf^ [HKLM\Software\Google\Chrome\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm] =>Toolbar.Avira^ [HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\4BBF6702-1F9C-E652-8381-159FA2F38585] =>PUP.BlockAndSurf^ [HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-4300-7A786E7484D7} =>Toolbar.Ask^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^ C:\Users\CHRISTINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndjnmbcpincgombkciokepgfnhjhada =>PUP.BlockAndSurf^ C:\Users\CHRISTINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm =>Toolbar.Avira^ C:\Program Files\AskPartnerNetwork =>Toolbar.Ask C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask C:\Users\CHRISTINE\AppData\Local\AskPartnerNetwork =>Toolbar.Ask C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^ C:\Users\CHRISTINE\AppData\Local\VNT\vntldr.exe =>Toolbar.Ask^ C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^ C:\Windows\Installer\1531fe.msi =>Adware.Bandoo^ [HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira^ [HKCR\CLSID\{DF521630-EB03-9984-BAFD-0E502341A6FD}] (BlockAndSurf) =>PUP.BlockAndSurf^ ~ Additionnel Scan: 318108 Items scanned in 01mn 42s ---\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo ~ MSI: 3 link(s) detected in 00mn 00s ~ 1074 Legitimates filtered by white list End of the scan (610 lines in 06mn 16s)(0) Merci d'avance pour votre aide! Configuration: Windows Vista / Chrome 35.0.1916.114

Malekal_morte- · Answer

Salut,

Suis la procédure suivante : https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc
Fournis les rapports AdwCleaner et OTL via le site pjjoint comme cela est demandé.

Malekal_morte- · Answer

Faut envoyer OTL sur pjjoint..

Malekal_morte- · Answer

Relance OTL. 
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:  

:OTL
CHR - Extension: BlockAndSurf = C:\Users\CHRISTINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndjnmbcpincgombkciokepgfnhjhada\1.170.0.0_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\CHRISTINE\AppData\Local\Google\Chrome\User Data\Default\Extensions
ikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ 
O2 - BHO: (BlockAndSurf) - {DF521630-EB03-9984-BAFD-0E502341A6FD} - C:\Program Files\BlockAndSurf-soft\170.dll File not found 
:files
C:\Users\CHRISTINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndjnmbcpincgombkciokepgfnhjhada\

* poste le rapport ici 

Redémarre l'ordinateur 
 

Tu devrais désinstaller a-squared Fre, Spybot, Ask et Antivir et mettre Avast! à la place.

Fenêtres Publicitaires Intempestives

3 réponses

Discussions similaires