Sujet Précédent Sujet Suivant

Pubs intempestives et ordinateur qui rame

Résolu/Fermé
tatassam - 28 sept. 2014 à 18:10
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 28 sept. 2014 à 22:19
Bonjour,

Depuis queslques jours mon ordinateur rame et des que je vais sur internet des pages de publicites deboulent en masse.

Comment puis les supprimer avant de devenir folle...

Merci d avance

OTL logfile created on: 27/09/2014 15:45:06 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\samia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 77,30% Memory free
5,50 Gb Paging File | 3,89 Gb Available in Paging File | 70,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,00 Gb Total Space | 75,83 Gb Free Space | 33,56% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 225,90 Gb Free Space | 99,96% Space Free | Partition Type: NTFS

Computer Name: LEMIEN | User Name: samia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/09/27 09:54:37 | 000,364,448 | ---- | M] (Corporate Inc) -- C:\Program Files (x86)\winservice86\5b2b12d8-1095-4139-85dc-c2a62af9e201.exe
PRC - [2014/09/22 07:58:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samia\Downloads\OTL (1).exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/03/24 21:11:14 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/31 12:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
PRC - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McAfee SiteAdvisor Service)
SRV:[b]64bit:[/b] - [2014/08/19 00:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:[b]64bit:[/b] - [2009/07/14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV:[b]64bit:[/b] - [2009/04/19 17:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:[b]64bit:[/b] - [2009/04/19 17:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2014/09/23 21:30:11 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/10 12:04:00 | 000,036,936 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/09/02 11:08:12 | 002,998,232 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/24 21:11:14 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/03 16:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/09/19 12:51:48 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/18 18:53:38 | 000,625,728 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2011/03/31 12:45:56 | 000,454,208 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011/03/31 12:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/06/02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2014/01/07 04:47:06 | 000,014,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:[b]64bit:[/b] - [2013/08/29 03:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/06/27 16:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2012/06/11 15:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:[b]64bit:[/b] - [2012/06/11 15:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:[b]64bit:[/b] - [2012/06/11 15:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2012/06/11 15:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2012/02/24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2011/09/09 15:45:30 | 001,660,480 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2011/06/02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:[b]64bit:[/b] - [2011/06/02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:[b]64bit:[/b] - [2011/06/02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2009/11/12 06:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/06/03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:[b]64bit:[/b] - [2009/06/03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:[b]64bit:[/b] - [2009/06/03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:[b]64bit:[/b] - [2009/04/30 07:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:[b]64bit:[/b] - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/09/18 17:02:02 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com/Results.aspx?gd=&ctid=CT3317919&octid=EB_ORIGINAL_CTID&ISID=MD24E1E5C-2507-432B-A402-38AAB1EAE428&SearchSource=58&CUI=&UM=6&UP=SPAB4EF309-C492-4595-9002-426454866813&q={searchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56847


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\samia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/08/01 19:18:19 | 000,000,000 | ---D | M]

[2013/04/02 20:58:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/04/07 17:22:52 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:[b]64bit:[/b] - BHO: (winservice86) - {11111111-1111-1111-1111-110611471155} - C:\Program Files (x86)\winservice86\winservice86-bho64.dll (Corporate Inc)
O2:[b]64bit:[/b] - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (winservice86) - {11111111-1111-1111-1111-110611471155} - C:\Program Files (x86)\winservice86\winservice86-bho.dll (Corporate Inc)
O2 - BHO: (Deeal) - {70C53538-9F82-42BC-A327-74F7A46E700C} - C:\Program Files (x86)\Deeal\ScriptHost.dll (Deeal)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - Startup: C:\Users\samia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23F56DAB-BD94-4BA5-8EF0-824625EE5DD8}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44ABBA83-3FD7-427F-B126-F6C9C1BE5646}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55F9354D-FF42-4ECB-BC97-9697156239B1}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91A5B1C7-6580-42C5-BD13-B844E2D8CC03}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93191517-31F1-4BD8-A983-4125F00991C8}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD6207F3-6143-4890-9774-BF6EDFBE6C8D}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7BE680E-B0BE-435B-839B-C6093D0C0F02}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F96676F8-03DF-428A-80D6-1BEBC25F11DF}: DhcpNameServer = 192.168.0.254
O18:[b]64bit:[/b] - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/09/21 21:34:21 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/09/27 09:59:34 | 000,000,000 | ---D | C] -- C:\Users\samia\AppData\Local\SearchProtect
[2014/09/27 09:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/09/27 09:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deeal
[2014/09/27 09:58:26 | 000,000,000 | ---D | C] -- C:\Users\samia\AppData\Roaming\betadeeal
[2014/09/27 09:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/09/27 09:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/09/27 09:56:48 | 000,000,000 | ---D | C] -- C:\Users\samia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/09/27 09:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/09/27 09:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\winservice86
[2014/09/21 21:33:54 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2014/09/21 21:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/09/21 21:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/09/21 20:45:20 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/21 20:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/21 20:44:34 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/21 20:44:34 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/21 20:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/21 20:40:52 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/09/21 20:39:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/21 20:36:08 | 000,000,000 | ---D | C] -- C:\Users\samia\AppData\Roaming\Lasaoren
[2014/09/21 20:32:01 | 000,000,000 | ---D | C] -- C:\Msc
[2014/09/21 20:31:01 | 000,000,000 | ---D | C] -- C:\Users\samia\AppData\Roaming\WSE_Lasaoren
[2014/09/21 20:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSE_Lasaoren
[2014/09/11 00:39:35 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/11 00:39:35 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/11 00:39:34 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/11 00:39:34 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/11 00:39:34 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/11 00:39:34 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/11 00:39:34 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/11 00:39:34 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/11 00:39:34 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/11 00:39:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/11 00:39:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/11 00:39:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/11 00:39:33 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/11 00:39:33 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/11 00:39:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/11 00:39:33 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/11 00:39:33 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/11 00:39:32 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/11 00:39:32 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/11 00:39:32 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/11 00:39:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/11 00:39:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/11 00:39:32 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/11 00:39:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/11 00:39:31 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/11 00:39:31 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/11 00:39:31 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/11 00:39:31 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/11 00:39:31 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/11 00:39:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/11 00:39:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/11 00:39:30 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/11 00:39:28 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/11 00:39:27 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/11 00:39:27 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/11 00:31:06 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/11 00:31:06 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/10 21:36:58 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/10 21:36:58 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/10 21:36:42 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/10 21:36:15 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/08/30 11:41:24 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/09/27 15:46:17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/27 15:44:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/27 15:44:49 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/27 15:44:49 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\WSE_Lasaoren.job
[2014/09/27 13:34:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3287915087-1112590265-222051093-1000UA.job
[2014/09/27 12:51:20 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/27 12:51:20 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/27 12:50:36 | 001,671,208 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/27 12:50:36 | 000,748,112 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/09/27 12:50:36 | 000,654,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/27 12:50:36 | 000,150,378 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/09/27 12:50:36 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/27 12:44:34 | 000,002,428 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5_user.job
[2014/09/27 12:44:21 | 000,002,428 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5.job
[2014/09/27 12:44:15 | 000,004,142 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-11.job
[2014/09/27 12:44:15 | 000,003,452 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-4.job
[2014/09/27 12:44:13 | 000,000,612 | ---- | M] () -- C:\Windows\tasks\a9fe941d-c684-4609-b5e9-f8777761a013.job
[2014/09/27 12:44:12 | 000,002,750 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-1.job
[2014/09/27 12:44:12 | 000,002,092 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-2.job
[2014/09/27 12:44:10 | 000,001,422 | ---- | M] () -- C:\Windows\tasks\5b2b12d8-1095-4139-85dc-c2a62af9e201.job
[2014/09/27 12:43:21 | 2213,990,400 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/27 09:58:23 | 000,667,648 | ---- | M] () -- C:\Users\samia\AppData\Roaming\~iqomshf.exe
[2014/09/27 09:56:49 | 000,001,101 | ---- | M] () -- C:\Users\samia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/09/26 22:48:55 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3287915087-1112590265-222051093-1000Core.job
[2014/09/23 21:30:10 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/23 21:30:10 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/21 21:34:21 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/09/21 20:31:02 | 000,001,074 | ---- | M] () -- C:\Users\samia\Desktop\Internet Explorer.lnk
[2014/09/11 00:38:17 | 001,645,340 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/08/31 13:07:22 | 000,267,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/30 14:58:42 | 000,006,842 | ---- | M] () -- C:\Users\samia\Desktop\imagesOP2MNC7M.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/09/27 09:58:22 | 000,667,648 | ---- | C] () -- C:\Users\samia\AppData\Roaming\~iqomshf.exe
[2014/09/27 09:56:49 | 000,001,101 | ---- | C] () -- C:\Users\samia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/09/27 09:54:43 | 000,002,428 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5_user.job
[2014/09/27 09:54:42 | 000,002,428 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5.job
[2014/09/27 09:54:37 | 000,001,422 | ---- | C] () -- C:\Windows\tasks\5b2b12d8-1095-4139-85dc-c2a62af9e201.job
[2014/09/27 09:54:29 | 000,002,092 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-2.job
[2014/09/27 09:54:21 | 000,002,750 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-1.job
[2014/09/27 09:54:17 | 000,003,452 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-4.job
[2014/09/27 09:54:13 | 000,000,612 | ---- | C] () -- C:\Windows\tasks\a9fe941d-c684-4609-b5e9-f8777761a013.job
[2014/09/27 09:54:09 | 000,004,142 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-11.job
[2014/09/21 21:34:21 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/09/21 20:31:17 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\WSE_Lasaoren.job
[2014/08/30 15:00:24 | 000,006,842 | ---- | C] () -- C:\Users\samia\Desktop\imagesOP2MNC7M.jpg
[2014/06/12 18:09:32 | 000,431,104 | ---- | C] () -- C:\ProgramData\uninstall_Deeal.exe
[2013/12/06 22:01:55 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2013/12/06 22:01:54 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2013/07/12 14:15:18 | 000,000,693 | ---- | C] () -- C:\Windows\wininit.ini
[2013/05/20 21:15:06 | 000,112,640 | ---- | C] () -- C:\Users\samia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/10 18:59:43 | 001,645,340 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/27 02:35:25 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 16 bytes -> C:\Users\samia\Downloads:Shareaza.GUID
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:373E1720

< End of report >





Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 28/09/2014
Heure de l'examen: 17:52:42
Fichier journal: t.txt
Administrateur: Oui

Version: 2.00.2.1012
Base de données Malveillants: v2014.09.22.01
Base de données Rootkits: v2014.09.19.01
Licence: Gratuite
Protection contre les malveillants: Désactivé(e)
Protection contre les sites Web malveillants: Désactivé(e)
Self-protection: Désactivé(e)

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: samia

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 482221
Temps écoulé: 17 min, 20 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Désactivé(e)
Heuristics: Activé(e)
PUP: Avertir
PUM: Activé(e)

Processus: 2
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\5b2b12d8-1095-4139-85dc-c2a62af9e201.exe, 3752, , [95148e62007b5dd926f512af5ca552ae]
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-bg.exe, 1748, , [317844ac4734cf6731eab60b0af77b85]

Modules: 1
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-bho.dll, , [5c4dd917b5c69a9c77a44e733bc6d828],

Clés du Registre: 38
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644474455}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655475555}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666476655}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655475555}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666476655}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644474455}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO.1, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO.1, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622472255}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox.1, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox.1, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622472255}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611471155}\INPROCSERVER32, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [802989672b50df5788f7aedcae54ef11],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [802989672b50df5788f7aedcae54ef11],
PUP.Optional.Deeal.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{70C53538-9F82-42BC-A327-74F7A46E700C}, , [fdacba36512afd39ed1261279f63ef11],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\17638, , [a3062bc51566b0866878da53bc4711ef],
PUP.Optional.SmarterPower.A, HKLM\SOFTWARE\WOW6432NODE\SmarterPower, , [a6031dd35526f1454a2b090232d114ec],
PUP.Optional.WinService86.A, HKLM\SOFTWARE\WOW6432NODE\winservice86, , [cfda27c97efde0565c739f65ab5856aa],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\17638, , [e4c5bd33f08bc5712bb558d53cc7f20e],
PUP.Optional.HDTotal.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\hdtotal1.2, , [8623569ad0ab0d29670c4f1b70948a76],
PUP.Optional.WinService86.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\winservice86, , [68413fb1cab12d095081ea1a8182fa06],
PUP.Optional.Lasaoren.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Lasaoren, , [e2c7f5fb2259de5801b92f469d67ec14],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [b9f07977fd7efe38636ed193ce36ae52],
PUP.Optional.WinService86.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\winservice86, , [01a897591a61979f5a77e02457ac966a],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, , [4366be326d0edc5a860b3fd7d62de21e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [3673ef01f08bce68a1a4c42ded15f40c],

Valeurs du Registre: 0
(No malicious items detected)

Données du Registre: 0
(No malicious items detected)

Dossiers: 5
Rogue.Multiple, C:\ProgramData\374311380, , [26837e72bfbc96a0c9c2379092704fb1],
PUP.Optional.BetaDeeal.A, C:\Users\samia\AppData\Roaming\betadeeal, , [8d1cd11f0a71aa8c31e15c9446bc0ef2],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.Deeal.A, C:\Program Files (x86)\Deeal, , [9415ba362952a6903b6e45bbd82b03fd],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86, , [3475df11bfbcec4a1a97ea19b84b1fe1],

Fichiers: 55
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\5b2b12d8-1095-4139-85dc-c2a62af9e201.exe, , [95148e62007b5dd926f512af5ca552ae],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-bg.exe, , [317844ac4734cf6731eab60b0af77b85],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-bho.dll, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-bho64.dll, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6-11.exe, , [4b5ed020611a91a5c15a3a87c53ce020],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6-2.exe, , [4f5af7f935461c1a0b10b70a9a6747b9],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6-4.exe, , [0f9a43ad69128ea81506259c2bd6e41c],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6-5.exe, , [c9e006ea4437de5870ab1aa7c0414db3],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\winservice86\utils.exe, , [beebad43c9b2a2943dd282d3748c9868],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-codedownloader.exe, , [d7d236bae794ec4abd5e616038c925db],
PUP.Optional.Conduit.A, C:\Users\samia\AppData\Local\Temp\nsw300.exe, , [4d5c14dc710a48ee82a9484baa5720e0],
PUP.Optional.CrossRider.A, C:\Users\samia\AppData\Local\Temp\~nsu.tmp\Au_.exe, , [87223bb53645e74f050a183d34cca15f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-1, , [7336b23e116a6fc71d99e13104ff837d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-11, , [1f8acd235f1c2f071b9bde34b152c937],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-2, , [1792539dc2b9a591aa0cf51d7a89649c],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-4, , [8920cc24334871c5b006e42e51b2aa56],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5, , [f6b36a865823b581bdf9ed2512f10df3],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5_user, , [decbfaf6cab17abc793d0210d82bf808],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-1.job, , [82274ca483f895a195a5670a90748779],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-11.job, , [2d7cf4fc235884b2c476ed8445bf15eb],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-2.job, , [f5b4668a26550036c179cea3c143a858],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-4.job, , [edbcb43ce89347ef92a86a0762a21ee2],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5.job, , [1099aa4666157eb87bbf90e13ec6f30d],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5_user.job, , [416858983c3f41f5d466b8b9a85c4ab6],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\5b2b12d8-1095-4139-85dc-c2a62af9e201.job, , [0b9e34bcdba03ff77e42096a996bc33d],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\a9fe941d-c684-4609-b5e9-f8777761a013.job, , [7732df113f3c9a9c16aa591a8183b14f],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\5b2b12d8-1095-4139-85dc-c2a62af9e201, , [8a1f70807209d264942dbcb7c63e32ce],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\a9fe941d-c684-4609-b5e9-f8777761a013, , [4a5f29c77b008da9507178fb7c8851af],
Rogue.Multiple, C:\ProgramData\374311380\BIT11AC.tmp, , [26837e72bfbc96a0c9c2379092704fb1],
PUP.Optional.BetaDeeal.A, C:\Users\samia\AppData\Roaming\betadeeal\current_conf.ini, , [8d1cd11f0a71aa8c31e15c9446bc0ef2],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\GoogleCrashHandler.exe, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\GoogleUpdate.exe, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\GoogleUpdateBroker.exe, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\GoogleUpdateHelper.msi, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\GoogleUpdateOnDemand.exe, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\goopdate.dll, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\goopdateres_en.dll, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\npGoogleUpdate4.dll, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\psmachine.dll, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\psuser.dll, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.Deeal.A, C:\Program Files (x86)\Deeal\ScriptHost.dll, , [9415ba362952a6903b6e45bbd82b03fd],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\Interop.IWshRuntimeLibrary.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\1293297481.mxaddon, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\746d8fc9-c88a-4b0f-8c4b-210faa8ee596.crx, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\a9fe941d-c684-4609-b5e9-f8777761a013.exe, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6.crx, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6.xpi, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\background.html, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\Newtonsoft.Json.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\SuperSocket.ClientEngine.Common.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\SuperSocket.ClientEngine.Core.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\SuperSocket.ClientEngine.Protocol.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\Uninstall.exe, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\WebSocket4Net.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\winservice86.ico, , [3475df11bfbcec4a1a97ea19b84b1fe1],

Secteurs physiques: 0
(No malicious items detected)


(end)
A voir également:

9 réponses

Réponse 1 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
28 sept. 2014 à 18:14
Salut,

Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
Voici la procédure à suivre pour les supprimer :

Commence par ceci :

Télécharge https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
Sur la page d'AdwCleaner, à droite, clic sur la disquette grise avec la flèche verte pour lancer le téléchargement.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

0
Réponse 2 / 9
LpZ-Soh Messages postés 79 Date d'inscription dimanche 16 octobre 2011 Statut Membre Dernière intervention 29 avril 2016 11
Modifié par LpZ-Soh le 28/09/2014 à 18:22
Bonjour à toi,
D'une première part , je n'utiliserais pas explorer à ta place ... C'est une "Merde" (désolé du mot) royale . éventuellement passe sous Mozilla Ou Chrome . Puis si tu veux éviter les pubs je te conseille d'installer un petit module (après que tu es changé de moteur de recherche) qui s'appelle :"Adblock Plus" je te donne le lien pour tous ça

Mozilla :https://www.mozilla.org/en-US/firefox/all/?q=French,%20Fran%C3%A7ais
Le module qui va avec : https://addons.mozilla.org/fr/firefox/addon/adblock-plus/

Voilà avec ça tu n'auras plus de pub nul pars ! Même devant une vidéo youtube ;)
Bonne soirée à toi !

Toujours la pour vous servir !
Amicalement LpZ-Soh
0
LpZ-Soh Messages postés 79 Date d'inscription dimanche 16 octobre 2011 Statut Membre Dernière intervention 29 avril 2016 11
28 sept. 2014 à 18:22
Je n'avais pas vu que tu avais firefox :D autant pour moi !
0
Réponse 3 / 9
tatassam
28 sept. 2014 à 18:24
ci joint le rapport

# AdwCleaner v3.310 - Rapport créé le 28/09/2014 à 18:19:45
# Mis à jour le 12/09/2014 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : samia - LEMIEN
# Exécuté depuis : C:\Users\samia\Downloads\adwcleaner_3.310 (1).exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\374311380
Dossier Supprimé : C:\Program Files (x86)\Deeal
Dossier Supprimé : C:\Program Files (x86)\SearchProtect
Dossier Supprimé : C:\Program Files (x86)\winservice86
Dossier Supprimé : C:\Users\samia\AppData\Roaming\betadeeal
Fichier Supprimé : C:\ProgramData\uninstall_Deeal.exe

***** [ Tâches planifiées ] *****

Tâche Supprimée : LaunchSignup
Tâche Supprimée : 5b2b12d8-1095-4139-85dc-c2a62af9e201
Tâche Supprimée : a9fe941d-c684-4609-b5e9-f8777761a013
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-1
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-11
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-2
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-4
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-5
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-5_user

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655475555}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666476655}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644474455}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70C53538-9F82-42BC-A327-74F7A46E700C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655475555}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666476655}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Clé Supprimée : HKCU\Software\Optimizer Pro
Clé Supprimée : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\winservice86
Clé Supprimée : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clé Supprimée : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Clé Supprimée : HKLM\SOFTWARE\GlobalUpdate
Clé Supprimée : HKLM\SOFTWARE\InstalledBrowserExtensions
Clé Supprimée : HKLM\SOFTWARE\winservice86
Clé Supprimée : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v

*************************

AdwCleaner[R3].txt - [61535 octets] - [21/09/2014 20:39:02]
AdwCleaner[R4].txt - [861 octets] - [21/09/2014 20:57:09]
AdwCleaner[R5].txt - [979 octets] - [22/09/2014 07:57:02]
AdwCleaner[R6].txt - [5770 octets] - [28/09/2014 18:17:11]
AdwCleaner[S3].txt - [61720 octets] - [21/09/2014 20:46:19]
AdwCleaner[S4].txt - [921 octets] - [21/09/2014 21:00:49]
AdwCleaner[S5].txt - [5417 octets] - [28/09/2014 18:19:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [5477 octets] ##########
0
Réponse 4 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
28 sept. 2014 à 18:27
Réinitialise les navigateurs WEB :
* Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
* Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=

Refais un scan OTL et donne le rapport via le site http://pjjoint.malekal.com
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
tatassam
28 sept. 2014 à 18:33
Je n utilise ni firefox ni google chrome mais internet explorer...
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
28 sept. 2014 à 18:38
ok passe à OTL alors :)
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
28 sept. 2014 à 19:14
Le rapport est à donner via pjjoint.
0
tatassam
28 sept. 2014 à 20:27
fait
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
28 sept. 2014 à 20:54
il faut donner le lien ici.
0
tatassam
28 sept. 2014 à 20:55
oups
http://pjjoint.malekal.com/files.php?id=20140928_d15g9j12x5j9
0
Réponse 6 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
28 sept. 2014 à 21:25
Désinstalle Driver Manager.

Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

:OTL
O4 - HKCU..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
:files
C:\Program Files (x86)\Driver Manager\

* poste le rapport ici


Redémarre l'ordinateur

0
Réponse 7 / 9
tatassam
28 sept. 2014 à 21:32
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Manager not found.
File C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe not found.
========== FILES ==========
Folder C:\Program Files (x86)\Driver Manager not found.

OTL by OldTimer - Version 3.2.69.0 log created on 09282014_213146
0
Réponse 8 / 9
tatassam
28 sept. 2014 à 21:51
Merci car ca a l air de fonctionner nickel...
0
Réponse 9 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
28 sept. 2014 à 22:19
:)


Quelques conseils :

Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.


Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/

0

Discussions similaires

Où est la touche SHIFT sur mon clavier d'ordi ?
joe! -
fernando-_ytb -

18 réponses