Pubs intempestives et ordinateur qui rame

[Résolu/Fermé]
Signaler
-
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
-
Bonjour,

Depuis queslques jours mon ordinateur rame et des que je vais sur internet des pages de publicites deboulent en masse.

Comment puis les supprimer avant de devenir folle...

Merci d avance

OTL logfile created on: 27/09/2014 15:45:06 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\samia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 77,30% Memory free
5,50 Gb Paging File | 3,89 Gb Available in Paging File | 70,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,00 Gb Total Space | 75,83 Gb Free Space | 33,56% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 225,90 Gb Free Space | 99,96% Space Free | Partition Type: NTFS

Computer Name: LEMIEN | User Name: samia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/09/27 09:54:37 | 000,364,448 | ---- | M] (Corporate Inc) -- C:\Program Files (x86)\winservice86\5b2b12d8-1095-4139-85dc-c2a62af9e201.exe
PRC - [2014/09/22 07:58:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samia\Downloads\OTL (1).exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/03/24 21:11:14 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/31 12:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
PRC - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McAfee SiteAdvisor Service)
SRV:[b]64bit:[/b] - [2014/08/19 00:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:[b]64bit:[/b] - [2009/07/14 03:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV:[b]64bit:[/b] - [2009/04/19 17:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:[b]64bit:[/b] - [2009/04/19 17:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2014/09/23 21:30:11 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/10 12:04:00 | 000,036,936 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/09/02 11:08:12 | 002,998,232 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/24 21:11:14 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/03 16:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/09/19 12:51:48 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/18 18:53:38 | 000,625,728 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2011/03/31 12:45:56 | 000,454,208 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011/03/31 12:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/06/02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2014/01/07 04:47:06 | 000,014,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:[b]64bit:[/b] - [2013/08/29 03:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/06/27 16:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2012/06/11 15:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:[b]64bit:[/b] - [2012/06/11 15:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:[b]64bit:[/b] - [2012/06/11 15:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2012/06/11 15:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2012/02/24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2011/09/09 15:45:30 | 001,660,480 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2011/06/02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:[b]64bit:[/b] - [2011/06/02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:[b]64bit:[/b] - [2011/06/02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2009/11/12 06:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/06/03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:[b]64bit:[/b] - [2009/06/03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:[b]64bit:[/b] - [2009/06/03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:[b]64bit:[/b] - [2009/04/30 07:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:[b]64bit:[/b] - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/09/18 17:02:02 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com/Results.aspx?gd=&ctid=CT3317919&octid=EB_ORIGINAL_CTID&ISID=MD24E1E5C-2507-432B-A402-38AAB1EAE428&SearchSource=58&CUI=&UM=6&UP=SPAB4EF309-C492-4595-9002-426454866813&q={searchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56847


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\samia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/08/01 19:18:19 | 000,000,000 | ---D | M]

[2013/04/02 20:58:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/04/07 17:22:52 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:[b]64bit:[/b] - BHO: (winservice86) - {11111111-1111-1111-1111-110611471155} - C:\Program Files (x86)\winservice86\winservice86-bho64.dll (Corporate Inc)
O2:[b]64bit:[/b] - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (winservice86) - {11111111-1111-1111-1111-110611471155} - C:\Program Files (x86)\winservice86\winservice86-bho.dll (Corporate Inc)
O2 - BHO: (Deeal) - {70C53538-9F82-42BC-A327-74F7A46E700C} - C:\Program Files (x86)\Deeal\ScriptHost.dll (Deeal)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - Startup: C:\Users\samia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23F56DAB-BD94-4BA5-8EF0-824625EE5DD8}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44ABBA83-3FD7-427F-B126-F6C9C1BE5646}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55F9354D-FF42-4ECB-BC97-9697156239B1}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91A5B1C7-6580-42C5-BD13-B844E2D8CC03}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93191517-31F1-4BD8-A983-4125F00991C8}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD6207F3-6143-4890-9774-BF6EDFBE6C8D}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7BE680E-B0BE-435B-839B-C6093D0C0F02}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F96676F8-03DF-428A-80D6-1BEBC25F11DF}: DhcpNameServer = 192.168.0.254
O18:[b]64bit:[/b] - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/09/21 21:34:21 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/09/27 09:59:34 | 000,000,000 | ---D | C] -- C:\Users\samia\AppData\Local\SearchProtect
[2014/09/27 09:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/09/27 09:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deeal
[2014/09/27 09:58:26 | 000,000,000 | ---D | C] -- C:\Users\samia\AppData\Roaming\betadeeal
[2014/09/27 09:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/09/27 09:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/09/27 09:56:48 | 000,000,000 | ---D | C] -- C:\Users\samia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/09/27 09:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/09/27 09:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\winservice86
[2014/09/21 21:33:54 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2014/09/21 21:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/09/21 21:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/09/21 20:45:20 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/21 20:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/21 20:44:34 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/21 20:44:34 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/21 20:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/21 20:40:52 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/09/21 20:39:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/21 20:36:08 | 000,000,000 | ---D | C] -- C:\Users\samia\AppData\Roaming\Lasaoren
[2014/09/21 20:32:01 | 000,000,000 | ---D | C] -- C:\Msc
[2014/09/21 20:31:01 | 000,000,000 | ---D | C] -- C:\Users\samia\AppData\Roaming\WSE_Lasaoren
[2014/09/21 20:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSE_Lasaoren
[2014/09/11 00:39:35 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/11 00:39:35 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/11 00:39:34 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/11 00:39:34 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/11 00:39:34 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/11 00:39:34 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/11 00:39:34 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/11 00:39:34 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/11 00:39:34 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/11 00:39:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/11 00:39:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/11 00:39:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/11 00:39:33 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/11 00:39:33 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/11 00:39:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/11 00:39:33 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/11 00:39:33 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/11 00:39:32 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/11 00:39:32 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/11 00:39:32 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/11 00:39:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/11 00:39:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/11 00:39:32 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/11 00:39:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/11 00:39:31 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/11 00:39:31 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/11 00:39:31 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/11 00:39:31 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/11 00:39:31 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/11 00:39:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/11 00:39:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/11 00:39:30 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/11 00:39:28 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/11 00:39:27 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/11 00:39:27 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/11 00:31:06 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/11 00:31:06 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/10 21:36:58 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/10 21:36:58 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/10 21:36:42 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/10 21:36:15 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/08/30 11:41:24 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/09/27 15:46:17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/27 15:44:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/27 15:44:49 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/27 15:44:49 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\WSE_Lasaoren.job
[2014/09/27 13:34:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3287915087-1112590265-222051093-1000UA.job
[2014/09/27 12:51:20 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/27 12:51:20 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/27 12:50:36 | 001,671,208 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/27 12:50:36 | 000,748,112 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/09/27 12:50:36 | 000,654,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/27 12:50:36 | 000,150,378 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/09/27 12:50:36 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/27 12:44:34 | 000,002,428 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5_user.job
[2014/09/27 12:44:21 | 000,002,428 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5.job
[2014/09/27 12:44:15 | 000,004,142 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-11.job
[2014/09/27 12:44:15 | 000,003,452 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-4.job
[2014/09/27 12:44:13 | 000,000,612 | ---- | M] () -- C:\Windows\tasks\a9fe941d-c684-4609-b5e9-f8777761a013.job
[2014/09/27 12:44:12 | 000,002,750 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-1.job
[2014/09/27 12:44:12 | 000,002,092 | ---- | M] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-2.job
[2014/09/27 12:44:10 | 000,001,422 | ---- | M] () -- C:\Windows\tasks\5b2b12d8-1095-4139-85dc-c2a62af9e201.job
[2014/09/27 12:43:21 | 2213,990,400 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/27 09:58:23 | 000,667,648 | ---- | M] () -- C:\Users\samia\AppData\Roaming\~iqomshf.exe
[2014/09/27 09:56:49 | 000,001,101 | ---- | M] () -- C:\Users\samia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/09/26 22:48:55 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3287915087-1112590265-222051093-1000Core.job
[2014/09/23 21:30:10 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/23 21:30:10 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/21 21:34:21 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/09/21 20:31:02 | 000,001,074 | ---- | M] () -- C:\Users\samia\Desktop\Internet Explorer.lnk
[2014/09/11 00:38:17 | 001,645,340 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/08/31 13:07:22 | 000,267,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/30 14:58:42 | 000,006,842 | ---- | M] () -- C:\Users\samia\Desktop\imagesOP2MNC7M.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/09/27 09:58:22 | 000,667,648 | ---- | C] () -- C:\Users\samia\AppData\Roaming\~iqomshf.exe
[2014/09/27 09:56:49 | 000,001,101 | ---- | C] () -- C:\Users\samia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/09/27 09:54:43 | 000,002,428 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5_user.job
[2014/09/27 09:54:42 | 000,002,428 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5.job
[2014/09/27 09:54:37 | 000,001,422 | ---- | C] () -- C:\Windows\tasks\5b2b12d8-1095-4139-85dc-c2a62af9e201.job
[2014/09/27 09:54:29 | 000,002,092 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-2.job
[2014/09/27 09:54:21 | 000,002,750 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-1.job
[2014/09/27 09:54:17 | 000,003,452 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-4.job
[2014/09/27 09:54:13 | 000,000,612 | ---- | C] () -- C:\Windows\tasks\a9fe941d-c684-4609-b5e9-f8777761a013.job
[2014/09/27 09:54:09 | 000,004,142 | ---- | C] () -- C:\Windows\tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-11.job
[2014/09/21 21:34:21 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/09/21 20:31:17 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\WSE_Lasaoren.job
[2014/08/30 15:00:24 | 000,006,842 | ---- | C] () -- C:\Users\samia\Desktop\imagesOP2MNC7M.jpg
[2014/06/12 18:09:32 | 000,431,104 | ---- | C] () -- C:\ProgramData\uninstall_Deeal.exe
[2013/12/06 22:01:55 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2013/12/06 22:01:54 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2013/07/12 14:15:18 | 000,000,693 | ---- | C] () -- C:\Windows\wininit.ini
[2013/05/20 21:15:06 | 000,112,640 | ---- | C] () -- C:\Users\samia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/10 18:59:43 | 001,645,340 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/27 02:35:25 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 16 bytes -> C:\Users\samia\Downloads:Shareaza.GUID
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:373E1720

< End of report >





Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 28/09/2014
Heure de l'examen: 17:52:42
Fichier journal: t.txt
Administrateur: Oui

Version: 2.00.2.1012
Base de données Malveillants: v2014.09.22.01
Base de données Rootkits: v2014.09.19.01
Licence: Gratuite
Protection contre les malveillants: Désactivé(e)
Protection contre les sites Web malveillants: Désactivé(e)
Self-protection: Désactivé(e)

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: samia

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 482221
Temps écoulé: 17 min, 20 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Désactivé(e)
Heuristics: Activé(e)
PUP: Avertir
PUM: Activé(e)

Processus: 2
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\5b2b12d8-1095-4139-85dc-c2a62af9e201.exe, 3752, , [95148e62007b5dd926f512af5ca552ae]
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-bg.exe, 1748, , [317844ac4734cf6731eab60b0af77b85]

Modules: 1
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-bho.dll, , [5c4dd917b5c69a9c77a44e733bc6d828],

Clés du Registre: 38
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644474455}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655475555}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666476655}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655475555}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666476655}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644474455}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO.1, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.BHO.1, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622472255}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox.1, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\583e31c01eeb0132f0d1712b8d7ccf2e0064755.Sandbox.1, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622472255}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611471155}\INPROCSERVER32, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110611471155}, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [802989672b50df5788f7aedcae54ef11],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [802989672b50df5788f7aedcae54ef11],
PUP.Optional.Deeal.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{70C53538-9F82-42BC-A327-74F7A46E700C}, , [fdacba36512afd39ed1261279f63ef11],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\17638, , [a3062bc51566b0866878da53bc4711ef],
PUP.Optional.SmarterPower.A, HKLM\SOFTWARE\WOW6432NODE\SmarterPower, , [a6031dd35526f1454a2b090232d114ec],
PUP.Optional.WinService86.A, HKLM\SOFTWARE\WOW6432NODE\winservice86, , [cfda27c97efde0565c739f65ab5856aa],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\17638, , [e4c5bd33f08bc5712bb558d53cc7f20e],
PUP.Optional.HDTotal.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\hdtotal1.2, , [8623569ad0ab0d29670c4f1b70948a76],
PUP.Optional.WinService86.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\winservice86, , [68413fb1cab12d095081ea1a8182fa06],
PUP.Optional.Lasaoren.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Lasaoren, , [e2c7f5fb2259de5801b92f469d67ec14],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [b9f07977fd7efe38636ed193ce36ae52],
PUP.Optional.WinService86.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\winservice86, , [01a897591a61979f5a77e02457ac966a],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-3287915087-1112590265-222051093-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, , [4366be326d0edc5a860b3fd7d62de21e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [3673ef01f08bce68a1a4c42ded15f40c],

Valeurs du Registre: 0
(No malicious items detected)

Données du Registre: 0
(No malicious items detected)

Dossiers: 5
Rogue.Multiple, C:\ProgramData\374311380, , [26837e72bfbc96a0c9c2379092704fb1],
PUP.Optional.BetaDeeal.A, C:\Users\samia\AppData\Roaming\betadeeal, , [8d1cd11f0a71aa8c31e15c9446bc0ef2],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.Deeal.A, C:\Program Files (x86)\Deeal, , [9415ba362952a6903b6e45bbd82b03fd],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86, , [3475df11bfbcec4a1a97ea19b84b1fe1],

Fichiers: 55
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\5b2b12d8-1095-4139-85dc-c2a62af9e201.exe, , [95148e62007b5dd926f512af5ca552ae],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-bg.exe, , [317844ac4734cf6731eab60b0af77b85],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-bho.dll, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-bho64.dll, , [5c4dd917b5c69a9c77a44e733bc6d828],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6-11.exe, , [4b5ed020611a91a5c15a3a87c53ce020],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6-2.exe, , [4f5af7f935461c1a0b10b70a9a6747b9],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6-4.exe, , [0f9a43ad69128ea81506259c2bd6e41c],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6-5.exe, , [c9e006ea4437de5870ab1aa7c0414db3],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\winservice86\utils.exe, , [beebad43c9b2a2943dd282d3748c9868],
PUP.Optional.WinService.A, C:\Program Files (x86)\winservice86\winservice86-codedownloader.exe, , [d7d236bae794ec4abd5e616038c925db],
PUP.Optional.Conduit.A, C:\Users\samia\AppData\Local\Temp\nsw300.exe, , [4d5c14dc710a48ee82a9484baa5720e0],
PUP.Optional.CrossRider.A, C:\Users\samia\AppData\Local\Temp\~nsu.tmp\Au_.exe, , [87223bb53645e74f050a183d34cca15f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-1, , [7336b23e116a6fc71d99e13104ff837d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-11, , [1f8acd235f1c2f071b9bde34b152c937],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-2, , [1792539dc2b9a591aa0cf51d7a89649c],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-4, , [8920cc24334871c5b006e42e51b2aa56],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5, , [f6b36a865823b581bdf9ed2512f10df3],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5_user, , [decbfaf6cab17abc793d0210d82bf808],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-1.job, , [82274ca483f895a195a5670a90748779],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-11.job, , [2d7cf4fc235884b2c476ed8445bf15eb],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-2.job, , [f5b4668a26550036c179cea3c143a858],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-4.job, , [edbcb43ce89347ef92a86a0762a21ee2],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5.job, , [1099aa4666157eb87bbf90e13ec6f30d],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\add8694a-ef80-460c-980f-6bd173cfb4a6-5_user.job, , [416858983c3f41f5d466b8b9a85c4ab6],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\5b2b12d8-1095-4139-85dc-c2a62af9e201.job, , [0b9e34bcdba03ff77e42096a996bc33d],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\a9fe941d-c684-4609-b5e9-f8777761a013.job, , [7732df113f3c9a9c16aa591a8183b14f],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\5b2b12d8-1095-4139-85dc-c2a62af9e201, , [8a1f70807209d264942dbcb7c63e32ce],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\a9fe941d-c684-4609-b5e9-f8777761a013, , [4a5f29c77b008da9507178fb7c8851af],
Rogue.Multiple, C:\ProgramData\374311380\BIT11AC.tmp, , [26837e72bfbc96a0c9c2379092704fb1],
PUP.Optional.BetaDeeal.A, C:\Users\samia\AppData\Roaming\betadeeal\current_conf.ini, , [8d1cd11f0a71aa8c31e15c9446bc0ef2],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\GoogleCrashHandler.exe, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\GoogleUpdate.exe, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\GoogleUpdateBroker.exe, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\GoogleUpdateHelper.msi, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\GoogleUpdateOnDemand.exe, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\goopdate.dll, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\goopdateres_en.dll, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\npGoogleUpdate4.dll, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\psmachine.dll, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\samia\AppData\Local\Temp\comh.303564\psuser.dll, , [3673ef01f08bce68a1a4c42ded15f40c],
PUP.Optional.Deeal.A, C:\Program Files (x86)\Deeal\ScriptHost.dll, , [9415ba362952a6903b6e45bbd82b03fd],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\Interop.IWshRuntimeLibrary.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\1293297481.mxaddon, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\746d8fc9-c88a-4b0f-8c4b-210faa8ee596.crx, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\a9fe941d-c684-4609-b5e9-f8777761a013.exe, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6.crx, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\add8694a-ef80-460c-980f-6bd173cfb4a6.xpi, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\background.html, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\Newtonsoft.Json.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\SuperSocket.ClientEngine.Common.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\SuperSocket.ClientEngine.Core.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\SuperSocket.ClientEngine.Protocol.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\Uninstall.exe, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\WebSocket4Net.dll, , [3475df11bfbcec4a1a97ea19b84b1fe1],
PUP.Optional.WinService86.A, C:\Program Files (x86)\winservice86\winservice86.ico, , [3475df11bfbcec4a1a97ea19b84b1fe1],

Secteurs physiques: 0
(No malicious items detected)


(end)

9 réponses

Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 208
Salut,

Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
Voici la procédure à suivre pour les supprimer :

Commence par ceci :

Télécharge https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
Sur la page d'AdwCleaner, à droite, clic sur la disquette grise avec la flèche verte pour lancer le téléchargement.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

Messages postés
79
Date d'inscription
dimanche 16 octobre 2011
Statut
Membre
Dernière intervention
29 avril 2016
10
Bonjour à toi,
D'une première part , je n'utiliserais pas explorer à ta place ... C'est une "Merde" (désolé du mot) royale . éventuellement passe sous Mozilla Ou Chrome . Puis si tu veux éviter les pubs je te conseille d'installer un petit module (après que tu es changé de moteur de recherche) qui s'appelle :"Adblock Plus" je te donne le lien pour tous ça

Mozilla :https://www.mozilla.org/en-US/firefox/all/?q=French,%20Fran%C3%A7ais
Le module qui va avec : https://addons.mozilla.org/fr/firefox/addon/adblock-plus/

Voilà avec ça tu n'auras plus de pub nul pars ! Même devant une vidéo youtube ;)
Bonne soirée à toi !

Toujours la pour vous servir !
Amicalement LpZ-Soh
Messages postés
79
Date d'inscription
dimanche 16 octobre 2011
Statut
Membre
Dernière intervention
29 avril 2016
10
Je n'avais pas vu que tu avais firefox :D autant pour moi !
ci joint le rapport

# AdwCleaner v3.310 - Rapport créé le 28/09/2014 à 18:19:45
# Mis à jour le 12/09/2014 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : samia - LEMIEN
# Exécuté depuis : C:\Users\samia\Downloads\adwcleaner_3.310 (1).exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\374311380
Dossier Supprimé : C:\Program Files (x86)\Deeal
Dossier Supprimé : C:\Program Files (x86)\SearchProtect
Dossier Supprimé : C:\Program Files (x86)\winservice86
Dossier Supprimé : C:\Users\samia\AppData\Roaming\betadeeal
Fichier Supprimé : C:\ProgramData\uninstall_Deeal.exe

***** [ Tâches planifiées ] *****

Tâche Supprimée : LaunchSignup
Tâche Supprimée : 5b2b12d8-1095-4139-85dc-c2a62af9e201
Tâche Supprimée : a9fe941d-c684-4609-b5e9-f8777761a013
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-1
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-11
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-2
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-4
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-5
Tâche Supprimée : add8694a-ef80-460c-980f-6bd173cfb4a6-5_user

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655475555}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666476655}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644474455}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70C53538-9F82-42BC-A327-74F7A46E700C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655475555}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666476655}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Clé Supprimée : HKCU\Software\Optimizer Pro
Clé Supprimée : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\winservice86
Clé Supprimée : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clé Supprimée : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Clé Supprimée : HKLM\SOFTWARE\GlobalUpdate
Clé Supprimée : HKLM\SOFTWARE\InstalledBrowserExtensions
Clé Supprimée : HKLM\SOFTWARE\winservice86
Clé Supprimée : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v

*************************

AdwCleaner[R3].txt - [61535 octets] - [21/09/2014 20:39:02]
AdwCleaner[R4].txt - [861 octets] - [21/09/2014 20:57:09]
AdwCleaner[R5].txt - [979 octets] - [22/09/2014 07:57:02]
AdwCleaner[R6].txt - [5770 octets] - [28/09/2014 18:17:11]
AdwCleaner[S3].txt - [61720 octets] - [21/09/2014 20:46:19]
AdwCleaner[S4].txt - [921 octets] - [21/09/2014 21:00:49]
AdwCleaner[S5].txt - [5417 octets] - [28/09/2014 18:19:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [5477 octets] ##########
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 208
Réinitialise les navigateurs WEB :
* Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
* Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=

Refais un scan OTL et donne le rapport via le site http://pjjoint.malekal.com
Je n utilise ni firefox ni google chrome mais internet explorer...
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 208
ok passe à OTL alors :)
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 208
Le rapport est à donner via pjjoint.
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 208
il faut donner le lien ici.
oups
http://pjjoint.malekal.com/files.php?id=20140928_d15g9j12x5j9
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 208
Désinstalle Driver Manager.

Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

:OTL
O4 - HKCU..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
:files
C:\Program Files (x86)\Driver Manager\

* poste le rapport ici


Redémarre l'ordinateur

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Manager not found.
File C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe not found.
========== FILES ==========
Folder C:\Program Files (x86)\Driver Manager not found.

OTL by OldTimer - Version 3.2.69.0 log created on 09282014_213146
Merci car ca a l air de fonctionner nickel...
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 208
:)


Quelques conseils :

Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.


Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/