Sujet Précédent Sujet Suivant

J'ai chopé un virus ..help me

Fermé
kasperchat Messages postés 272 Date d'inscription dimanche 16 novembre 2008 Statut Membre Dernière intervention 5 avril 2022 - 2 nov. 2014 à 18:49
 Utilisateur anonyme - 3 nov. 2014 à 14:25
Bonjour,

après un téléchargement sur un site bien connu ...mon pc est vérolé...pouvez vous m'aider pour un diag merci



28 réponses

Précédent
  • 1
  • 2
Réponse 21 / 28
kasperchat Messages postés 272 Date d'inscription dimanche 16 novembre 2008 Statut Membre Dernière intervention 5 avril 2022 2
3 nov. 2014 à 11:53
j'ai tt supprimer des quarantaines ...
mais pas de rapport
0
Réponse 22 / 28
Utilisateur anonyme
3 nov. 2014 à 11:55
Re

On avance

poste moi un nouveau rapport ZHPDiag
0
Réponse 23 / 28
kasperchat Messages postés 272 Date d'inscription dimanche 16 novembre 2008 Statut Membre Dernière intervention 5 avril 2022 2
3 nov. 2014 à 12:09
~ Rapport de ZHPDiag v2014.11.2.154 - Nicolas Coolman (28/10/2014)
~ Lancé par evrard- (03/11/2014 12:07:05)
~ Adresse du Site Web https://nicolascoolman.eu
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17358
GCIE: Google Chrome v37.0.2062.120 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft Security Client v4.6.0305.0
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 17 GB (14%) free of 116 GB

---\\ Mode de connexion au système
~ Computer Name: EVRARD--PC
~ User Name: evrard-
~ All Users Names: HomeGroupUser$, evrard-, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\evrard-\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\evrard-\AppData\Roaming\
~ %Desktop% : C:\Users\evrard-\Desktop\
~ %Favorites% : C:\Users\evrard-\Favorites\
~ %LocalAppData% : C:\Users\evrard-\AppData\Local\
~ %StartMenu% : C:\Users\evrard-\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 17 Go of 116 Go)
D: Hard drive, Flash drive, Thumb drive (Free 249 Go of 330 Go)
E: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9D98D4F390F0B14A782F3B931E613A1A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/09/2014 - 01:33:18.) -- C:\Windows\System32\wininet.dll [2309632]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1252
Mes musiques (My Musics) : 43/43 (Modified)
~ Mes Videos (My Videos) : 1/29
~ Mes Favoris (My Favorites) : 1/22
Mes Documents (My Documents) : 2/2 (Modified)
~ Mon Bureau (My Desktop) : 7/95
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.852EE4F61139A1B3F44EDAA0D5B3FC14] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [53888] [PID.3004]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propriétaire - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.3020]
[MD5.868E3486E7EC522330344152A5535783] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.3040]
[MD5.97F60D16F052DA9CB619AB9A96CB2D4E] - (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440] [PID.3064]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.836]
[MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.3736]
[MD5.D36DA0A5C531353C5FF5E29242649257] - (.Boingo Wireless, Inc. - Boingo Wi-Fi.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe [365936] [PID.4228]
[MD5.6529C89512CE4498919BDC512572F82C] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656] [PID.4236]
[MD5.5666955DC9FD455A003D86A21E0483A9] - (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624] [PID.4244]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016] [PID.4252]
[MD5.308F2EE28005510DE616409148CF077B] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.4288]
[MD5.603668084332DDB58D8C5AACE30B04FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4312]
[MD5.EB6628C8ED64B86496DBD784D9527E41] - (...) -- C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe [418368] [PID.4356]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.4648]
[MD5.AC08A03D7E579E2903925736E7AB48F2] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808] [PID.2092]
[MD5.5C396DDE6AAFFB64ABC0E0FD88F53553] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3054136] [PID.4472]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.4568]
[MD5.309FF45AE89E20C6E48600DF530231AC] - (.PokerStars - PokerStars GUI.) -- C:\Program Files (x86)\PokerStars.FR\PokerStars.exe [12856600] [PID.4216]
[MD5.058F2D06C66B49E7FEC21587222732ED] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8118272] [PID.6168]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1332]
[MD5.63F1212FFE13E62CA1E8D8EE19ABD9A7] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1368]
[MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1612]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1656]
[MD5.0FC581CCB806B957643138F2ED9377C6] - (...) -- C:\Windows\rcore.exe [4959744] [PID.1792]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2204]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2540]
[MD5.C811032EBB2C2E9FACFC364599E91BE3] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [174720] [PID.2624]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.2680]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113208] [PID.2704]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.2884]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3560]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\evrard-\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 03s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.babygo.fr:
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: PC Scan & Repair by Reimage.lnk . (...) -- C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe (.not file.) =>Rogue.ReimageRepair
O4 - GS\QuickLaunch [evrard-]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\evrard-\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [evrard-]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\evrard-\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [ETDWare] . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AmIcoSinglun64] . (.AlcorMicro Co., Ltd. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\evrard-\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [Boingo Wi-Fi] . (...) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [ASUSWebStorage] . (.ASUS Cloud Corporation - AsusWebStorage.) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [CrashMon] . (...) -- C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-264416718-1721051836-252248340-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\evrard-\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-264416718-1721051836-252248340-1001\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-264416718-1721051836-252248340-1001\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{071CC877-BF73-47C9-B80C-9E53D24CE1FB}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A394E0F-5801-4DBA-8F89-6C949E953A6C}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{60F3515B-2BE3-4F96-B78A-068C07CA1826}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{071CC877-BF73-47C9-B80C-9E53D24CE1FB}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A394E0F-5801-4DBA-8F89-6C949E953A6C}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{60F3515B-2BE3-4F96-B78A-068C07CA1826}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{071CC877-BF73-47C9-B80C-9E53D24CE1FB}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A394E0F-5801-4DBA-8F89-6C949E953A6C}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{60F3515B-2BE3-4F96-B78A-068C07CA1826}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: FastPlayer Updater Service (FastPlayerUpdaterService) . (.Pas de propriétaire - FastPlayerUpdaterService.) - C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe =>Adware.IncrediBar
O23 - Service: rcores (rcores) . (...) - C:\Windows\rcore.exe
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) . (...) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (.not file.) =>Rogue.ReimageRepair
~ Services: 11 Legitimates Filtered in 00mn 05s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [ReimageUpdater] (...) -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (.not file.) [0] =>Rogue.ReimageRepair
[MD5.00000000000000000000000000000000] [APT] [{CBA42A1F-11E4-4B11-9BFF-D1C74DF32539}] (...) -- C:\Users\evrard-\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 04s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (b786bdb3c67d) . (. - .) - C:\Windows\System32\drivers\b786bdb3c67d.sys (.not file.)
~ Drivers: 66 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: EuroPoker 1.0.0 - (.Europoker.fr.) [HKLM][64Bits] -- EuroPoker_is1
O42 - Logiciel: FastPlayer - (...) [HKLM][64Bits] -- FastPlayer
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr
~ Logic: 24 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\45918InstEnd]
[HKCU\Software\Cores]
[HKCU\Software\FAAOU]
[HKCU\Software\GWNXZKH]
[HKCU\Software\Gameo] =>PUP.Gameo
[HKCU\Software\GoldenGate]
[HKCU\Software\IE Tab]
[HKCU\Software\ISRYT]
[HKCU\Software\KEHI]
[HKCU\Software\OZBNK]
[HKCU\Software\PRWDPYCK]
[HKCU\Software\ROZGPG]
[HKCU\Software\RVOYAI]
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\Software\TRPH]
[HKCU\Software\VXPL]
[HKCU\Software\test]
[HKLM\Software\ClickMovie1-Downloaderv10-nv]
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Wow6432Node\1b0f90ab-38b0-4403-9ee4-6ddbd72d89bf]
[HKLM\Software\Wow6432Node\6e2b4be1-666d-4446-b14a-872e44c655b4]
[HKLM\Software\Wow6432Node\845d899f-ff35-4249-9cc7-f319acb0de8d]
[HKLM\Software\Wow6432Node\ClickMovie1-Downloaderv10-nv]
[HKLM\Software\Wow6432Node\DownloaderAssistant]
[HKLM\Software\Wow6432Node\Universal]
[HKLM\Software\Wow6432Node\c0200817-fcbf-44b5-8354-90aea78c0b23]
[HKLM\Software\Wow6432Node\dac3afec-0809-4f3e-afee-c2fbe4a8eb83]
~ Key Software: 270 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/11/2014 - 17:56:58 - [] ----D C:\Program Files (x86)\0ca45c95134d
O43 - CFD: 02/11/2014 - 17:59:29 - [] ----D C:\Program Files (x86)\FastPlayer
O43 - CFD: 02/11/2014 - 18:23:23 - [] ----D C:\Program Files (x86)\HQ-Video-Pro-2.1V02.11 =>PUP.CrossRider
O43 - CFD: 23/09/2014 - 15:29:24 - [] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 02/11/2014 - 18:28:48 - [] ----D C:\Program Files (x86)\Reimageplus.com =>Rogue.ReimageRepair
O43 - CFD: 02/11/2014 - 18:28:43 - [] ----D C:\ProgramData\Reimage Protector =>Rogue.ReimageRepair
O43 - CFD: 24/01/2014 - 11:58:15 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 28/08/2014 - 17:15:17 - [] ----D C:\Users\evrard-\AppData\Roaming\GGEmpire441
O43 - CFD: 29/08/2014 - 09:15:13 - [] --H-D C:\Users\evrard-\AppData\Roaming\GoldenGate
O43 - CFD: 20/09/2014 - 13:54:32 - [0] ----D C:\Users\evrard-\AppData\Roaming\GoodGameEmpire
O43 - CFD: 17/01/2014 - 12:39:26 - [] ----D C:\Users\evrard-\AppData\Roaming\NetScop.Net
O43 - CFD: 07/01/2014 - 18:41:17 - [] ----D C:\Users\evrard-\AppData\Roaming\wam
O43 - CFD: 07/01/2014 - 18:41:18 - [] ----D C:\Users\evrard-\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 20/09/2014 - 17:18:17 - [] ----D C:\Users\evrard-\AppData\Local\com
O43 - CFD: 02/11/2014 - 17:59:42 - [] ----D C:\Users\evrard-\AppData\Local\fastplayer
O43 - CFD: 28/08/2014 - 17:15:05 - [0] ----D C:\Users\evrard-\AppData\Local\GGEmpire
O43 - CFD: 04/05/2014 - 11:06:00 - [] ----D C:\Users\evrard-\AppData\Local\IE Tab
O43 - CFD: 03/11/2014 - 10:06:11 - [] ----D C:\Users\evrard-\AppData\Local\PokerStars.FR
O43 - CFD: 20/09/2014 - 13:54:32 - [0] ----D C:\Users\evrard-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoodGameEmpire
~ Program Folder: 176 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0FC581CCB806B957643138F2ED9377C6] - 01/11/2014 - 08:52:16 ---A- . (...) -- C:\Windows\rcore.exe [4959744]
O44 - LFC:[MD5.97BDCB6BED580CE91DE329456969251B] - 02/11/2014 - 18:28:44 ---A- . (...) -- C:\Windows\Reimage.ini [120] =>Rogue.ReimageRepair
O44 - LFC:[MD5.76D8A6EA3240149CA8CA381F6CCC18F8] - 02/11/2014 - 19:16:59 ---A- . (...) -- C:\Windows\System32\AutoRunFilter.ini [2072]
O44 - LFC:[MD5.5F47864D6842B8D33521B9DF79B83489] - 02/11/2014 - 19:17:00 ---A- . (...) -- C:\Windows\System32\ServiceFilter.ini [1813]
O44 - LFC:[MD5.A1965DFC0CD91E7CFC42925F8F597274] - 03/11/2014 - 09:55:57 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [34808]
~ Files: 17 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.F96C18D246E057C4C45A24A36B1C703C] - 02/11/2014 - 17:50:25 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-879DB870.pf =>P2P.µTorrent
~ Prefetcher: 1 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:20/08/2010 - 02:45:28 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\Windows\System32\Drivers\emBDA64.sys [654720]
O58 - SDL:20/08/2010 - 02:44:48 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\Windows\System32\Drivers\emOEM64.sys [943872]
O58 - SDL:15/10/2009 - 10:23:19 ---A- . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [117760]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:20/07/2009 - 18:29:39 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:22/08/2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
O58 - SDL:03/11/2014 - 09:55:57 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [34808]
O58 - SDL:13/12/2012 - 14:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:23/10/2013 - 13:03:38 ---A- . (.https://sourceforge.net/p/libusb-win32/wiki/Home/ - LibUSB-Win32 - Kernel Driver.) -- C:\Windows\SysWOW64\drivers\libusb0.sys [52832]
~ Drivers: 68 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/11/2014 - 12:07:56 ---A- . (.http://www.free.fr.) -- C:\Users\evrard-\Downloads\Installation_de_FreeAngel.exe [4703585]
O61 - LFC: 02/11/2014 - 12:07:42 ---A- . (...) -- C:\Users\evrard-\AppData\Local\Microsoft\Internet Explorer\UrlBlockManager\urlblocklist.bin [0]
O61 - LFC: 02/11/2014 - 12:07:54 ---A- . (.HQ-VideoV02.11.) -- C:\Users\evrard-\AppData\Roaming\FAAOU.exe [1524656]
O61 - LFC: 02/11/2014 - 12:07:54 ---A- . (.HQ-VideoV02.11.) -- C:\Users\evrard-\AppData\Roaming\KEHI.exe [2012592]
O61 - LFC: 02/11/2014 - 12:07:55 ---A- . (...) -- C:\Users\evrard-\Desktop\adwcleaner_3.311.exe [1375089]
O61 - LFC: 02/11/2014 - 12:07:55 ---A- . (.end.) -- C:\Users\evrard-\AppData\Roaming\ROZGPG.exe [2001304]
O61 - LFC: 02/11/2014 - 12:07:55 ---A- . (.end.) -- C:\Users\evrard-\AppData\Roaming\VXPL.exe [1506200]
O61 - LFC: 02/11/2014 - 12:07:55 ---A- . (.joep.) -- C:\Users\evrard-\AppData\Roaming\PRWDPYCK.exe [2001304]
O61 - LFC: 02/11/2014 - 12:07:55 ---A- . (.joep.) -- C:\Users\evrard-\AppData\Roaming\TRPH.exe [1506200]
O61 - LFC: 02/11/2014 - 12:07:56 ---A- . (...) -- C:\Users\evrard-\Downloads\Setup (1).exe [791000]
O61 - LFC: 02/11/2014 - 12:07:56 ---A- . (...) -- C:\Users\evrard-\Downloads\Setup (2).exe [116507]
O61 - LFC: 02/11/2014 - 12:07:56 ---A- . (...) -- C:\Users\evrard-\Downloads\Setup (3).exe [791000]
O61 - LFC: 02/11/2014 - 12:07:56 ---A- . (...) -- C:\Users\evrard-\Downloads\Setup (4).exe [791000]
O61 - LFC: 03/11/2014 - 12:07:42 ---A- . (...) -- C:\Users\evrard-\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [128]
O61 - LFC: 03/11/2014 - 12:07:56 ---A- . (...) -- C:\Users\evrard-\Downloads\FileExtractorSetup.exe [811440]
O61 - LFC: 03/11/2014 - 12:07:56 ---A- . (...) -- C:\Users\evrard-\Downloads\RogueKiller.exe [14670424]
O61 - LFC: 28/10/2014 - 12:07:56 ---A- . (.The FlightGear Team.) -- C:\Users\evrard-\Downloads\flightgear_3-2-0_fr_198618.exe [1243171409]
O61 - LFC: 29/10/2014 - 12:07:56 ---A- . (...) -- C:\Users\evrard-\Downloads\Setup v2 1.exe [791024]
~ 3332 Fichiers temporaires (Temporary files)
~ 453 Fichiers cookies (Cookies files)
~ Files: 64 Legitimates Filtered in 00mn 14s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 03/07/2009 - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASMMAP64) .(.ASUS - Memory mapping Driver.) - LEGACY_ASMMAP64
~ Legacy: 79 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {A25AC313-DD19-4238-ACA2-401D6BEE4321} - (Astromenda) - http://astromenda.com =>PUP.Astromenda
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - http://ww7.certified-toolbar.com =>PUP.CertifiedToolbar
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][24/12/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.FF1EA6AFBBA2B6B999B2B8E6DA95E1BA] [SPRF][02/11/2014] (.HQ-VideoV02.11 - HQ-Video-Pro-2.1V02.11 exe.) -- C:\Users\evrard-\AppData\Roaming\FAAOU.exe [1524656] =>PUP.CrossRider
[MD5.714D72AB46EDC0D69EC476187F0BD974] [SPRF][02/11/2014] (.HQ-VideoV02.11 - HQ-Video-Pro-2.1V02.11 exe.) -- C:\Users\evrard-\AppData\Roaming\KEHI.exe [2012592] =>PUP.CrossRider
[MD5.9C1D530ED6608754B38F7EC786D421F9] [SPRF][02/11/2014] (.joep - TheGoPhoto.it V10 exe.) -- C:\Users\evrard-\AppData\Roaming\PRWDPYCK.exe [2001304] =>Spyware.GophotoIt
[MD5.1B6A152A299AB684FB120C93F1387F2D] [SPRF][02/11/2014] (.end - ClickMovie1-Downloaderv10 exe.) -- C:\Users\evrard-\AppData\Roaming\ROZGPG.exe [2001304]
[MD5.64D63489B18DCF8CAC826038763B3F40] [SPRF][02/11/2014] (.joep - TheGoPhoto.it V10 exe.) -- C:\Users\evrard-\AppData\Roaming\TRPH.exe [1506200] =>Spyware.GophotoIt
[MD5.D004923DB61C41DAE991C69B90B00E37] [SPRF][02/11/2014] (.end - ClickMovie1-Downloaderv10 exe.) -- C:\Users\evrard-\AppData\Roaming\VXPL.exe [1506200]
[MD5.12EFD5FA51597F188E5DB50BE20EE597] [SPRF][02/11/2014] (...) -- C:\Users\evrard-\Desktop\adwcleaner_3.311.exe [1375089]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{4B4FE88F-1C60-4B74-BEC9-05D6213D59BE}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\evrard-\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{4F08061E-6A19-4936-82A6-0F21BBB4145F}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\evrard-\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{40BC5124-0EC0-44D0-9B31-059DDD387C27}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\evrard-\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{AC680990-D66B-417C-8ED7-935BA86BB215}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\evrard-\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 01s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 2 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lyricsmonkey-15-bg_RASAPI32 =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lyricsmonkey-15-bg_RASMANCS =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-codedownloader_RASAPI32 =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-codedownloader_RASMANCS =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-updater_RASAPI32 =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-updater_RASMANCS =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-1_RASAPI32 =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-1_RASMANCS =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmarterPower_RASAPI32 =>PUP.SmarterPower
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmarterPower_RASMANCS =>PUP.SmarterPower
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSmarterPower_RASAPI32 =>PUP.SmarterPower
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSmarterPower_RASMANCS =>PUP.SmarterPower
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSmarterPower_RASAPI32 =>PUP.SmarterPower
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSmarterPower_RASMANCS =>PUP.SmarterPower
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WBrowserDefender_RASAPI32 =>Hijacker.Eazel
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WBrowserDefender_RASMANCS =>Hijacker.Eazel
~ BTK: 141 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 02/11/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 28/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 16/07/2010 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (ReimageRealTimeProtector) . (...) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>Rogue.ReimageRepair
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 10/11/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 30/09/2014 11776 | (FastPlayerUpdaterService) . (...) - C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe
SR - | Demand 08/07/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 22/08/2014 23784 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 11/12/2009 392296 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 01/11/2014 4959744 | (rcores) . (...) - C:\Windows\rcore.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by evrard- at 03/11/2014 12:08:42
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by evrard- at 03/11/2014 12:08:44
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/10/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 8

[HKLM\SYSTEM\CurrentControlSet\Services\FastPlayerUpdaterService] =>Adware.IncrediBar^
[HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector] =>Rogue.ReimageRepair^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\HQ-Video-Pro-2.1V02.11 =>PUP.CrossRider^
C:\Program Files (x86)\Reimageplus.com =>Rogue.ReimageRepair^
C:\ProgramData\Reimage Protector =>Rogue.ReimageRepair^
[HKCU\Software\Gameo] =>PUP.Gameo^
C:\Users\evrard-\AppData\Roaming\FAAOU.exe =>PUP.CrossRider^
C:\Users\evrard-\AppData\Roaming\KEHI.exe =>PUP.CrossRider^
C:\Users\evrard-\AppData\Roaming\PRWDPYCK.exe =>Spyware.GophotoIt^
C:\Users\evrard-\AppData\Roaming\TRPH.exe =>Spyware.GophotoIt^
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
C:\Users\evrard-\AppData\Local\Temp\OBBoxore.EXE =>Adware.Boxore
~ Additionnel Scan: 303830 Items scanned in 00mn 28s



---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Internet Explorer Toolbars (O3)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.eu =>Rogue.ReimageRepair
https://nicolascoolman.eu =>Adware.IncrediBar
https://nicolascoolman.eu =>Hijacker.WebsSearches
https://nicolascoolman.eu =>PUP.Gameo
https://nicolascoolman.eu =>PUP.CrossRider
https://nicolascoolman.eu =>PUP.Astromenda
https://nicolascoolman.eu =>PUP.CertifiedToolbar
https://nicolascoolman.eu =>Spyware.GophotoIt
https://nicolascoolman.eu =>Adware.AddLyrics
https://nicolascoolman.eu =>Adware.PlusHD
https://nicolascoolman.eu =>PUP.SmarterPower
https://nicolascoolman.eu =>PUP.Wajam
https://nicolascoolman.eu =>Hijacker.Eazel
https://nicolascoolman.eu =>Adware.Boxore
~ MSI: 14 link(s) detected in 00mn 00s



~ 825 Legitimates filtered by white list
End of the scan (603 lines in 02mn 08s)(0)
0
Réponse 24 / 28
Utilisateur anonyme
3 nov. 2014 à 12:24
Re

Utilisation de l'outil ZHPFix :

* Copie tout le texte présent dans l'encadré ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

Script ZHPFix
O4 - GS\Desktop [Public]: PC Scan & Repair by Reimage.lnk . (...) -- C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe (.not file.)
O23 - Service: FastPlayer Updater Service (FastPlayerUpdaterService) . (.Pas de propriétaire - FastPlayerUpdaterService.) - C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) . (...) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [ReimageUpdater] (...) -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CBA42A1F-11E4-4B11-9BFF-D1C74DF32539}] (...) -- C:\Users\evrard-\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0]
[HKCU\Software\Gameo]
[HKCU\Software\Reimage]
[HKLM\Software\Reimage]
O43 - CFD: 02/11/2014 - 18:23:23 - [] ----D C:\Program Files (x86)\HQ-Video-Pro-2.1V02.11
O43 - CFD: 02/11/2014 - 18:28:48 - [] ----D C:\Program Files (x86)\Reimageplus.com
O43 - CFD: 02/11/2014 - 18:28:43 - [] ----D C:\ProgramData\Reimage Protector
O43 - CFD: 20/09/2014 - 17:18:17 - [] ----D C:\Users\evrard-\AppData\Local\com
O44 - LFC:[MD5.97BDCB6BED580CE91DE329456969251B] - 02/11/2014 - 18:28:44 ---A- . (...) -- C:\Windows\Reimage.ini [120]
O61 - LFC: 02/11/2014 - 12:07:54 ---A- . (.HQ-VideoV02.11.) -- C:\Users\evrard-\AppData\Roaming\FAAOU.exe [1524656]
O61 - LFC: 02/11/2014 - 12:07:54 ---A- . (.HQ-VideoV02.11.) -- C:\Users\evrard-\AppData\Roaming\KEHI.exe [2012592]
O61 - LFC: 02/11/2014 - 12:07:55 ---A- . (.end.) -- C:\Users\evrard-\AppData\Roaming\ROZGPG.exe [2001304]
O61 - LFC: 02/11/2014 - 12:07:55 ---A- . (.end.) -- C:\Users\evrard-\AppData\Roaming\VXPL.exe [1506200]
O61 - LFC: 02/11/2014 - 12:07:55 ---A- . (.joep.) -- C:\Users\evrard-\AppData\Roaming\PRWDPYCK.exe [2001304]
O61 - LFC: 02/11/2014 - 12:07:55 ---A- . (.joep.) -- C:\Users\evrard-\AppData\Roaming\TRPH.exe [1506200]
O69 - SBI: SearchScopes [HKCU] {A25AC313-DD19-4238-ACA2-401D6BEE4321} - (Astromenda) - http://astromenda.com
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - http://ww7.certified-toolbar.com
[MD5.FF1EA6AFBBA2B6B999B2B8E6DA95E1BA] [SPRF][02/11/2014] (.HQ-VideoV02.11 - HQ-Video-Pro-2.1V02.11 exe.) -- C:\Users\evrard-\AppData\Roaming\FAAOU.exe [1524656]
[MD5.714D72AB46EDC0D69EC476187F0BD974] [SPRF][02/11/2014] (.HQ-VideoV02.11 - HQ-Video-Pro-2.1V02.11 exe.) -- C:\Users\evrard-\AppData\Roaming\KEHI.exe [2012592]
[MD5.9C1D530ED6608754B38F7EC786D421F9] [SPRF][02/11/2014] (.joep - TheGoPhoto.it V10 exe.) -- C:\Users\evrard-\AppData\Roaming\PRWDPYCK.exe [2001304]
[MD5.1B6A152A299AB684FB120C93F1387F2D] [SPRF][02/11/2014] (.end - ClickMovie1-Downloaderv10 exe.) -- C:\Users\evrard-\AppData\Roaming\ROZGPG.exe [2001304]
[MD5.64D63489B18DCF8CAC826038763B3F40] [SPRF][02/11/2014] (.joep - TheGoPhoto.it V10 exe.) -- C:\Users\evrard-\AppData\Roaming\TRPH.exe [1506200]
[MD5.D004923DB61C41DAE991C69B90B00E37] [SPRF][02/11/2014] (.end - ClickMovie1-Downloaderv10 exe.) -- C:\Users\evrard-\AppData\Roaming\VXPL.exe [1506200]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lyricsmonkey-15-bg_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lyricsmonkey-15-bg_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-codedownloader_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-codedownloader_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-updater_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-updater_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-1_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-1_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmarterPower_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmarterPower_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSmarterPower_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSmarterPower_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSmarterPower_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSmarterPower_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WBrowserDefender_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WBrowserDefender_RASMANCS
SS - | Auto 10/07/1658 0 | (ReimageRealTimeProtector) . (...) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
[HKLM\SYSTEM\CurrentControlSet\Services\FastPlayerUpdaterService]
[HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector]
C:\Program Files (x86)\HQ-Video-Pro-2.1V02.11
C:\Program Files (x86)\Reimageplus.com
C:\ProgramData\Reimage Protector
[HKCU\Software\Gameo]
C:\Users\evrard-\AppData\Roaming\FAAOU.exe
C:\Users\evrard-\AppData\Roaming\KEHI.exe
C:\Users\evrard-\AppData\Roaming\PRWDPYCK.exe
C:\Users\evrard-\AppData\Roaming\TRPH.exe
C:\Windows\Reimage.ini
C:\Users\evrard-\AppData\Local\Temp\OBBoxore.EXE
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]
[MD5.EB6628C8ED64B86496DBD784D9527E41] - (...) -- C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe [418368] [PID.4356]
[MD5.0FC581CCB806B957643138F2ED9377C6] - (...) -- C:\Windows\rcore.exe [4959744] [PID.1792]
O4 - HKLM\..\Wow6432Node\Run: [CrashMon] . (...) -- C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe
O23 - Service: rcores (rcores) . (...) - C:\Windows\rcore.exe
O42 - Logiciel: FastPlayer - (...) [HKLM][64Bits] -- FastPlayer
[HKCU\Software\45918InstEnd]
[HKCU\Software\Cores]
[HKCU\Software\FAAOU]
[HKCU\Software\GWNXZKH]
[HKCU\Software\ISRYT]
[HKCU\Software\KEHI]
[HKCU\Software\OZBNK]
[HKCU\Software\PRWDPYCK]
[HKCU\Software\ROZGPG]
[HKCU\Software\RVOYAI]
[HKCU\Software\TRPH]
[HKCU\Software\VXPL]
O43 - CFD: 02/11/2014 - 17:56:58 - [] ----D C:\Program Files (x86)\0ca45c95134d
O43 - CFD: 02/11/2014 - 17:59:29 - [] ----D C:\Program Files (x86)\FastPlayer
O43 - CFD: 02/11/2014 - 17:59:42 - [] ----D C:\Users\evrard-\AppData\Local\fastplayer
O44 - LFC:[MD5.0FC581CCB806B957643138F2ED9377C6] - 01/11/2014 - 08:52:16 ---A- . (...) -- C:\Windows\rcore.exe [4959744]
Stop:SR - | Auto 30/09/2014 11776 | (FastPlayerUpdaterService) . (...) - C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe
Stop:SR - | Auto 01/11/2014 4959744 | (rcores) . (...) - C:\Windows\rcore.exe
ShortcutFix
EmptyPrefetch
FirewallRAZ
Emptytemp
EmptyCLSID

--------------------------------------------------------------------------------------------
Lance ZHPFix à partir du raccourci sur ton Bureau (si tu es sous Windows Vista ou Windows 7 ou 8, fais le par un clic-droit --> Exécuter en tant qu'administrateur)

Cliquer sur le bouton Importer. Le contenu du Presse-papier vient se coller dans la zone de saisie de ZHPFix

NB (W8) : Dans certains cas le script se colle automatiquement dans la zone de script et ne nécessite pas de cliquer sur le bouton "IMPORTER".

* Clique sur le bouton GO pour lancer le nettoyage.

-> laisse travailler l'outil et ne touche à rien ...
-> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !


Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
Ce rapport est copié sur le bureau

( ce rapport est en outre sauvegardé dans ce dossier :
- Pour XP : C:\Documents and Settings\username\Local Settings\Application Data\ZHP
- Depuis Vista : C:\Users\username\AppData\Roaming\ZHP\ZHPFix [R1].txt)



@+
0
kasperchat Messages postés 272 Date d'inscription dimanche 16 novembre 2008 Statut Membre Dernière intervention 5 avril 2022 2
3 nov. 2014 à 12:46
Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by evrard- at 03/11/2014 12:44:27
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Corbeille vidée (01mn 04s)
Dossier Prefetcher vidé
Réparation des raccourcis navigateur

========== Logiciels ==========
ABSENT Uninstall Process: c:\program files (x86)\fastplayer\uninstall.exe

========== Processus mémoire ==========
SUPPRIMÉ: Memory Process: C:\Users\evrard-\AppData\Local\Temp\OBBoxore.EXE

========== Etat des services ==========
(FastPlayerUpdaterService) . (FastPlayerUpdaterService) de . Arrêté
(rcores) . (rcores) de . Arrêté

========== Clés du Registre ==========
SUPPRIMÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastPlayer]
SUPPRIMÉ: Service: FastPlayerUpdaterService
SUPPRIMÉ: Service: ReimageRealTimeProtector
SUPPRIMÉ: HKCU\Software\Gameo
SUPPRIMÉ: HKCU\Software\Reimage
SUPPRIMÉ:* HKLM\Software\Reimage
SUPPRIMÉ: SearchScopes :{A25AC313-DD19-4238-ACA2-401D6BEE4321}
SUPPRIMÉ: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lyricsmonkey-15-bg_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lyricsmonkey-15-bg_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-codedownloader_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-codedownloader_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-updater_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsMonkey-15-updater_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-1_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-1_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmarterPower_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmarterPower_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSmarterPower_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSmarterPower_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSmarterPower_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSmarterPower_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WBrowserDefender_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WBrowserDefender_RASMANCS
SUPPRIMÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
SUPPRIMÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32
SUPPRIMÉ: Service: rcores
SUPPRIMÉ: HKCU\Software\45918InstEnd
SUPPRIMÉ: HKCU\Software\Cores
SUPPRIMÉ: HKCU\Software\FAAOU
SUPPRIMÉ: HKCU\Software\GWNXZKH
SUPPRIMÉ: HKCU\Software\ISRYT
SUPPRIMÉ: HKCU\Software\KEHI
SUPPRIMÉ: HKCU\Software\OZBNK
SUPPRIMÉ: HKCU\Software\PRWDPYCK
SUPPRIMÉ: HKCU\Software\ROZGPG
SUPPRIMÉ: HKCU\Software\RVOYAI
SUPPRIMÉ: HKCU\Software\TRPH
SUPPRIMÉ: HKCU\Software\VXPL

========== Valeurs du Registre ==========
SUPPRIMÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
SUPPRIMÉ RunValue: CrashMon
Aucune Valeur Standard Profile: FirewallRaz :
Aucune Valeur Domain Profile: FirewallRaz :
SUPPRIMÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope
SUPPRIMÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
SUPPRIMÉ: FirewallRaz (None) : NetPres-WSD-In-UDP
SUPPRIMÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP
SUPPRIMÉ: FirewallRaz (Public) : NetPres-In-TCP
SUPPRIMÉ: FirewallRaz (Public) : NetPres-Out-TCP
SUPPRIMÉ: FirewallRaz (None) : {B3239500-CA72-4E47-85C2-14B6C561C08A}
SUPPRIMÉ: FirewallRaz (Private) : {E6CE1790-3D00-4A9F-BC5A-8CFBA7E40E18}
SUPPRIMÉ: FirewallRaz (Private) : {F6AD4C9F-9F33-434C-BD4E-CE2B8341FC27}
SUPPRIMÉ: FirewallRaz (Public) : TCP Query User{FA976725-794E-4291-B971-2671B9567928}C:\program files (x86)\orbitdownloader\orbitnet.exe
SUPPRIMÉ: FirewallRaz (Public) : UDP Query User{2AAAE8D5-5FAF-46E4-B7C7-7961FFF15E13}C:\program files (x86)\orbitdownloader\orbitnet.exe

========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide

========== Fichiers ==========
SUPPRIMÉ: c:\users\public\desktop\pc scan & repair by reimage.lnk
SUPPRIMÉ Redémarrage: c:\program files (x86)\fastplayer\fastplayerupdaterservice.exe
SUPPRIMÉ: c:\windows\reimage.ini
SUPPRIMÉ: c:\users\evrard-\appdata\roaming\faaou.exe
SUPPRIMÉ: c:\users\evrard-\appdata\roaming\kehi.exe
SUPPRIMÉ: c:\users\evrard-\appdata\roaming\rozgpg.exe
SUPPRIMÉ: c:\users\evrard-\appdata\roaming\vxpl.exe
SUPPRIMÉ: c:\users\evrard-\appdata\roaming\prwdpyck.exe
SUPPRIMÉ: c:\users\evrard-\appdata\roaming\trph.exe
SUPPRIMÉ: c:\windows\rcore.exe
SUPPRIMÉS Temporaires Windows (3334) (688 082 015 octets)

========== Tache planifiée ==========
SUPPRIMÉ: ReimageUpdater
SUPPRIMÉ: ReimageUpdater
SUPPRIMÉ: {CBA42A1F-11E4-4B11-9BFF-D1C74DF32539}


========== Récapitulatif ==========
1 : Processus mémoire
41 : Clés du Registre
15 : Valeurs du Registre
1 : Dossiers
11 : Fichiers
1 : Logiciels
2 : Etat des services
3 : Tache planifiée


End of clean in 01mn 37s

========== Chemin de fichier rapport ==========
C:\Users\evrard-\AppData\Roaming\ZHP\ZHPFix[R1].txt - 03/11/2014 12:45:32 [5398]
0
kasperchat Messages postés 272 Date d'inscription dimanche 16 novembre 2008 Statut Membre Dernière intervention 5 avril 2022 2
3 nov. 2014 à 12:49
j"ai encore ce moteur de recherche http://www.mystartsearch.com/
0
Utilisateur anonyme
3 nov. 2014 à 12:50
supprime le
0
kasperchat Messages postés 272 Date d'inscription dimanche 16 novembre 2008 Statut Membre Dernière intervention 5 avril 2022 2
3 nov. 2014 à 12:52
c'est fait dans paraméte de ggCH mais rien n'y fait il reste
0
Utilisateur anonyme
3 nov. 2014 à 12:53
réinitialise Chrome
https://support.google.com/chrome/answer/3296214?hl=fr

et tu passes à la suite
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 28
Utilisateur anonyme
3 nov. 2014 à 12:51
Re

on nettoie et finalise

Télécharge DelFix de Xplode

Lance le.
Tu as 5 choix :

Réactiver l'UAC
Supprimer les outils de désinfection (cocher par défaut)
Effectuer une sauvegarde du registre
Purger la restauration de système
Réinitialisation des paramètres usine

Tu coches ceux qui sont en gras ci-dessus
et tu exécutes
Le rapport se trouve ici généralement
C:\DelFix.txt

@+
0
kasperchat Messages postés 272 Date d'inscription dimanche 16 novembre 2008 Statut Membre Dernière intervention 5 avril 2022 2
3 nov. 2014 à 14:11
# DelFix v10.8 - Rapport créé le 03/11/2014 à 14:10:26
# Mis à jour le 29/07/2014 par Xplode
# Nom d'utilisateur : evrard- - EVRARD--PC
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Suppression des outils de désinfection ...

Supprimé : C:\AdwCleaner
Supprimé : C:\Users\evrard-\AppData\Roaming\ZHP
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Program Files (x86)\ZHPDiag
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\Users\evrard-\Desktop\adwcleaner_3.311.exe
Supprimé : C:\Users\evrard-\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\evrard-\Desktop\ZHPDiag.txt
Supprimé : C:\Users\evrard-\Desktop\ZHPFix.lnk
Supprimé : C:\Users\evrard-\Desktop\ZHPFixReport.txt
Supprimé : C:\Users\evrard-\Downloads\RogueKiller.exe
Supprimé : C:\Users\evrard-\Downloads\ZHPDiag2.exe
Supprimée : HKLM\SOFTWARE\AdwCleaner
Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Purge de la restauration système ...


Nouveau point de restauration créé !

########## - EOF - ##########
0
Réponse 26 / 28
Utilisateur anonyme
3 nov. 2014 à 14:13
Re

je te propose donc de mettre ce sujet en résolu

@+
0
kasperchat Messages postés 272 Date d'inscription dimanche 16 novembre 2008 Statut Membre Dernière intervention 5 avril 2022 2
3 nov. 2014 à 14:24
merci pour ton aide .....comment le mettre résolu..?
0
Utilisateur anonyme
3 nov. 2014 à 14:25
Sous le titre de ton premier post
>>>clique sur marquer comme résolu
0
Réponse 27 / 28
Utilisateur anonyme
3 nov. 2014 à 14:20
Bonjour fistzoom

répond sur ton sujet;merci.

Et non Malwaresbytes n'est pas un site porno.
https://fr.malwarebytes.com/
0
Réponse 28 / 28
fistzoom Messages postés 13 Date d'inscription vendredi 31 mai 2013 Statut Membre Dernière intervention 3 août 2018
3 nov. 2014 à 14:17
MALAWERBYTE ,,??? ENCORE UN SITE PRONO CA ?,???,
-1

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses