Comment supprimer speed checker

[Résolu/Fermé]
Signaler
Messages postés
5
Date d'inscription
mercredi 7 janvier 2015
Statut
Membre
Dernière intervention
7 janvier 2015
-
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
-
Bonjour
Après avoir utilisé CCleaner,adwcleaner,malwarebytes,zhpdiag le probléme est toujours présent. ci dessous le résultat de ZHPdiag.txt
Quelqu'un peut il m'aider?
Merci d'avance.


~ Rapport de ZHPDiag v2015.1.4.2 - Nicolas Coolman (04/01/2015)
~ Lancé par loulou (06/01/2015 20:19:03)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17501
MFIE: Mozilla Firefox 34.0.5 (Defaut)
GCIE: Google Chrome v39.0.2171.95

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee Internet Security v12.8.992
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner v5.01

---\\ Logiciels de partage PeerToPeer
eMule

---\\ Surveillance de Logiciels
Adobe Flash Player 16 NPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4063 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 50 GB (22%) free of 220 GB

---\\ Mode de connexion au système
~ Computer Name: PORTABLE_HP-PC
~ User Name: loulou
~ All Users Names: Léonie, loulou, HomeGroupUser$, Emile, Chouchou, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\loulou\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\loulou\AppData\Roaming\
~ %Desktop% : C:\Users\loulou\Desktop\
~ %Favorites% : C:\Users\loulou\Favorites\
~ %LocalAppData% : C:\Users\loulou\AppData\Local\
~ %StartMenu% : C:\Users\loulou\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 50 Go of 220 Go)
D: Hard drive, Flash drive, Thumb drive (Free 144 Go of 233 Go)
E: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
F: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.4AF089160FE082E5EA5C4AA72782DCA2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/11/2014 - 02:28:21.) -- C:\Windows\System32\wininet.dll [2358272]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 8/11874
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 2/5111
~ Mon Bureau (My Desktop) : 1/851
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 43s



---\\ Processus lancés
[MD5.9157189DC07511ECBBE1D2615D8A2FED] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664] [PID.3844]
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.3856]
[MD5.E4B89C1434AC5EE740E87CCF7769F50D] - (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656] [PID.3864]
[MD5.8CFAFCD10B661D5770A32111EB4CD266] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528] [PID.3876]
[MD5.56D71C1395A02E1D056D7196C84B1A6A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\loulou\AppData\Roaming\uTorrent\uTorrent.exe [1688656] [PID.3936] =>P2P.BitTorrent
[MD5.DCC7CE5BCDA6DC01A579F4B79C0F3EA3] - (.Panasonic Corporation - Pas de description.) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [308640] [PID.4004]
[MD5.8F89E6CB82E6DB45BC993D423CD0FDBD] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [323640] [PID.4632]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576] [PID.4712]
[MD5.FF473648E7B1B37C7F3249A6549FAC72] - (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe [150016] [PID.4720]
[MD5.FA28BD04DA2A14879F13565375E3488F] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512] [PID.4812]
[MD5.BF739971EC9B05DAFEC793767B632BA9] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.4880]
[MD5.BDEFC081D02C162DCB90738BE432D66B] - (.Easybits - Software update notification.) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504] [PID.5016]
[MD5.D88B2D487439305A2EC308A6796C3044] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.5052]
[MD5.887CAA31048EB8ED09A0CBD0E6F46F09] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776] [PID.5060]
[MD5.C65B115A03DB0260895DE96681E88221] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [128296] [PID.4440]
[MD5.B508A4EE516D905730458BB50B79979B] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [206120] [PID.4964]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.4040]
[MD5.DADDD62BEDC91BC96CFC794A2CA0D94A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [337520] [PID.4272]
[MD5.CEFA800AAA7DEDF7CF0B030F4A02897B] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [243312] [PID.6380]
[MD5.9096B4E02CAF59C8850E0CF59301E6F3] - (.Adobe Systems, Inc. - Adobe Flash Player 16.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe [1880752] [PID.7392]
[MD5.19892E64D9E917DF78D5E97652C576CA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8148992] [PID.7452]
[MD5.4C72FDD915D62EAEF149BD9C73AB9CF4] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1684]
[MD5.608D6A90E989C6522F170E5526A64BF4] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1780]
[MD5.ACC9C8C560C567FAD6F79C977AB2EA09] - (.B.H.A Corporation - B's Recorder GOLD Service Library.) -- C:\Windows\SysWOW64\bgsvcgen.exe [145504] [PID.1804]
[MD5.83D8BE94E1CBCBE2EA8372DB1A95A159] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1984]
[MD5.20372BE109FEE1C37E2D5216680DB9EB] - (.pdfforge GmbH - PDF Architect Helper Service.) -- C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496] [PID.2088]
[MD5.B90A279073A815A4AA2C45A09EE004FA] - (.pdfforge GmbH - PDF Architect Conversion Service.) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280] [PID.2296]
[MD5.576918B02840A360702051BC4269B13F] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [5071712] [PID.2616]
[MD5.640E51DB253265C3EAC075866B3D2B33] - (.Hewlett-Packard Company - hpqwmiex Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [791608] [PID.5108]
[MD5.C7A0E61D5714AC20DE52D4F66EC773B8] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [227896] [PID.5552]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\loulou\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\loulou\AppData\Roaming\Mozilla\Firefox\Profiles\cnpkvqzh.default-1389977987156\prefs.js
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AOL Toolbar BHO [64Bits] - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
~ BHO: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: eMule.lnk . (.https://www.emule-project.net/home/perl/general.cgi?l=1 - eMule.) -- C:\Program Files (x86)\eMule\emule.exe =>P2P.eMule
O4 - GS\QuickLaunch [loulou]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\loulou\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [loulou]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\loulou\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 05s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propriétaire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [KiesPDLR] . (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\loulou\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [HPCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [NortonOnlineBackupReminder] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe =>.Symantec Corporation
O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard Company - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [NPSStartup] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Magic Desktop for HP notification] . (.Easybits - Software update notification.) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-937821204-1020158559-3258042591-1001\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-937821204-1020158559-3258042591-1001\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-937821204-1020158559-3258042591-1001\..\Run: [KiesPDLR] . (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-21-937821204-1020158559-3258042591-1001\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-937821204-1020158559-3258042591-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\loulou\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-937821204-1020158559-3258042591-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BDC3814-F41B-42CF-B902-72716075285C}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{C834D5AD-7D83-4DD0-8D39-0B0B931E2E2D}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{6BDC3814-F41B-42CF-B902-72716075285C}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C834D5AD-7D83-4DD0-8D39-0B0B931E2E2D}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{6BDC3814-F41B-42CF-B902-72716075285C}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{C834D5AD-7D83-4DD0-8D39-0B0B931E2E2D}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.6605ADA1257F632CCF743F80D0C3C65C] [APT] [PostPoneInstall] (.C.L.A.R.A.) -- C:\Users\loulou\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe [152688]
[MD5.00000000000000000000000000000000] [APT] [TSAF] (...) -- C:\Users\loulou\AppData\Roaming\TSAF.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [VFS] (...) -- C:\Users\loulou\AppData\Roaming\VFS.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AF570876-1440-4C26-BCE7-CB9753EC29A7}] (...) -- C:\Users\loulou\Downloads\Windows_Movie_Maker_2.0.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D726FAB1-B354-4F52-AAAE-E653114AEDEC}] (...) -- C:\Users\loulou\Downloads\install_www--5781-MMENUmsi.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: TSAF - (...) -- C:\Windows\Tasks\TSAF.job [1338]
O39 - APT: TSAF - (...) -- C:\Windows\System32\Tasks\TSAF [1338]
O39 - APT: VFS - (...) -- C:\Windows\Tasks\VFS.job [1336]
O39 - APT: VFS - (...) -- C:\Windows\System32\Tasks\VFS [1336]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 07s



---\\ Logiciels installés (O42)
O42 - Logiciel: Alertes Pollens - (.UNKNOWN.) [HKLM][64Bits] -- Stallergenes.4D52B98456E396561B3A0C183B2B806F65A55DE5.1
O42 - Logiciel: Alertes Pollens - (.UNKNOWN.) [HKLM][64Bits] -- {32FFEEF6-E61F-89A8-8577-8D7FD580E06F}
O42 - Logiciel: Ask Toolbar - (.Ask Partner Network.) [HKLM][64Bits] -- {4F524A2D-5637-006A-76A7-A758B70C0001} =>Toolbar.Ask
~ Logic: 62 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\TSAF]
[HKCU\Software\VFS]
[HKCU\Software\tonemaker] =>Adware.SPointer
[HKCU\Software\?? ?? ???? ????? ??? ?? ????]
[HKLM\Software\Wow6432Node\e018433b-b6e5-49d9-964b-874d8524eafd] =>PUP.CrossRider
~ Key Software: 419 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/01/2015 - 21:02:32 - [0] ----D C:\Program Files (x86)\7ce64d88-e8dc-4da0-b4d5-e79f1166b5ba
O43 - CFD: 11/07/2014 - 18:01:18 - [] ----D C:\Program Files (x86)\Alinéa
O43 - CFD: 06/01/2015 - 15:02:48 - [] ----D C:\Program Files (x86)\f68f0950-b05f-4641-935e-a864507a8d6f
O43 - CFD: 16/03/2012 - 17:43:09 - [] ----D C:\Program Files (x86)\Stallergenes
O43 - CFD: 06/01/2015 - 15:02:48 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 20/12/2010 - 13:27:26 - [] ----D C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
O43 - CFD: 19/12/2009 - 09:58:32 - [] ----D C:\ProgramData\{B0689242-B0A0-4F2C-83E0-F3E560357B90}
O43 - CFD: 19/09/2011 - 15:42:29 - [] ----D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
O43 - CFD: 09/02/2013 - 17:13:32 - [0] ----D C:\Users\loulou\AppData\Roaming\Syncrep
O43 - CFD: 19/05/2013 - 20:07:06 - [] ----D C:\Users\loulou\AppData\Roaming\tonemaker =>Adware.SPointer
~ Program Folder: 298 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.3B130F4FB69CB7312D03332D4DC42C6E] - 05/01/2015 - 20:56:11 ---A- . (.Corsica - Web Instrumentation New Driver.) -- C:\Windows\System32\Drivers\webinstrNHK.sys [56432]
O44 - LFC:[MD5.D6AA9B270B9BBD6B4E9209181752EEDA] - 05/01/2015 - 20:56:32 ---A- . (...) -- C:\Windows\patsearch.bin [1795]
O44 - LFC:[MD5.D1C6D101530D2BCABDC9F0389CC90D1B] - 06/01/2015 - 15:02:57 ---A- . (...) -- C:\logmalware.txt [1063]
~ Files: 18 Legitimates Filtered in 00mn 21s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKCU\...\Policies\System] - "WallpaperStyle"=
~ MWPS: 26 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:21/12/2009 - 09:43:36 ---A- . (.CSR, plc - Bluetooth Hands-free Audio Device Driver.) -- C:\Windows\System32\Drivers\BthAudioHF.sys [52224]
O58 - SDL:21/12/2009 - 09:43:00 ---A- . (.CSR, plc - Bluetooth A2DP Driver.) -- C:\Windows\System32\Drivers\bthav.sys [78848]
O58 - SDL:13/08/2009 - 07:38:24 ---A- . (.CSR, plc - Bluetooth Remote Control Driver.) -- C:\Windows\System32\Drivers\BthAvrcp.sys [29184]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:29/06/2009 - 19:17:00 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome(64).) -- C:\Windows\System32\Drivers\enecir.sys [70656]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:28/10/2013 - 01:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288]
O58 - SDL:28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [204568]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:22/07/2009 - 02:33:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [487936]
O58 - SDL:05/01/2015 - 20:56:11 ---A- . (.Corsica - Web Instrumentation New Driver.) -- C:\Windows\System32\Drivers\webinstrNHK.sys [56432]
O58 - SDL:05/09/2010 - 21:57:48 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:05/09/2010 - 21:58:21 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16392]
O58 - SDL:05/02/2013 - 09:54:40 ---A- . (...) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys [37344]
~ Drivers: 89 Legitimates Filtered in 00mn 09s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 05/01/2015 - C:\Windows\system32\Drivers\webinstrNHK.sys (webinstrNHK) .(.Corsica - Web Instrumentation New Driver.) - LEGACY_WEBINSTRNHK
~ Legacy: 133 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <BoBrowser.WWDDG2VRHUDAG4XMYN3KYQPSMU> <BoBrowser>[HKLM\..\Shell\open\Command] (...) -- C:\Users\loulou\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.) =>PUP.BoBrowser
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {3DADC58E-A384-4600-BE7F-8A2355958F14} - (Recherche sécurisée) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {9E874770-6637-4FD1-A205-9CF2B7E28A90} - (Secure Search) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! Search) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {EE827FB0-3919-499E-9774-F2F7D0C4C983} - (Yahoo!) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.9208E5A0A844FCCB39B5252C07B4E860] [SPRF][05/01/2015] (.Pas de propriétaire - Aut2Exe.) -- C:\Users\loulou\Desktop\AdwCleaner-4.106.exe [2173952]
[MD5.CBCB4AA4D97285E8A7F648F7C21C1272] [SPRF][06/01/2015] (...) -- C:\Users\loulou\Desktop\Firefox Setup 34.0.5.exe [39738264]
~ Files: 5 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{7284959D-2F49-4928-AC98-4532E0F7E59F}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\loulou\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{70032F4E-E124-4FDA-86B4-F4C95A490C77}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\loulou\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 04s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "D2A425F47365A600677A7A857BC00010" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-006A-76A7-A758B70C0001}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.5EF721E0E4D73C373BE1C6302CF144B1] [WIS][06/06/2013] (.Ask Partner Network - Ask Toolbar.) -- C:\Windows\Installer\24125a0.msi [459264] =>Toolbar.Ask
~ WIS: 1 Legitimates Filtered in 00mn 14s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/12/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 07/10/2014 254016 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 24/04/2014 203344 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 21/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 04/09/2014 603424 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Demand 11/12/2014 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 11/06/2012 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
SR - | Auto 02/07/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 28/08/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 15/06/2007 145504 | (bgsvcgen) . (.B.H.A Corporation.) - C:\Windows\SysWOW64\bgsvcgen.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 25/02/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\HFGService.dll (HFGService) . (.CSR, plc.) - C:\Windows\System32\svchost.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 25/01/2011 791608 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 08/07/2009 30520 | (hpsrv) . (.Hewlett-Packard.) - C:\Windows\System32\Hpservice.exe
SR - | Demand 01/09/2014 640840 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 30/07/2013 328928 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 25/04/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 20/08/2014 1041192 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 20/06/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 20/06/2014 189912 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 08/04/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect\HelperService.exe
SR - | Auto 08/04/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect\ConversionService.exe
SR - | Auto 22/07/2009 240128 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
SR - | Auto 12/09/2013 5071712 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 13s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (04/01/2015)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 4

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-006A-76A7-A758B70C0001}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] =>Toolbar.AdAware
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
[HKLM\Software\Classes\AOLTB.AOLToolBand.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AOLTB.AOLToolBand.1] =>Toolbar.Agent
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\loulou\AppData\Roaming\tonemaker =>Adware.SPointer^
C:\Users\loulou\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\tonemaker] =>Adware.SPointer^
[HKLM\Software\Wow6432Node\e018433b-b6e5-49d9-964b-874d8524eafd] =>PUP.CrossRider^
C:\Windows\Installer\24125a0.msi =>Toolbar.Ask^
~ Additionnel Scan: 476063 Items scanned in 02mn 05s



---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Browser Helper Objects de navigateur (O2)
~ https://nicolascoolman.eu =>.Internet Explorer Toolbars (O3)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.eu =>Toolbar.Ask
https://nicolascoolman.eu =>Adware.SPointer
https://nicolascoolman.eu =>PUP.CrossRider
https://nicolascoolman.eu =>PUP.BoBrowser
https://nicolascoolman.eu =>Toolbar.AdAware
https://nicolascoolman.eu =>Adware.Bandoo
https://nicolascoolman.eu =>Toolbar.Agent
~ MSI: 7 link(s) detected in 00mn 00s



~ 1082 Legitimates filtered by white list
End of the scan (522 lines in 04mn 59s)(0)

8 réponses

Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 216
Salut,

Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
Voici la procédure à suivre pour les supprimer :

Commence par ceci :

Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= ( d'Xplode )
Télécharge le sur ton bureau ou dossier de téléchargement.
Lance AdwCleaner, clique sur [Scanner].
L'analyse peux durer plusieurs minutes, patiente.
Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


puis :

Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer trois rapports FRST :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie comme expliqué, ces trois rapports sur le site pjjoint et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.



Messages postés
5
Date d'inscription
mercredi 7 janvier 2015
Statut
Membre
Dernière intervention
7 janvier 2015

Messages postés
5
Date d'inscription
mercredi 7 janvier 2015
Statut
Membre
Dernière intervention
7 janvier 2015

Bonsoir,

Ci dessous le premier résultat.

A+


# AdwCleaner v4.106 - Rapport créé le 07/01/2015 à 18:45:47
# Mis à jour le 21/12/2014 par Xplode
# Database : 2015-01-03.1 [Live]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : loulou - PORTABLE_HP-PC
# Exécuté depuis : C:\Users\loulou\Desktop\AdwCleaner-4.106.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Fichier Supprimé : C:\Users\Chouchou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Fichier Supprimé : C:\Users\Chouchou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

***** [ Tâches planifiées ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 fr)


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [166563 octets] - [06/12/2013 17:51:57]
AdwCleaner[R1].txt - [2545 octets] - [09/01/2014 17:48:25]
AdwCleaner[R2].txt - [1784 octets] - [10/01/2014 17:13:05]
AdwCleaner[R3].txt - [23972 octets] - [05/01/2015 21:07:40]
AdwCleaner[R4].txt - [1339 octets] - [05/01/2015 21:25:19]
AdwCleaner[R5].txt - [1447 octets] - [05/01/2015 21:44:39]
AdwCleaner[R6].txt - [1505 octets] - [06/01/2015 14:03:37]
AdwCleaner[R7].txt - [1610 octets] - [06/01/2015 18:59:20]
AdwCleaner[R8].txt - [2001 octets] - [07/01/2015 18:42:49]
AdwCleaner[S0].txt - [167893 octets] - [06/12/2013 18:16:26]
AdwCleaner[S1].txt - [2615 octets] - [09/01/2014 17:52:26]
AdwCleaner[S2].txt - [1845 octets] - [10/01/2014 17:14:51]
AdwCleaner[S3].txt - [22574 octets] - [05/01/2015 21:12:25]
AdwCleaner[S4].txt - [1401 octets] - [05/01/2015 21:29:41]
AdwCleaner[S5].txt - [1566 octets] - [06/01/2015 14:07:02]
AdwCleaner[S6].txt - [1924 octets] - [07/01/2015 18:45:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1984 octets] ##########
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 216
Désinstalle McAfee Security Scan
Tu as déjà l'antivirus McAfee.


Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1420403959&from=exp&uid=ST9250410AS_5VG0LCGK [Pays US - 69.28.57.22]
CHR StartupUrls: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1420403959&from=exp&uid=ST9250410AS_5VG0LCGK [Pays US - 69.28.57.22]
R2 webinstrNHK; C:\Windows\system32\Drivers\webinstrNHK.sys [56432 2015-01-05] (Corsica)
2015-01-05 21:02 - 2015-01-05 21:02 - 00000000 ____D () C:\Program Files (x86)\7ce64d88-e8dc-4da0-b4d5-e79f1166b5ba
2015-01-05 21:00 - 2015-01-05 21:00 - 00003776 _____ () C:\Windows\System32\Tasks\PostPoneInstall
2015-01-05 20:58 - 2015-01-07 18:48 - 00001336 _____ () C:\Windows\Tasks\VFS.job
2015-01-05 20:58 - 2015-01-05 20:58 - 00004376 _____ () C:\Windows\System32\Tasks\VFS
2015-01-05 20:57 - 2015-01-07 18:48 - 00001338 _____ () C:\Windows\Tasks\TSAF.job
2015-01-05 20:57 - 2015-01-06 15:02 - 00000000 ____D () C:\Program Files (x86)\f68f0950-b05f-4641-935e-a864507a8d6f
2015-01-05 20:57 - 2015-01-05 20:57 - 00004378 _____ () C:\Windows\System32\Tasks\TSAF
2015-01-05 20:56 - 2015-01-05 20:56 - 00056432 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNHK.sys
2015-01-05 20:56 - 2015-01-05 20:56 - 00001795 _____ () C:\Windows\patsearch.bin
2015-01-05 20:56 - 2015-01-05 20:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHK_01009.Wdf
2015-01-05 20:42 - 2015-01-05 20:42 - 00003974 _____ () C:\Users\loulou\Documents\cc_20150105_204217.reg
2015-01-05 20:41 - 2015-01-05 20:41 - 00059610 _____ () C:\Users\loulou\Documents\cc_20150105_204117.reg
2015-01-05 20:36 - 2015-01-05 20:37 - 05317104 _____ (Piriform Ltd) C:\Users\loulou\Downloads\ccsetup501.exe
2015-01-04 21:41 - 2015-01-06 15:02 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-04 21:41 - 2015-01-04 21:42 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.20
2015-01-04 21:39 - 2015-01-04 22:48 - 00000000 ____D () C:\Program Files\6B7DC17E-34CB-4F0C-9B97-B74986711EDF


Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur


Messages postés
5
Date d'inscription
mercredi 7 janvier 2015
Statut
Membre
Dernière intervention
7 janvier 2015

Ci dessous le resultat du boutonFix:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by loulou at 2015-01-07 20:31:31 Run:1
Running from C:\Users\loulou\Desktop
Loaded Profile: loulou (Available profiles: loulou & Chouchou & Léonie & Emile)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1420403959&from=exp&uid=ST9250410AS_5VG0LCGK [Pays US - 69.28.57.22]

CHR StartupUrls: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1420403959&from=exp&uid=ST9250410AS_5VG0LCGK [Pays US - 69.28.57.22]

R2 webinstrNHK; C:\Windows\system32\Drivers\webinstrNHK.sys [56432 2015-01-05] (Corsica)

2015-01-05 21:02 - 2015-01-05 21:02 - 00000000 ____D () C:\Program Files (x86)\7ce64d88-e8dc-4da0-b4d5-e79f1166b5ba

2015-01-05 21:00 - 2015-01-05 21:00 - 00003776 _____ () C:\Windows\System32\Tasks\PostPoneInstall

2015-01-05 20:58 - 2015-01-07 18:48 - 00001336 _____ () C:\Windows\Tasks\VFS.job

2015-01-05 20:58 - 2015-01-05 20:58 - 00004376 _____ () C:\Windows\System32\Tasks\VFS

2015-01-05 20:57 - 2015-01-07 18:48 - 00001338 _____ () C:\Windows\Tasks\TSAF.job

2015-01-05 20:57 - 2015-01-06 15:02 - 00000000 ____D () C:\Program Files (x86)\f68f0950-b05f-4641-935e-a864507a8d6f

2015-01-05 20:57 - 2015-01-05 20:57 - 00004378 _____ () C:\Windows\System32\Tasks\TSAF

2015-01-05 20:56 - 2015-01-05 20:56 - 00056432 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNHK.sys

2015-01-05 20:56 - 2015-01-05 20:56 - 00001795 _____ () C:\Windows\patsearch.bin

2015-01-05 20:56 - 2015-01-05 20:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHK_01009.Wdf

2015-01-05 20:42 - 2015-01-05 20:42 - 00003974 _____ () C:\Users\loulou\Documents\cc_20150105_204217.reg

2015-01-05 20:41 - 2015-01-05 20:41 - 00059610 _____ () C:\Users\loulou\Documents\cc_20150105_204117.reg

2015-01-05 20:36 - 2015-01-05 20:37 - 05317104 _____ (Piriform Ltd) C:\Users\loulou\Downloads\ccsetup501.exe

2015-01-04 21:41 - 2015-01-06 15:02 - 00000000 ____D () C:\Program Files (x86)\XTab

2015-01-04 21:41 - 2015-01-04 21:42 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.20

2015-01-04 21:39 - 2015-01-04 22:48 - 00000000 ____D () C:\Program Files\6B7DC17E-34CB-4F0C-9B97-B74986711EDF



*****************

Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
webinstrNHK => Service stopped successfully.
webinstrNHK => Service deleted successfully.
C:\Program Files (x86)\7ce64d88-e8dc-4da0-b4d5-e79f1166b5ba => Moved successfully.
C:\Windows\System32\Tasks\PostPoneInstall => Moved successfully.
C:\Windows\Tasks\VFS.job => Moved successfully.
C:\Windows\System32\Tasks\VFS => Moved successfully.
C:\Windows\Tasks\TSAF.job => Moved successfully.
C:\Program Files (x86)\f68f0950-b05f-4641-935e-a864507a8d6f => Moved successfully.
C:\Windows\System32\Tasks\TSAF => Moved successfully.
C:\Windows\system32\Drivers\webinstrNHK.sys => Moved successfully.
C:\Windows\patsearch.bin => Moved successfully.
C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHK_01009.Wdf => Moved successfully.
C:\Users\loulou\Documents\cc_20150105_204217.reg => Moved successfully.
C:\Users\loulou\Documents\cc_20150105_204117.reg => Moved successfully.
C:\Users\loulou\Downloads\ccsetup501.exe => Moved successfully.
C:\Program Files (x86)\XTab => Moved successfully.
C:\Program Files (x86)\Optimizer Pro 3.20 => Moved successfully.
C:\Program Files\6B7DC17E-34CB-4F0C-9B97-B74986711EDF => Moved successfully.

==== End of Fixlog 20:31:34 ====
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 216
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
* Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
* Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
* Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=


Vois ce que cela donne pour les publicités :)
Messages postés
5
Date d'inscription
mercredi 7 janvier 2015
Statut
Membre
Dernière intervention
7 janvier 2015

Tous semble maintenant dans l'ordre.

Merci de votre aide précise.

Bonne soirée.
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 216
good, bonne soirée :)

Voila, c'est terminé, tu peux supprimer les programmes utilisés.

Quelques conseils :


Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.
(sauf si tu es sur un netbook)

Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/