Infection n10 adshostnet.com et e deals

nounoumag Messages postés 26 Statut Membre -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour

c'est un horreur je n'arrive pas a me débarrasser ce ces pages de pubs qui s'ouvrent dès je clique!!c'est une cata!!!quelqu'un pourrait m'aider en sachant que je me débrouille en informatique mais je suis pas une pro!!
comme antivirus j'ai celui de Microsoft mais il me détecte jamais ce virus!!

Par avance merci beaucoup!!

15 réponses

  1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Salut,

    En effet l'antivirus de micromou c'est du caca :)

    Télécharge ici : AdwCleaner (de Xplode)

    ▶ Lance-le.

    ▶ Lis et accepte le contrat d'utilisation.

    ▶ Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.

    ▶ Poste le contenu du rapport que tu trouveras dans le répertoire AdwCleaner de ton disque dur ( C:\AdwCleaner\AdwCleaner[x].txt) ou son contenu s'il s'ouvre.
    1
    1. nounoumag Messages postés 26 Statut Membre
       
      merci de ta réponse rapide j'ai lancer le scan adwcleaner j'attends le résultat
      0
    2. nounoumag Messages postés 26 Statut Membre
       
      # AdwCleaner v4.110 - Rapport créé le 07/02/2015 à 17:17:01
      # Mis à jour le 05/02/2015 par Xplode
      # Base de données : 2015-02-05.2 [Serveur]
      # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (x64)
      # Nom d'utilisateur : Magalie Borne - MAGALIEBORNE-HP
      # Exécuté depuis : C:\Users\Magalie Borne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTL6E2GX\adwcleaner_4.110.exe
      # Option : Nettoyer

      ***** [ Services ] *****


      ***** [ Fichiers / Dossiers ] *****


      ***** [ Tâches planifiées ] *****


      ***** [ Raccourcis ] *****


      ***** [ Registre ] *****

      Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
      Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
      Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\secman.DLL
      Clé Supprimée : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
      Clé Supprimée : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
      Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
      Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
      Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
      Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
      Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
      Clé Supprimée : HKCU\Software\Myfree Codec
      Clé Supprimée : HKLM\SOFTWARE\Myfree Codec
      Clé Supprimée : HKLM\SOFTWARE\Pirrit
      Clé Supprimée : HKLM\SOFTWARE\Upt
      Clé Supprimée : HKLM\SOFTWARE\WinUpd
      Clé Supprimée : HKLM\SOFTWARE\SI-App
      Clé Supprimée : HKLM\SOFTWARE\RST
      Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
      Clé Supprimée : [x64] HKLM\SOFTWARE\Pirrit
      Clé Supprimée : [x64] HKLM\SOFTWARE\Upt
      Clé Supprimée : [x64] HKLM\SOFTWARE\WinUpd
      Clé Supprimée : [x64] HKLM\SOFTWARE\RST
      Donnée Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*origin.com;*ea.com;*akamaihd.net
      Donnée Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:10764
      Donnée Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

      ***** [ Navigateurs ] *****

      -\\ Internet Explorer v11.0.9600.17496


      *************************

      AdwCleaner[R0].txt - [41336 octets] - [23/12/2014 13:58:53]
      AdwCleaner[R1].txt - [1232 octets] - [29/12/2014 15:41:03]
      AdwCleaner[R2].txt - [1644 octets] - [14/01/2015 06:54:14]
      AdwCleaner[R3].txt - [1670 octets] - [15/01/2015 15:10:45]
      AdwCleaner[R4].txt - [3313 octets] - [07/02/2015 17:15:05]
      AdwCleaner[S0].txt - [37185 octets] - [23/12/2014 14:00:27]
      AdwCleaner[S1].txt - [1297 octets] - [29/12/2014 15:43:16]
      AdwCleaner[S2].txt - [1712 octets] - [14/01/2015 06:55:34]
      AdwCleaner[S3].txt - [1737 octets] - [15/01/2015 15:12:38]
      AdwCleaner[S4].txt - [3220 octets] - [07/02/2015 17:17:01]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3280 octets] #####
      0
  2. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Ouais, c'est pas terrible ce qu'il a trouvé.

    ▶ Télécharge ici : FRST (de Farbar)
    !!! En fonction de ta version de Windows, prends la "32-Bit Version" ou la "64-Bit Version" !!!
    Aide : va dans Démarrer > Panneau de configuration > Système pour savoir si tu es sous 32 bits ou 64 bits.

    ▶ Double-clique sur l'icône FRST.exe pour lancer le programme. (Sous Windows Vista, 7 et 8, il faut faire un clic droit dessus, puis exécuter en tant qu'administrateur.) Clique ensuite sur Oui lorsqu'un message d'avertissement (Disclaimer) s'affiche.

    ▶ Sur le menu principal, clique sur le bouton Scan et patiente le temps de l'analyse.

    ▶ A la fin du scan, deux rapports s'affichent, FRST.txt et Addition.txt Poste les rapports dans ta prochaine réponse.

    Les rapport se trouvent ici : C:\FRST\Logs

    ▶ Envoie-les sur http://pjjoint.malekal.com et poste les liens obtenus en échange.
    1
    1. nounoumag Messages postés 26 Statut Membre
       
      en voulant télécharger FRST j'ai plein de page de pub qui s'ouvre c'est horrible.
      0
    2. nounoumag Messages postés 26 Statut Membre
       
      et maintenant??
      0
  3. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Ouais bah j'vais pas m'amuser à tout scripter, combo va se régaler :


    ▶ Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix

    clic droit "exécuter en tant qu'administrateur"
    sur combofix renommé

    ▶ Ne touche à rien durant le scan

    ComboFix devrait redémarrer ton PC.

    ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    ▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
    0
    1. nounoumag Messages postés 26 Statut Membre
       
      il faut mettre quoi dans enregistrer la cible?ce que j'ai mis au dessus?
      0
    2. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      clic droit => enregistrer la cible (du lien) sous => tonprenom.exe
      destination le bureau
      0
    3. nounoumag Messages postés 26 Statut Membre
       
      ComboFix 15-02-02.01 - Magalie Borne 08/02/2015 6:33.1.2 - x64
      Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4077.2606 [GMT 1:00]
      Lancé depuis: c:\users\Magalie Borne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJDMLSG0\ComboFix.exe
      SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\programdata\Adobe\gccheck.exe
      c:\users\Jean-Damien Borne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiacbhfnlfebjddbeigkkajdpeichne
      c:\users\Jean-Damien Borne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiacbhfnlfebjddbeigkkajdpeichne\162\background.html
      c:\users\Jean-Damien Borne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiacbhfnlfebjddbeigkkajdpeichne\162\cFyQWKO.js
      c:\users\Jean-Damien Borne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiacbhfnlfebjddbeigkkajdpeichne\162\content.js
      c:\users\Jean-Damien Borne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiacbhfnlfebjddbeigkkajdpeichne\162\lsdb.js
      c:\users\Jean-Damien Borne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiacbhfnlfebjddbeigkkajdpeichne\162\manifest.json
      c:\users\Jean-Damien Borne\AppData\Local\Google\Chrome\User Data\Default\Preferences
      c:\users\Jean-Damien Borne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Swift Browse_iels
      c:\users\Magalie Borne\AppData\Local\nsgEB60.tmp
      c:\users\Magalie Borne\AppData\Roaming\Microsoft\Windows\Recent\Bateme.pdf.url
      c:\windows\SysWow64\Packet.dll
      c:\windows\SysWow64\wpcap.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Service_NPF
      .
      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2015-01-08 au 2015-02-08 ))))))))))))))))))))))))))))))))))))
      .
      .
      2015-02-08 05:39 . 2015-02-08 05:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
      2015-02-08 05:39 . 2015-02-08 05:39 -------- d-----w- c:\users\FMDK7412\AppData\Local\temp
      2015-02-08 05:39 . 2015-02-08 05:39 -------- d-----w- c:\users\Default\AppData\Local\temp
      2015-02-08 05:26 . 2015-02-08 05:26 -------- d-----w- c:\program files (x86)\eDealPop
      2015-02-08 05:25 . 2015-02-08 05:26 -------- d-----w- c:\users\Magalie Borne\AppData\Local\logmshtml_86
      2015-02-08 05:25 . 2015-02-08 05:25 -------- d-----w- c:\program files (x86)\TurboDiagnosis
      2015-02-08 05:15 . 2015-02-08 05:15 -------- d-----w- c:\programdata\65e06b2400006e16
      2015-02-07 16:53 . 2015-02-07 00:33 48784 ----a-w- c:\windows\system32\drivers\{68f4ad89-cc68-41f8-a6eb-5d7055472d36}Gw64.sys
      2015-02-07 16:52 . 2015-02-07 16:52 -------- d-----w- c:\program files (x86)\predm
      2015-02-07 16:48 . 2015-02-07 16:48 -------- d-----w- c:\users\Magalie Borne\AppData\Local\Boxore
      2015-02-07 16:48 . 2015-02-07 17:33 -------- d-----w- c:\programdata\{aa30a8a4-05a5-94be-aa30-0a8a405aa290}
      2015-02-07 16:48 . 2015-02-07 16:48 -------- d-----w- c:\programdata\IHProtectUpDate
      2015-02-07 16:48 . 2015-02-07 16:48 -------- d-----w- c:\program files (x86)\XTab
      2015-02-07 16:47 . 2015-02-07 16:52 -------- d-----w- c:\program files (x86)\Software
      2015-02-07 16:47 . 2015-02-07 16:47 -------- d-----w- c:\programdata\WindowsMangerProtect
      2015-02-07 16:47 . 2015-02-07 16:51 -------- d-----w- c:\users\Magalie Borne\AppData\Roaming\mystartsearch
      2015-02-07 16:35 . 2015-02-08 05:33 -------- d-----w- c:\users\Magalie Borne\AppData\Local\screenshotwinsockRecovery
      2015-02-07 14:33 . 2015-02-06 12:13 188928 ----a-w- c:\windows\wauctla.exe
      2015-02-07 14:33 . 2015-02-07 16:35 -------- d-----w- c:\users\Magalie Borne\AppData\Local\functionpsisrndrGUI
      2015-01-20 05:01 . 2015-02-07 14:33 -------- d-----w- c:\users\Magalie Borne\AppData\Local\wigetmshtmlSched
      2015-01-18 05:43 . 2015-01-18 05:43 -------- d-----w- c:\windows\SysWow64\memdiagnetbridge_64
      2015-01-17 14:18 . 2015-01-17 14:18 -------- d-----w- c:\program files (x86)\MarkAny
      2015-01-17 14:17 . 2015-01-17 14:17 -------- d-----w- c:\users\Magalie Borne\AppData\Local\Samsung
      2015-01-17 14:17 . 2015-01-17 14:17 -------- d-----w- c:\users\Magalie Borne\AppData\Roaming\Samsung
      2015-01-17 14:16 . 2015-01-17 14:16 -------- d-----w- c:\program files (x86)\MyFree Codec
      2015-01-17 14:14 . 2013-12-30 09:53 144664 ----a-w- c:\windows\SysWow64\secman.dll
      2015-01-17 14:14 . 2013-12-30 09:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
      2015-01-17 14:13 . 2015-01-17 14:16 -------- d-----w- c:\program files (x86)\Samsung
      2015-01-17 14:13 . 2015-01-17 14:16 -------- d-----w- c:\programdata\Samsung
      .
      .
      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2015-02-05 16:06 . 2012-04-27 11:58 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2015-02-05 16:06 . 2012-02-18 12:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2015-01-14 06:08 . 2012-04-23 17:06 113365784 ----a-w- c:\windows\system32\MRT.exe
      2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
      2014-12-13 05:09 . 2014-12-18 10:13 144384 ----a-w- c:\windows\system32\ieUnatt.exe
      2014-12-13 03:33 . 2014-12-18 10:13 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
      2014-12-12 23:51 . 2014-12-12 23:51 875472 ----a-w- c:\windows\SysWow64\msvcr110.dll
      2014-12-12 23:51 . 2014-12-12 23:51 535008 ----a-w- c:\windows\SysWow64\msvcp110.dll
      2014-12-12 23:51 . 2014-12-12 23:51 252400 ----a-w- c:\windows\SysWow64\vccorlib110.dll
      2014-12-04 02:50 . 2014-12-10 06:07 413184 ----a-w- c:\windows\system32\generaltel.dll
      2014-12-04 02:50 . 2014-12-10 06:07 741376 ----a-w- c:\windows\system32\invagent.dll
      2014-12-04 02:50 . 2014-12-10 06:07 396800 ----a-w- c:\windows\system32\devinv.dll
      2014-12-04 02:50 . 2014-12-10 06:07 830976 ----a-w- c:\windows\system32\appraiser.dll
      2014-12-04 02:50 . 2014-12-10 06:07 192000 ----a-w- c:\windows\system32\aepic.dll
      2014-12-04 02:50 . 2014-12-10 06:07 227328 ----a-w- c:\windows\system32\aepdu.dll
      2014-12-04 02:44 . 2014-12-10 06:07 1083392 ----a-w- c:\windows\system32\aeinv.dll
      2014-12-01 23:28 . 2014-12-10 06:07 1232040 ----a-w- c:\windows\system32\aitstatic.exe
      2014-11-27 01:43 . 2014-12-10 06:06 389296 ----a-w- c:\windows\system32\iedkcs32.dll
      2014-11-22 03:13 . 2014-12-10 06:06 25059840 ----a-w- c:\windows\system32\mshtml.dll
      2014-11-22 03:06 . 2014-12-10 06:06 2724864 ----a-w- c:\windows\system32\mshtml.tlb
      2014-11-22 03:06 . 2014-12-10 06:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
      2014-11-22 02:50 . 2014-12-10 06:06 66560 ----a-w- c:\windows\system32\iesetup.dll
      2014-11-22 02:50 . 2014-12-10 06:06 580096 ----a-w- c:\windows\system32\vbscript.dll
      2014-11-22 02:49 . 2014-12-10 06:06 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
      2014-11-22 02:49 . 2014-12-10 06:06 2885120 ----a-w- c:\windows\system32\iertutil.dll
      2014-11-22 02:48 . 2014-12-10 06:06 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
      2014-11-22 02:41 . 2014-12-10 06:06 54784 ----a-w- c:\windows\system32\jsproxy.dll
      2014-11-22 02:40 . 2014-12-10 06:06 34304 ----a-w- c:\windows\system32\iernonce.dll
      2014-11-22 02:37 . 2014-12-10 06:06 633856 ----a-w- c:\windows\system32\ieui.dll
      2014-11-22 02:35 . 2014-12-10 06:06 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
      2014-11-22 02:34 . 2014-12-10 06:06 814080 ----a-w- c:\windows\system32\jscript9diag.dll
      2014-11-22 02:34 . 2014-12-10 06:06 6039552 ----a-w- c:\windows\system32\jscript9.dll
      2014-11-22 02:26 . 2014-12-10 06:06 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
      2014-11-22 02:22 . 2014-12-10 06:06 490496 ----a-w- c:\windows\system32\dxtmsft.dll
      2014-11-22 02:20 . 2014-12-10 06:06 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
      2014-11-22 02:14 . 2014-12-10 06:06 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
      2014-11-22 02:09 . 2014-12-10 06:06 199680 ----a-w- c:\windows\system32\msrating.dll
      2014-11-22 02:08 . 2014-12-10 06:06 92160 ----a-w- c:\windows\system32\mshtmled.dll
      2014-11-22 02:07 . 2014-12-10 06:06 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
      2014-11-22 02:07 . 2014-12-10 06:06 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
      2014-11-22 02:06 . 2014-12-10 06:06 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
      2014-11-22 02:05 . 2014-12-10 06:06 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
      2014-11-22 02:05 . 2014-12-10 06:06 316928 ----a-w- c:\windows\system32\dxtrans.dll
      2014-11-22 01:54 . 2014-12-10 06:06 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
      2014-11-22 01:49 . 2014-12-10 06:06 718848 ----a-w- c:\windows\system32\ie4uinit.exe
      2014-11-22 01:49 . 2014-12-10 06:06 800768 ----a-w- c:\windows\system32\msfeeds.dll
      2014-11-22 01:47 . 2014-12-10 06:06 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
      2014-11-22 01:46 . 2014-12-10 06:06 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
      2014-11-22 01:43 . 2014-12-10 06:06 14412800 ----a-w- c:\windows\system32\ieframe.dll
      2014-11-22 01:40 . 2014-12-10 06:06 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-11-22 01:29 . 2014-12-10 06:06 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
      2014-11-22 01:28 . 2014-12-10 06:06 2358272 ----a-w- c:\windows\system32\wininet.dll
      2014-11-22 01:22 . 2014-12-10 06:06 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
      2014-11-22 01:21 . 2014-12-10 06:06 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
      2014-11-22 01:15 . 2014-12-10 06:06 1548288 ----a-w- c:\windows\system32\urlmon.dll
      2014-11-22 01:03 . 2014-12-10 06:06 800768 ----a-w- c:\windows\system32\ieapfltr.dll
      2014-11-22 01:00 . 2014-12-10 06:06 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
      2014-11-11 03:09 . 2014-12-10 06:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
      2014-11-11 03:08 . 2014-11-19 13:11 241152 ----a-w- c:\windows\system32\pku2u.dll
      2014-11-11 03:08 . 2014-11-19 13:11 728064 ----a-w- c:\windows\system32\kerberos.dll
      2014-11-11 02:44 . 2014-12-10 06:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
      2014-11-11 02:44 . 2014-11-19 13:11 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
      2014-11-11 02:44 . 2014-11-19 13:11 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
      2014-11-11 01:46 . 2014-12-10 06:06 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
      .
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
      2015-01-16 08:45 210096 ----a-w- c:\program files (x86)\XTab\SupTab.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTE.EXE" [2012-07-12 241280]
      "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
      "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2015-01-14 1565504]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
      "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
      "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
      "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2015-01-14 311616]
      "eDealPop"="c:\program files (x86)\eDealPop\eDealPop.exe" [2014-12-03 6144]
      .
      c:\users\Magalie Borne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Alertes de surveillance de l'encre - HP Officejet 2620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 2620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN4AT4G0J70600;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
      optimizerpro_soft_partner.lnk - c:\programdata\{aa30a8a4-05a5-94be-aa30-0a8a405aa290}\optimizerpro_soft_partner.exe /startup [2014-2-7 5940728]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "EnableShellExecuteHooks"= 1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "Userinit"="c:\windows\system32\userinit.exe"
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
      "LoadAppInit_DLLs"=1 (0x1)
      .
      R2 classdaemon64.exe;classdaemon64.exe;c:\users\Magalie Borne\AppData\Local\classdaemon64\classdaemon64.exe;c:\users\Magalie Borne\AppData\Local\classdaemon64\classdaemon64.exe [x]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
      R2 CronKeyboardPerl.exe;CronKeyboardPerl.exe;c:\users\Magalie Borne\AppData\Local\CronKeyboardPerl\CronKeyboardPerl.exe;c:\users\Magalie Borne\AppData\Local\CronKeyboardPerl\CronKeyboardPerl.exe [x]
      R2 DatabaseMotionScreenshot.exe;DatabaseMotionScreenshot.exe;c:\users\Magalie Borne\AppData\Local\DatabaseMotionScreenshot\DatabaseMotionScreenshot.exe;c:\users\Magalie Borne\AppData\Local\DatabaseMotionScreenshot\DatabaseMotionScreenshot.exe [x]
      R2 functionpsisrndrGUI.exe;functionpsisrndrGUI.exe;c:\users\Magalie Borne\AppData\Local\functionpsisrndrGUI\functionpsisrndrGUI.exe;c:\users\Magalie Borne\AppData\Local\functionpsisrndrGUI\functionpsisrndrGUI.exe [x]
      R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
      R2 logmshtml_86.exe;logmshtml_86.exe;c:\users\Magalie Borne\AppData\Local\logmshtml_86\logmshtml_86.exe;c:\users\Magalie Borne\AppData\Local\logmshtml_86\logmshtml_86.exe [x]
      R2 OSPrivacyScreenshot.exe;OSPrivacyScreenshot.exe;c:\users\Magalie Borne\AppData\Local\OSPrivacyScreenshot\OSPrivacyScreenshot.exe;c:\users\Magalie Borne\AppData\Local\OSPrivacyScreenshot\OSPrivacyScreenshot.exe [x]
      R2 screenshotwinsockRecovery.exe;screenshotwinsockRecovery.exe;c:\users\Magalie Borne\AppData\Local\screenshotwinsockRecovery\screenshotwinsockRecovery.exe;c:\users\Magalie Borne\AppData\Local\screenshotwinsockRecovery\screenshotwinsockRecovery.exe [x]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
      R2 Update PlumoWeb;Update PlumoWeb;c:\program files (x86)\PlumoWeb\updatePlumoWeb.exe;c:\program files (x86)\PlumoWeb\updatePlumoWeb.exe [x]
      R2 wauctla Service;wauctla Service;c:\windows\wauctla.exe;c:\windows\wauctla.exe [x]
      R2 wigetmshtmlSched.exe;wigetmshtmlSched.exe;c:\users\Magalie Borne\AppData\Local\wigetmshtmlSched\wigetmshtmlSched.exe;c:\users\Magalie Borne\AppData\Local\wigetmshtmlSched\wigetmshtmlSched.exe [x]
      R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
      R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
      R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
      R3 WSDScan;Prise en charge de la numérisation WSD via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
      S1 {68f4ad89-cc68-41f8-a6eb-5d7055472d36}Gw64;{68f4ad89-cc68-41f8-a6eb-5d7055472d36}Gw64;c:\windows\system32\drivers\{68f4ad89-cc68-41f8-a6eb-5d7055472d36}Gw64.sys;c:\windows\SYSNATIVE\drivers\{68f4ad89-cc68-41f8-a6eb-5d7055472d36}Gw64.sys [x]
      S2 ClassMotionNet.exe;ClassMotionNet.exe;c:\users\Magalie Borne\AppData\Local\ClassMotionNet\ClassMotionNet.exe;c:\users\Magalie Borne\AppData\Local\ClassMotionNet\ClassMotionNet.exe [x]
      S2 compileritsx64.exe;compileritsx64.exe;c:\users\Magalie Borne\AppData\Local\compileritsx64\compileritsx64.exe;c:\users\Magalie Borne\AppData\Local\compileritsx64\compileritsx64.exe [x]
      S2 CronMethodScreenshot;CronMethodScreenshot;c:\windows\SysWOW64\CronMethodScreenshot\CronMethodScreenshot.exe;c:\windows\SysWOW64\CronMethodScreenshot\CronMethodScreenshot.exe [x]
      S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
      S2 DatabaseDebugExport.exe;DatabaseDebugExport.exe;c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\DatabaseDebugExport.exe;c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\DatabaseDebugExport.exe [x]
      S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
      S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
      S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
      S2 IHProtect Service;IHProtect Service;c:\program files (x86)\XTab\ProtectService.exe;c:\program files (x86)\XTab\ProtectService.exe [x]
      S2 memdiagnetbridge_64;memdiagnetbridge_64;c:\windows\SysWOW64\memdiagnetbridge_64\memdiagnetbridge_64.exe;c:\windows\SysWOW64\memdiagnetbridge_64\memdiagnetbridge_64.exe [x]
      S2 MyEpson Portal Service;MyEpson Portal Service;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe [x]
      S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
      S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
      S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
      S2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
      S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
      S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
      S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
      S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
      S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
      .
      .
      Contenu du dossier 'Tâches planifiées'
      .
      2015-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 16:06]
      .
      2015-02-08 c:\windows\Tasks\HP Photo Creations Communicator.job
      - c:\programdata\HP Photo Creations\Communicator.exe [2014-12-22 05:46]
      .
      2015-02-07 c:\windows\Tasks\HPCeeScheduleForMagalie Borne.job
      - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
      .
      2015-02-07 c:\windows\Tasks\WpsNotifyTask_Jean-Damien Borne.job
      - c:\users\Jean-Damien Borne\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-11-16 18:22]
      .
      2015-02-07 c:\windows\Tasks\WpsUpdateTask_Jean-Damien Borne.job
      - c:\users\Jean-Damien Borne\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe [2014-11-16 18:22]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
      .
      ------- Examen supplémentaire -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://www.google.fr/
      uDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423327627&from=tt4u&uid=HitachiXHDS721010DLE630_MSK5215H0SUM3L0SUM3LX&q={searchTerms}
      mDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423327640&from=tt4u&uid=HitachiXHDS721010DLE630_MSK5215H0SUM3L0SUM3LX&q={searchTerms}
      mDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&ts=1423327640&from=tt4u&uid=HitachiXHDS721010DLE630_MSK5215H0SUM3L0SUM3LX
      mStart Page = hxxp://www.mystartsearch.com/?type=hppp&ts=1423327640&from=tt4u&uid=HitachiXHDS721010DLE630_MSK5215H0SUM3L0SUM3LX
      mLocal Page = c:\windows\SysWOW64\blank.htm
      mSearch Page = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423327640&from=tt4u&uid=HitachiXHDS721010DLE630_MSK5215H0SUM3L0SUM3LX&q={searchTerms}
      uInternet Settings,ProxyServer = http=127.0.0.1:11401
      uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
      uSearchAssistant = hxxp://www.google.com
      TCP: DhcpNameServer = 192.168.1.1
      .
      - - - - ORPHELINS SUPPRIMES - - - -
      .
      Toolbar-10 - (no file)
      ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
      ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
      ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
      Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
      Wow6432Node-HKLM-Run-fst_fr_26 - (no file)
      Wow6432Node-HKLM-Run-<NO NAME> - (no file)
      Wow6432Node-HKLM-Run-mbot_en_19 - (no file)
      Toolbar-10 - (no file)
      ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
      ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
      ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
      ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
      HKLM-Run-3D BubbleSound - c:\program files\BubbleSound\3D BubbleSound.exe
      AddRemove-Assistance Livebox - c:\program files (x86)\Orange\Assistance Livebox\uninstall.exe
      AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
      AddRemove-Image Editor Packages - c:\users\Magalie Borne\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Image Editor Packages\uninstaller.exe
      AddRemove-PicMonkey Packages - c:\users\Magalie Borne\AppData\Roaming\0F1F1C2Y1H1P1C0I0T\PicMonkey Packages\uninstaller.exe
      .
      .
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
      "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker6"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.16"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker6"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      c:\windows\SysWOW64\ezSharedSvcHost.exe
      c:\program files (x86)\EPSON\MyEpson Portal\mep.exe
      c:\program files (x86)\XTab\cmdshell.exe
      c:\program files (x86)\XTab\HPNotify.exe
      c:\users\Magalie Borne\AppData\Local\compileritsx64\cronmethodClient.exe
      c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
      .
      **************************************************************************
      .
      Heure de fin: 2015-02-08 06:47:38 - La machine a redémarré
      ComboFix-quarantined-files.txt 2015-02-08 05:47
      .
      Avant-CF: 904 016 117 760 octets libres
      Après-CF: 907 121 061 888 octets libres
      .
      - - End Of File - - 4AC473BF91FE9AF95F39BA1B989B910A
      0
    4. nounoumag Messages postés 26 Statut Membre
       
      je suis désolée pour le pavé mais je savais pas comment mettre en raccourci!!!
      merci encore de donner votre temps pour m'aider!!
      0
    5. nounoumag Messages postés 26 Statut Membre
       
      je sais pas ce quez combofix a supprimer mais edeals est toujours la il revient dès que je rallume l'ordi!!
      0
  4. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Salut :)


    __________________________________________________
    =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
    =>il est fort déconseillé de le transposer sur un autre ordinateur !<=
    ----------------------------------------------------------------------------


    Toujours avec toutes les protections désactivées, fais ceci :

    ? Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    ? Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    KillAll::

    ClearJavaCache::

    Folder::
    c:\program files (x86)\eDealPop
    c:\users\Magalie Borne\AppData\Local\logmshtml_86
    c:\program files (x86)\TurboDiagnosis
    c:\programdata\65e06b2400006e16
    c:\program files (x86)\predm
    c:\users\Magalie Borne\AppData\Local\Boxore
    c:\programdata\{aa30a8a4-05a5-94be-aa30-0a8a405aa290}
    c:\programdata\IHProtectUpDate
    c:\program files (x86)\XTab
    c:\program files (x86)\Software
    c:\programdata\WindowsMangerProtect
    c:\users\Magalie Borne\AppData\Roaming\mystartsearch
    c:\users\Magalie Borne\AppData\Local\screenshotwinsockRecovery
    c:\users\Magalie Borne\AppData\Local\functionpsisrndrGUI
    c:\users\Magalie Borne\AppData\Local\wigetmshtmlSched
    c:\windows\SysWow64\memdiagnetbridge_64
    c:\users\Magalie Borne\AppData\Local\OSPrivacyScreenshot
    c:\users\Magalie Borne\AppData\Local\logmshtml_86
    c:\users\Magalie Borne\AppData\Local\screenshotwinsockRecovery
    c:\program files (x86)\PlumoWeb
    c:\users\Magalie Borne\AppData\Local\wigetmshtmlSched
    c:\users\Magalie Borne\AppData\Local\ClassMotionNet
    c:\users\Magalie Borne\AppData\Local\compileritsx64
    c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport
    c:\program files (x86)\XTab
    c:\programdata\WindowsMangerProtect

    File::
    c:\windows\system32\drivers\{68f4ad89-cc68-41f8-a6eb-5d7055472d36}Gw64.sys
    c:\windows\wauctla.exe
    c:\users\Magalie Borne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro_soft_partner.lnk

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "eDealPop"=-

    Driver::
    OSPrivacyScreenshot.exe
    screenshotwinsockRecovery.exe
    Update PlumoWeb
    wauctla
    wigetmshtmlSched.exe
    logmshtml_86.exe
    {68f4ad89-cc68-41f8-a6eb-5d7055472d36}Gw64
    ClassMotionNet.exe
    compileritsx64.exe
    DatabaseDebugExport.exe
    IHProtect Service
    WindowsMangerProtect

    DDS::
    uDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423327627&from=tt4u&uid=HitachiXHDS721010DLE630_MSK5215H0SUM3L0SUM3LX&q={searchTerms}
    mDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423327640&from=tt4u&uid=HitachiXHDS721010DLE630_MSK5215H0SUM3L0SUM3LX&q={searchTerms}
    mDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&ts=1423327640&from=tt4u&uid=HitachiXHDS721010DLE630_MSK5215H0SUM3L0SUM3LX
    mStart Page = hxxp://www.mystartsearch.com/?type=hppp&ts=1423327640&from=tt4u&uid=HitachiXHDS721010DLE630_MSK5215H0SUM3L0SUM3LX
    mSearch Page = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423327640&from=tt4u&uid=HitachiXHDS721010DLE630_MSK5215H0SUM3L0SUM3LX&q={searchTerms}
    uInternet Settings,ProxyServer = http=127.0.0.1:11401
    uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net

    ------------------------------------------------------------------

    ? Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    ? Quitte le Bloc Notes

    ? Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration

    ? Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    ? Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    ? Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

    .::. Contributeur Sécurité .::.
    0
    1. nounoumag Messages postés 26 Statut Membre
       
      je vais le faire maintenant hier je n'ai pas pu car beaucoup, beaucoup de coupures de courant!!
      0
    2. nounoumag Messages postés 26 Statut Membre
       
      ComboFix 15-02-09.01 - Magalie Borne 09/02/2015 7:40.3.2 - x64
      Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4077.2331 [GMT 1:00]
      Lancé depuis: c:\users\Magalie Borne\Downloads\ComboFix.exe
      Commutateurs utilisés :: c:\users\Magalie Borne\Desktop\CFscript.txt
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      FILE ::
      "c:\users\Magalie Borne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro_soft_partner.lnk"
      "c:\windows\system32\drivers\{68f4ad89-cc68-41f8-a6eb-5d7055472d36}Gw64.sys"
      "c:\windows\wauctla.exe"
      .
      .
      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files (x86)\eDealPop
      c:\program files (x86)\eDealPop\eDealPop.exe
      c:\program files (x86)\eDealPop\msvcp100.dll
      c:\program files (x86)\eDealPop\msvcr100.dll
      c:\program files (x86)\eDealPop\unins000.dat
      c:\program files (x86)\eDealPop\unins000.exe
      c:\program files (x86)\predm
      c:\program files (x86)\Software
      c:\program files (x86)\TurboDiagnosis
      c:\program files (x86)\TurboDiagnosis\unins000.dat
      c:\program files (x86)\TurboDiagnosis\unins000.exe
      c:\program files (x86)\XTab
      c:\program files (x86)\XTab\BrowserAction.dll
      c:\program files (x86)\XTab\CmdShell.exe
      c:\program files (x86)\XTab\HPNotify.exe
      c:\program files (x86)\XTab\IeWatchDog.dll
      c:\program files (x86)\XTab\msvcp110.dll
      c:\program files (x86)\XTab\msvcr110.dll
      c:\program files (x86)\XTab\ProtectService.exe
      c:\programdata\{aa30a8a4-05a5-94be-aa30-0a8a405aa290}
      c:\programdata\{aa30a8a4-05a5-94be-aa30-0a8a405aa290}\19b11cd0c4bd68a3
      c:\programdata\{aa30a8a4-05a5-94be-aa30-0a8a405aa290}\d44cba85e3698f77
      c:\programdata\{aa30a8a4-05a5-94be-aa30-0a8a405aa290}\optimizerpro_soft_partner.dat
      c:\programdata\{aa30a8a4-05a5-94be-aa30-0a8a405aa290}\optimizerpro_soft_partner.exe
      c:\programdata\65e06b2400006e16
      c:\programdata\65e06b2400006e16\BIT8B8.tmp
      c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport
      c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\DatabaseDebugExport.exe
      c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\msvcp100.dll
      c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\msvcr100.dll
      c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\qjson0.dll
      c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\QtCore4.dll
      c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\QtNetwork4.dll
      c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\service\DatabaseDebugExport.exe-(PID-1716)-190909249\DatabaseDebugExport.exe-(PID-1716).dmp
      c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\service\DatabaseDebugExport.exe-(PID-1716)-190909249\meaculpa.exe-(PID-5800).dmp
      c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\service\DatabaseDebugExport.exe-(PID-1732)-26788866\adwcleaner_4.106.exe-(PID-6080).dmp
      c:\users\Jean-Damien Borne\AppData\Local\DatabaseDebugExport\service\DatabaseDebugExport.exe-(PID-1732)-26788866\DatabaseDebugExport.exe-(PID-1732).dmp
      0
    3. nounoumag Messages postés 26 Statut Membre
       
      voila le résultat
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    Nounoumag

    Ton rapport est incomplet héberge le sur cjoint
    0
  7. nounoumag Messages postés 26 Statut Membre
     
    Comment je retrouve le rapport?
    j'ai un autre problème je peux plus me connecter sur internet depuis que j'ai fait ça !Grrrr!
    0
  8. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
     
    Redémarre une seconde fois et attends Juju
    0
  9. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Yop,

    Ouaip, faut redémarrer une seconde fois et ça doit refonctionner.
    Et effectivement le rapport est incomplet !
    0
    1. lilidurhone Messages postés 800 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 818
       
      :)
      0
    2. nounoumag Messages postés 26 Statut Membre
       
      je l'ai rallumé 2 fois et ca remarche!!!

      et je fais comment pour retrouver le rapport???je le trouve ou?
      0
    3. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      C:\ComboFix.txt
      0
    4. nounoumag Messages postés 26 Statut Membre
       
      ComboFix 15-02-09.01 - Magalie Borne 09/02/2015 11:58:31.4.2 - x64
      Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4077.2028 [GMT 1:00]
      Lancé depuis: c:\users\Magalie Borne\Downloads\ComboFix.exe
      Commutateurs utilisés :: c:\users\Magalie Borne\Desktop\CFscript.txt
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      FILE ::
      "c:\users\Magalie Borne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\optimizerpro_soft_partner.lnk"
      "c:\windows\system32\drivers\{68f4ad89-cc68-41f8-a6eb-5d7055472d36}Gw64.sys"
      "c:\windows\wauctla.exe"
      .
      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2015-01-09 au 2015-02-09 ))))))))))))))))))))))))))))))))))))
      .
      .
      2015-02-09 11:03 . 2015-02-09 11:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
      2015-02-09 11:03 . 2015-02-09 11:03 -------- d-----w- c:\users\Jean-Damien Borne\AppData\Local\temp
      2015-02-09 11:03 . 2015-02-09 11:03 -------- d-----w- c:\users\FMDK7412\AppData\Local\temp
      2015-02-09 11:03 . 2015-02-09 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
      2015-02-09 06:15 . 2015-02-09 06:16 -------- d-----w- c:\users\Magalie Borne\AppData\Roaming\GetRightToGo
      2015-02-09 06:08 . 2015-02-09 06:09 -------- d-----w- c:\users\Magalie Borne\AppData\Local\shdocvwlivesspProvider
      2015-02-09 06:04 . 2014-12-15 03:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C40F132-976D-4B34-BCA0-DD5F053F177F}\mpengine.dll
      2015-02-08 06:36 . 2015-02-08 06:36 -------- d-----w- c:\programdata\Malwarebytes
      2015-02-07 14:33 . 2015-02-06 12:13 188928 ----a-w- c:\windows\wauctla.exe
      2015-01-17 14:18 . 2015-01-17 14:18 -------- d-----w- c:\program files (x86)\MarkAny
      2015-01-17 14:17 . 2015-02-08 06:27 -------- d-----w- c:\users\Magalie Borne\AppData\Local\Samsung
      2015-01-17 14:17 . 2015-02-08 06:27 -------- d-----w- c:\users\Magalie Borne\AppData\Roaming\Samsung
      2015-01-17 14:16 . 2015-01-17 14:16 -------- d-----w- c:\program files (x86)\MyFree Codec
      2015-01-17 14:14 . 2013-12-30 09:53 144664 ----a-w- c:\windows\SysWow64\secman.dll
      2015-01-17 14:14 . 2013-12-30 09:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
      2015-01-17 14:13 . 2015-02-08 06:27 -------- d-----w- c:\program files (x86)\Samsung
      2015-01-17 14:13 . 2015-02-08 06:27 -------- d-----w- c:\programdata\Samsung
      .
      .
      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2015-02-05 16:06 . 2012-04-27 11:58 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2015-02-05 16:06 . 2012-02-18 12:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2015-01-14 06:08 . 2012-04-23 17:06 113365784 ----a-w- c:\windows\system32\MRT.exe
      2014-12-22 23:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
      2014-12-13 05:09 . 2014-12-18 10:13 144384 ----a-w- c:\windows\system32\ieUnatt.exe
      2014-12-13 03:33 . 2014-12-18 10:13 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
      2014-12-12 23:51 . 2014-12-12 23:51 875472 ----a-w- c:\windows\SysWow64\msvcr110.dll
      2014-12-12 23:51 . 2014-12-12 23:51 535008 ----a-w- c:\windows\SysWow64\msvcp110.dll
      2014-12-12 23:51 . 2014-12-12 23:51 252400 ----a-w- c:\windows\SysWow64\vccorlib110.dll
      2014-12-04 02:50 . 2014-12-10 06:07 413184 ----a-w- c:\windows\system32\generaltel.dll
      2014-12-04 02:50 . 2014-12-10 06:07 741376 ----a-w- c:\windows\system32\invagent.dll
      2014-12-04 02:50 . 2014-12-10 06:07 396800 ----a-w- c:\windows\system32\devinv.dll
      2014-12-04 02:50 . 2014-12-10 06:07 830976 ----a-w- c:\windows\system32\appraiser.dll
      2014-12-04 02:50 . 2014-12-10 06:07 192000 ----a-w- c:\windows\system32\aepic.dll
      2014-12-04 02:50 . 2014-12-10 06:07 227328 ----a-w- c:\windows\system32\aepdu.dll
      2014-12-04 02:44 . 2014-12-10 06:07 1083392 ----a-w- c:\windows\system32\aeinv.dll
      2014-12-01 23:28 . 2014-12-10 06:07 1232040 ----a-w- c:\windows\system32\aitstatic.exe
      2014-11-27 01:43 . 2014-12-10 06:06 389296 ----a-w- c:\windows\system32\iedkcs32.dll
      2014-11-22 03:13 . 2014-12-10 06:06 25059840 ----a-w- c:\windows\system32\mshtml.dll
      2014-11-22 03:06 . 2014-12-10 06:06 2724864 ----a-w- c:\windows\system32\mshtml.tlb
      2014-11-22 03:06 . 2014-12-10 06:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
      2014-11-22 02:50 . 2014-12-10 06:06 66560 ----a-w- c:\windows\system32\iesetup.dll
      2014-11-22 02:50 . 2014-12-10 06:06 580096 ----a-w- c:\windows\system32\vbscript.dll
      2014-11-22 02:49 . 2014-12-10 06:06 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
      2014-11-22 02:49 . 2014-12-10 06:06 2885120 ----a-w- c:\windows\system32\iertutil.dll
      2014-11-22 02:48 . 2014-12-10 06:06 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
      2014-11-22 02:41 . 2014-12-10 06:06 54784 ----a-w- c:\windows\system32\jsproxy.dll
      2014-11-22 02:40 . 2014-12-10 06:06 34304 ----a-w- c:\windows\system32\iernonce.dll
      2014-11-22 02:37 . 2014-12-10 06:06 633856 ----a-w- c:\windows\system32\ieui.dll
      2014-11-22 02:35 . 2014-12-10 06:06 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
      2014-11-22 02:34 . 2014-12-10 06:06 814080 ----a-w- c:\windows\system32\jscript9diag.dll
      2014-11-22 02:34 . 2014-12-10 06:06 6039552 ----a-w- c:\windows\system32\jscript9.dll
      2014-11-22 02:26 . 2014-12-10 06:06 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
      2014-11-22 02:22 . 2014-12-10 06:06 490496 ----a-w- c:\windows\system32\dxtmsft.dll
      2014-11-22 02:20 . 2014-12-10 06:06 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
      2014-11-22 02:14 . 2014-12-10 06:06 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
      2014-11-22 02:09 . 2014-12-10 06:06 199680 ----a-w- c:\windows\system32\msrating.dll
      2014-11-22 02:08 . 2014-12-10 06:06 92160 ----a-w- c:\windows\system32\mshtmled.dll
      2014-11-22 02:07 . 2014-12-10 06:06 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
      2014-11-22 02:07 . 2014-12-10 06:06 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
      2014-11-22 02:06 . 2014-12-10 06:06 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
      2014-11-22 02:05 . 2014-12-10 06:06 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
      2014-11-22 02:05 . 2014-12-10 06:06 316928 ----a-w- c:\windows\system32\dxtrans.dll
      2014-11-22 01:54 . 2014-12-10 06:06 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
      2014-11-22 01:49 . 2014-12-10 06:06 718848 ----a-w- c:\windows\system32\ie4uinit.exe
      2014-11-22 01:49 . 2014-12-10 06:06 800768 ----a-w- c:\windows\system32\msfeeds.dll
      2014-11-22 01:47 . 2014-12-10 06:06 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
      2014-11-22 01:46 . 2014-12-10 06:06 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
      2014-11-22 01:43 . 2014-12-10 06:06 14412800 ----a-w- c:\windows\system32\ieframe.dll
      2014-11-22 01:40 . 2014-12-10 06:06 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-11-22 01:29 . 2014-12-10 06:06 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
      2014-11-22 01:28 . 2014-12-10 06:06 2358272 ----a-w- c:\windows\system32\wininet.dll
      2014-11-22 01:22 . 2014-12-10 06:06 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
      2014-11-22 01:21 . 2014-12-10 06:06 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
      2014-11-22 01:15 . 2014-12-10 06:06 1548288 ----a-w- c:\windows\system32\urlmon.dll
      2014-11-22 01:03 . 2014-12-10 06:06 800768 ----a-w- c:\windows\system32\ieapfltr.dll
      2014-11-22 01:00 . 2014-12-10 06:06 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
      .
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTE.EXE" [2012-07-12 241280]
      "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
      "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
      "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
      .
      c:\users\Magalie Borne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Alertes de surveillance de l'encre - HP Officejet 2620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 2620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN4AT4G0J70600;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "EnableShellExecuteHooks"= 1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
      "LoadAppInit_DLLs"=1 (0x1)
      .
      R2 classdaemon64.exe;classdaemon64.exe;c:\users\Magalie Borne\AppData\Local\classdaemon64\classdaemon64.exe;c:\users\Magalie Borne\AppData\Local\classdaemon64\classdaemon64.exe [x]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
      R2 CronKeyboardPerl.exe;CronKeyboardPerl.exe;c:\users\Magalie Borne\AppData\Local\CronKeyboardPerl\CronKeyboardPerl.exe;c:\users\Magalie Borne\AppData\Local\CronKeyboardPerl\CronKeyboardPerl.exe [x]
      R2 DatabaseMotionScreenshot.exe;DatabaseMotionScreenshot.exe;c:\users\Magalie Borne\AppData\Local\DatabaseMotionScreenshot\DatabaseMotionScreenshot.exe;c:\users\Magalie Borne\AppData\Local\DatabaseMotionScreenshot\DatabaseMotionScreenshot.exe [x]
      R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
      R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
      R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
      R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
      R3 WSDScan;Prise en charge de la numérisation WSD via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
      S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
      S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
      S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
      S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
      S2 MyEpson Portal Service;MyEpson Portal Service;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe [x]
      S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
      S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
      S2 shdocvwlivesspProvider.exe;shdocvwlivesspProvider.exe;c:\users\Magalie Borne\AppData\Local\shdocvwlivesspProvider\shdocvwlivesspProvider.exe;c:\users\Magalie Borne\AppData\Local\shdocvwlivesspProvider\shdocvwlivesspProvider.exe [x]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
      S2 wauctla Service;wauctla Service;c:\windows\wauctla.exe;c:\windows\wauctla.exe [x]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
      S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
      S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
      S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
      S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
      S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
      .
      .
      Contenu du dossier 'Tâches planifiées'
      .
      2015-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 16:06]
      .
      2015-02-09 c:\windows\Tasks\HP Photo Creations Communicator.job
      - c:\programdata\HP Photo Creations\Communicator.exe [2014-12-22 05:46]
      .
      2015-02-09 c:\windows\Tasks\HPCeeScheduleForMagalie Borne.job
      - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
      .
      2015-02-09 c:\windows\Tasks\WpsNotifyTask_Jean-Damien Borne.job
      - c:\users\Jean-Damien Borne\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-11-16 18:22]
      .
      2015-02-09 c:\windows\Tasks\WpsUpdateTask_Jean-Damien Borne.job
      - c:\users\Jean-Damien Borne\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe [2014-11-16 18:22]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
      "3D BubbleSound"="c:\program files\BubbleSound\3D BubbleSound.exe" [BU]
      .
      ------- Examen supplémentaire -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = www.google.com
      mDefault_Search_URL = www.google.com
      mDefault_Page_URL = www.google.com
      mStart Page = www.google.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      mSearch Page = www.google.com
      uInternet Settings,ProxyServer = http=127.0.0.1:9987
      uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
      uSearchAssistant = hxxp://www.google.com
      TCP: DhcpNameServer = 192.168.1.1
      .
      - - - - ORPHELINS SUPPRIMES - - - -
      .
      Toolbar-10 - (no file)
      Wow6432Node-HKLM-Run-<NO NAME> - (no file)
      ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
      ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
      ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
      ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
      AddRemove-eDeals_is1 - c:\program files (x86)\eDealPop\unins000.exe
      AddRemove-{59680D1A-6A49-4E85-BB42-6886773DF589}_is1 - c:\program files (x86)\TurboDiagnosis\unins000.exe
      AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
      .
      .
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
      "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker6"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.16"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker6"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      c:\windows\SysWOW64\ezSharedSvcHost.exe
      c:\program files (x86)\EPSON\MyEpson Portal\mep.exe
      c:\users\Magalie Borne\AppData\Local\shdocvwlivesspProvider\foldercomdlg64.exe
      c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
      .
      **************************************************************************
      .
      Heure de fin: 2015-02-09 12:11:06 - La machine a redémarré
      ComboFix-quarantined-files.txt 2015-02-09 11:11
      ComboFix2.txt 2015-02-09 06:54
      ComboFix3.txt 2015-02-09 06:28
      ComboFix4.txt 2015-02-08 05:47
      .
      Avant-CF: 905 495 552 000 octets libres
      Après-CF: 905 394 855 936 octets libres
      .
      - - End Of File - - 9C96334995F02CA7CD1693AB8FEE9930
      0
    5. nounoumag Messages postés 26 Statut Membre
       
      E deals est toujours la!!!ca me saoul ce virus!!!
      0
  10. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    /!\ Crée un point de restauration manuel avant d'appliquer le correctif - Tutoriel en images/!\

    ▶ Ouvre le Bloc-notes (Démarrer => Tous les programmes => Accessoires => Bloc-notes)
    ▶ Copie/colle la totalité du contenu de la zone Code ci-dessous dans le Bloc-notes


    start
    () C:\Users\Magalie Borne\AppData\Local\shdocvwlivesspProvider\shdocvwlivesspProvider.exe
    () C:\Users\Magalie Borne\AppData\Local\shdocvwlivesspProvider\foldercomdlg64.exe
    ProxyServer: [S-1-5-21-1309601020-257529793-1413556044-1000] => http=127.0.0.1:9987
    SearchScopes: HKU\S-1-5-21-1309601020-257529793-1413556044-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-1309601020-257529793-1413556044-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
    SearchScopes: HKU\S-1-5-21-1309601020-257529793-1413556044-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
    SearchScopes: HKU\S-1-5-21-1309601020-257529793-1413556044-1004 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = https://uk.ask.com{searchterms}&l=dis&o=HPDTDF [Pays IE - 185.23.44.87]
    R2 shdocvwlivesspProvider.exe; C:\Users\Magalie Borne\AppData\Local\shdocvwlivesspProvider\shdocvwlivesspProvider.exe [209920 2015-02-09] () [File not signed]
    R2 wauctla Service; C:\Windows\wauctla.exe [188928 2015-02-06] () [File not signed]
    S2 classdaemon64.exe; C:\Users\Magalie Borne\AppData\Local\classdaemon64\classdaemon64.exe [X]
    S2 CronKeyboardPerl.exe; C:\Users\Magalie Borne\AppData\Local\CronKeyboardPerl\CronKeyboardPerl.exe [X]
    S2 DatabaseMotionScreenshot.exe; C:\Users\Magalie Borne\AppData\Local\DatabaseMotionScreenshot\DatabaseMotionScreenshot.exe [X]
    2015-02-09 07:08 - 2015-02-09 07:09 - 00000000 ____D () C:\Users\Magalie Borne\AppData\Local\shdocvwlivesspProvider
    2015-02-07 17:54 - 2015-02-07 17:54 - 00000000 ____D () C:\Users\Magalie Borne\Documents\Optimizer Pro
    2015-02-07 17:47 - 2014-11-02 06:32 - 00001326 _____ () C:\Users\Magalie Borne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
    end


    ▶ Enregistre le fichier sur ton Bureau (au même endroit que FRST) sous le nom fixlist.txt
    ▶ Ferme toutes les applications, y compris ton navigateur
    ▶ Double-clique sur FRST.exe
    /!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
    ▶ Sur le menu principal, clique une seule fois sur Fix et patiente le temps de la correction
    ▶ L'outil va créer un rapport de correction Fixlog.txt. Poste ce rapport dans ta réponse.

    /!\ Ce script a été établi pour cet utilisateur, il ne doit, en aucun cas, être appliqué sur un autre système, au risque de provoquer de graves dysfonctionnement et endommager Windows /!\
    0
    1. nounoumag Messages postés 26 Statut Membre
       
      Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
      Ran by Magalie Borne at 2015-02-09 16:40:13 Run:1
      Running from C:\Users\Magalie Borne\Desktop
      Loaded Profiles: Magalie Borne & UpdatusUser (Available profiles: Magalie Borne & Jean-Damien Borne & UpdatusUser)
      Boot Mode: Normal
      ==============================================

      Content of fixlist:
      *****************
      start
      () C:\Users\Magalie Borne\AppData\Local\shdocvwlivesspProvider\shdocvwlivesspProvider.exe
      () C:\Users\Magalie Borne\AppData\Local\shdocvwlivesspProvider\foldercomdlg64.exe
      ProxyServer: [S-1-5-21-1309601020-257529793-1413556044-1000] => http=127.0.0.1:9987
      SearchScopes: HKU\S-1-5-21-1309601020-257529793-1413556044-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
      SearchScopes: HKU\S-1-5-21-1309601020-257529793-1413556044-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
      SearchScopes: HKU\S-1-5-21-1309601020-257529793-1413556044-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
      SearchScopes: HKU\S-1-5-21-1309601020-257529793-1413556044-1004 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = https://uk.ask.com{searchterms}&l=dis&o=HPDTDF [Pays IE - 185.23.44.87]
      R2 shdocvwlivesspProvider.exe; C:\Users\Magalie Borne\AppData\Local\shdocvwlivesspProvider\shdocvwlivesspProvider.exe [209920 2015-02-09] () [File not signed]
      R2 wauctla Service; C:\Windows\wauctla.exe [188928 2015-02-06] () [File not signed]
      S2 classdaemon64.exe; C:\Users\Magalie Borne\AppData\Local\classdaemon64\classdaemon64.exe [X]
      S2 CronKeyboardPerl.exe; C:\Users\Magalie Borne\AppData\Local\CronKeyboardPerl\CronKeyboardPerl.exe [X]
      S2 DatabaseMotionScreenshot.exe; C:\Users\Magalie Borne\AppData\Local\DatabaseMotionScreenshot\DatabaseMotionScreenshot.exe [X]
      2015-02-09 07:08 - 2015-02-09 07:09 - 00000000 ____D () C:\Users\Magalie Borne\AppData\Local\shdocvwlivesspProvider
      2015-02-07 17:54 - 2015-02-07 17:54 - 00000000 ____D () C:\Users\Magalie Borne\Documents\Optimizer Pro
      2015-02-07 17:47 - 2014-11-02 06:32 - 00001326 _____ () C:\Users\Magalie Borne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
      end
      *****************

      [2144] C:\Users\Magalie Borne\AppData\Local\shdocvwlivesspProvider\shdocvwlivesspProvider.exe => Process closed successfully.
      [2176] C:\Users\Magalie Borne\AppData\Local\shdocvwlivesspProvider\foldercomdlg64.exe => Process closed successfully.
      HKU\S-1-5-21-1309601020-257529793-1413556044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
      HKU\S-1-5-21-1309601020-257529793-1413556044-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
      "HKU\S-1-5-21-1309601020-257529793-1413556044-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
      HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found.
      "HKU\S-1-5-21-1309601020-257529793-1413556044-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
      HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found.
      "HKU\S-1-5-21-1309601020-257529793-1413556044-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
      HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
      shdocvwlivesspProvider.exe => Service deleted successfully.
      wauctla Service => Unable to stop service
      wauctla Service => Service deleted successfully.
      classdaemon64.exe => Service deleted successfully.
      CronKeyboardPerl.exe => Service deleted successfully.
      DatabaseMotionScreenshot.exe => Service deleted successfully.
      C:\Users\Magalie Borne\AppData\Local\shdocvwlivesspProvider => Moved successfully.
      C:\Users\Magalie Borne\Documents\Optimizer Pro => Moved successfully.
      C:\Users\Magalie Borne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk => Moved successfully.


      The system needed a reboot.

      ==== End of Fixlog 16:40:18 ====
      0
    2. nounoumag Messages postés 26 Statut Membre
       
      bon j'espère que j'ai fait ce qui faut car j'avais pas forcément compris la manipulation!!juste pour info cette page d'accueil qui s'affiche my startsearch est arrivé en téléchargeant combofix!!ca a l'air d'être une poisse ca aussi!!
      Mon ordi s'allume rapidement maintenant avant j'avais un écran noir qui s'affichait pendant quelques minutes c'est plutôt bon signe!!
      mais cette satanée page d'accueil est toujours la
      et edeals s'affiche toujours dans mes programmes!!tu crois qu'on va y arrivé???
      0
    3. nounoumag Messages postés 26 Statut Membre
       
      je peux remettre mon antivirus car j'ai été obliger de l'enlever?
      0
  11. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Salut,

    C'est pas combofix qui a mis search bidon. C'est parce que tu as cliqué sur les pubs.

    A ce stade tu ne dois plus avoir de pubs !!!

    reparamètres tes navigateurs WEB :
    * Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
    * Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
    * Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
    0
  12. nounoumag Messages postés 26 Statut Membre
     
    Coucou.Merci encore de ton aide!!

    je vais faire ma chiante:comment je peux enlever cette page d'accueil mysearch car j'ai paramétré internet mais elle est toujours la

    pour les pubs c'est une invasion donc parfois on clique dessus sans le vouloir!!!
    0
  13. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Coucou désolé du temps de réponse mais St Valentin toussa toussa :)

    C'est sur quel navigateur que tu souhaite changer ta page d'accueil ?
    0