Sujet Précédent Sujet Suivant

Infecté par divers virus

Résolu/Fermé
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015 - 28 nov. 2011 à 12:48
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 30 nov. 2011 à 20:51
Bonjour,

antivir m'a détecté plusieurs virus, trojan, que je n'arrive pas a éradiquer. j'ai essayé de télécharger hijacthis mais impossible. je poste un rapport alarmant de malwarabyte.
Si quelqu'un peut m'aider, merci.

www.malwarebytes.org

Version de la base de données: 8256

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

28/11/2011 12:41:08
mbam-log-2011-11-28 (12-40-43).txt

Type d'examen: Examen éclair
Elément(s) analysé(s): 149489
Temps écoulé: 16 seconde(s)

Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 104
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 19
Fichier(s) infecté(s): 77

Processus mémoire infecté(s):
c:\Users\kristobal\AppData\Roaming\F2263\ACA06.exe (Malware.Packer) -> 1660 -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 3436 -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\wins.exe (Trojan.Sefnit) -> 4160 -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\wins.exe (Trojan.Sefnit) -> 4452 -> No action taken.

Module(s) mémoire infecté(s):
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Internet Name Service (Trojan.Sefnit) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Internet Name Service\ImagePath (Trojan.P2P) -> Value: ImagePath -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\funwebproducts\Installr (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\funwebproducts\Installr\1.bin\chrome (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\thirdpartyinstallers (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Game (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\IE9Mesg (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Message (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

Fichier(s) infecté(s):
c:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
c:\Users\kristobal\AppData\Roaming\F2263\ACA06.exe (Malware.Packer) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\wins.exe (Trojan.Sefnit) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\wins.exe (Trojan.Sefnit) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
c:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> No action taken.
c:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IEOVR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\IE9Mesg\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.

42 réponses

Réponse 1 / 42
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
Modifié par Fish66 le 28/11/2011 à 12:58
Re,
1/
No action taken. les infections ne sont pas supprimées!

Relance Malwarebytes et à la fin de l'analyse clique sur "Afficher le résultat " puis sur "supprimer la sélection " et poste le rapport (il est long il est de préférence de l'héberger)

2/ Télécharge AdwCleaner (merci à Xplode)
Ou ADWCleaner ici
Lance AdwCleaner
Clique sur le bouton [ Suppression ]
Patiente...
Poste le rapport qui apparait en fin de recherche.
Il se trouve également à C:\AdwCleaner[SX] (où X est un chiffre)



_ _ _ Fish66_ _ _ I''"""""I_ _ membre _ _I''"""""I_ _ contributeur _ _ _
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
0
Réponse 2 / 42
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015
28 nov. 2011 à 13:38
re bonjour,
voici les rapports demandés. je précise que je suis avec un autre ordi car apres avoir effectué un redemarrage comme demandé je n'ai plus accés a internet sur l'ordi infecté.
cMalwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8256

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

28/11/2011 12:59:54
mbam-log-2011-11-28 (12-59-54).txt

Type d'examen: Examen éclair
Elément(s) analysé(s): 149370
Temps écoulé: 25 seconde(s)

Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 104
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 19
Fichier(s) infecté(s): 77

Processus mémoire infecté(s):
c:\Users\kristobal\AppData\Roaming\F2263\ACA06.exe (Malware.Packer) -> 1660 -> Unloaded process successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 3436 -> Unloaded process successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\wins.exe (Trojan.Sefnit) -> 4160 -> Unloaded process successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\wins.exe (Trojan.Sefnit) -> 4452 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Internet Name Service (Trojan.Sefnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Internet Name Service\ImagePath (Trojan.P2P) -> Value: ImagePath -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\thirdpartyinstallers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\IE9Mesg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\kristobal\AppData\Roaming\F2263\ACA06.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\windows internet name service\wins.exe (Trojan.Sefnit) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\windows internet name service\wins.exe (Trojan.Sefnit) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IEOVR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\IE9Mesg\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

# AdwCleaner v1.319 - Rapport créé le 28/11/2011 à 13:04:32
# Mis à jour le 20/11/11 à 11h par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : kristobal - KRISTOBAL-PC (Administrateur)
# Exécuté depuis : C:\Users\kristobal\Downloads\adwcleaner.exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : : MyWebSearchService

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files (x86)\MyWebSearch

***** [Registre] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

***** [Registre (x64)] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v15.0.874.121

Fichier : C:\Users\kristobal\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [9378 octets] - [28/11/2011 13:04:09]
AdwCleaner[S1].txt - [9247 octets] - [28/11/2011 13:04:32]

*************************

Dossier Temporaire : 1 dossier(s)et 13 fichier(s) supprimés

########## EOF - C:\AdwCleaner[S1].txt - [9467 octets] ##########
0
Réponse 3 / 42
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
28 nov. 2011 à 17:52
Re,
1/
* Télécharge de AD-Remover sur ton Bureau.
http://www.teamxscript.org/adremoverTelechargement.html

/!\ Ferme toutes applications en cours /!\

- Double sur l'icône Ad-remover située sur ton Bureau.
-Pour vista/Seven : clique avec le bouton droit de la souris et choisis « exécuter en tant qu'administrateur »
- Sur la page, clique sur le bouton « chercher »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c

2/
Nous allons effectuer un diagnostic de ton PC:
*Télécharge ZHPDiag sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

* Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum : http://www.cijoint.fr/
Si indisponible, tu peux essayer avec l'un de ces liens:
http://dl.free.fr
http://ww38.toofiles.com/fr/documents-upload.html
https://www.terafiles.net/
https://www.casimages.com/
http://pjjoint.malekal.com/

* Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Hébergement de rapport sur cijoint.fr/

Rend toi sur ce site : http://www.cijoint.fr/
Clique sur Choisissez un fichier
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme : http://www.cijoint.fr/cjlink.php?file=cj44123/cijSKAP5fU.txt
est ajouté dans la page. Copie ce lien dans ta réponse.
============================================
Aide : >>> hébergement ICI <<<

@+
0
Réponse 4 / 42
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015
28 nov. 2011 à 18:35
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 18:02:01 le 28/11/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
kristobal@KRISTOBAL-PC (Acer Aspire 5755G)

============== RECHERCHE ==============


Dossier trouvé: C:\Users\kristobal\AppData\LocalLow\FunWebProducts
Dossier trouvé: C:\Users\kristobal\AppData\LocalLow\MyWebSearch
Fichier trouvé: C:\Program Files (x86)\Windows Live\Messenger\Riched20.dll
Fichier trouvé: C:\Program Files (x86)\Windows Live\Messenger\Msimg32.dll

Clé trouvée: HKCU\Software\FunWebProducts
Clé trouvée: HKCU\Software\AppDataLow\Software\Fun Web Products
Clé trouvée: HKCU\Software\AppDataLow\Software\FunWebProducts
Clé trouvée: HKCU\Software\AppDataLow\Software\MyWebSearch
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé trouvée: HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA}


============== SCAN ADDITIONNEL ==============

**** Google Chrome Version [15.0.874.121] ****


-- C:\Users\kristobal\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Activé: true) (?)
Preferences - homepage: hxxp://www.google.com
Preferences - homepage_is_newtabpage: false
Plugin - Remoting Viewer (Activé: true) (internal-remoting-viewer) (x)
Plugin - Native Client (Activé: true) (C:\Users\kristobal\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll)
Plugin - Windows Live\u0099 Photo Gallery (Activé: true) (C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll)
Plugin - "Silverlight" (Activé: true)
Plugin - "Remoting Viewer" (Activé: true)
Plugin - "Native Client" (Activé: true)
Plugin - "McAfee SiteAdvisor" (Activé: true)
Plugin - "Windows Live\u0099 Photo Gallery" (Activé: true)

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://acer.msn.com
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://www.google.fr/
HKLM_Main|Default_Page_URL - hxxp://acer.msn.com
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://acer.msn.com
HKLM_Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (x)
HKCU_ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} - C:\Users\kristobal\AppData\Local\Google\Chrome\Application\14.0.835.202\chrome_launcher.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086} - "?" (?)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files (x86)\PokerStars.FR\main.ico)
BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll) (x)
BHO\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - "CIESpeechBHO Class" (C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 0 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 28/11/2011 18:02:50 (4187 Octet(s))

Fin à: 18:03:36, 28/11/2011

============== E.O.F ==============
0
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015
28 nov. 2011 à 18:36
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20111128_r15r5m9o8c6
voila tout ce que tu as demandé. merci pour ton aide
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 42
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
28 nov. 2011 à 19:15
Re,

Lance Ad-remover puis clique sur "Nettoyer" et poste le rapport stp

==========================

Avant d'utiliser ComboFix :

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

si tu as ce genre de d'outils sur ton pc Utilise Defogger pour les désactiver temporairement : sinon passe directement à combofix

. Télécharge Defogger (de jpshortstuff) sur ton Bureau

. Lance le

Une fenêtre apparait : clique sur "Disable"

. Fais redémarrer l'ordinateur si l'outil te le demande

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

Attention, avant de commencer, lit attentivement la procédure

/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\

? Fais un clic droit sur ce lien, enregistre le dans ton bureau

Voici Aide combofix


* /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\


*Double-clique sur ComboFix.exe (ou exécuter en tant qu'administrateur pour vista et seven)

Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

** SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)

? Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

*En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

** /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

*Note : Le rapport se trouve également là : C:\ComboFix.txt

@+
0
Réponse 6 / 42
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015
28 nov. 2011 à 19:52
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:20:02 le 28/11/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
kristobal@KRISTOBAL-PC (Acer Aspire 5755G)

============== ACTION(S) ==============


Dossier supprimé: C:\Users\kristobal\AppData\LocalLow\FunWebProducts
Dossier supprimé: C:\Users\kristobal\AppData\LocalLow\MyWebSearch
Fichier supprimé: C:\Program Files (x86)\Windows Live\Messenger\Riched20.dll
Fichier supprimé: C:\Program Files (x86)\Windows Live\Messenger\Msimg32.dll

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKCU\Software\FunWebProducts
Clé supprimée: HKCU\Software\AppDataLow\Software\Fun Web Products
Clé supprimée: HKCU\Software\AppDataLow\Software\FunWebProducts
Clé supprimée: HKCU\Software\AppDataLow\Software\MyWebSearch
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA}


============== SCAN ADDITIONNEL ==============

**** Google Chrome Version [15.0.874.121] ****


-- C:\Users\kristobal\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Activé: true) (?)
Preferences - homepage: hxxp://www.google.com
Preferences - homepage_is_newtabpage: false
Plugin - Remoting Viewer (Activé: true) (internal-remoting-viewer) (x)
Plugin - Native Client (Activé: true) (C:\Users\kristobal\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll)
Plugin - Windows Live\u0099 Photo Gallery (Activé: true) (C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll)
Plugin - "Silverlight" (Activé: true)
Plugin - "Remoting Viewer" (Activé: true)
Plugin - "Native Client" (Activé: true)
Plugin - "McAfee SiteAdvisor" (Activé: true)
Plugin - "Windows Live\u0099 Photo Gallery" (Activé: true)

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} - C:\Users\kristobal\AppData\Local\Google\Chrome\Application\14.0.835.202\chrome_launcher.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086} - "?" (?)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files (x86)\PokerStars.FR\main.ico)
BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll) (x)
BHO\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - "CIESpeechBHO Class" (C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 7 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 28/11/2011 19:20:10 (4446 Octet(s))
C:\Ad-Report-SCAN[1].txt - 28/11/2011 18:02:50 (4325 Octet(s))

Fin à: 19:21:00, 28/11/2011

============== E.O.F ==============

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:20:02 le 28/11/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
kristobal@KRISTOBAL-PC (Acer Aspire 5755G)

============== ACTION(S) ==============


Dossier supprimé: C:\Users\kristobal\AppData\LocalLow\FunWebProducts
Dossier supprimé: C:\Users\kristobal\AppData\LocalLow\MyWebSearch
Fichier supprimé: C:\Program Files (x86)\Windows Live\Messenger\Riched20.dll
Fichier supprimé: C:\Program Files (x86)\Windows Live\Messenger\Msimg32.dll

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKCU\Software\FunWebProducts
Clé supprimée: HKCU\Software\AppDataLow\Software\Fun Web Products
Clé supprimée: HKCU\Software\AppDataLow\Software\FunWebProducts
Clé supprimée: HKCU\Software\AppDataLow\Software\MyWebSearch
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA}


============== SCAN ADDITIONNEL ==============

**** Google Chrome Version [15.0.874.121] ****


-- C:\Users\kristobal\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Activé: true) (?)
Preferences - homepage: hxxp://www.google.com
Preferences - homepage_is_newtabpage: false
Plugin - Remoting Viewer (Activé: true) (internal-remoting-viewer) (x)
Plugin - Native Client (Activé: true) (C:\Users\kristobal\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll)
Plugin - Windows Live\u0099 Photo Gallery (Activé: true) (C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll)
Plugin - "Silverlight" (Activé: true)
Plugin - "Remoting Viewer" (Activé: true)
Plugin - "Native Client" (Activé: true)
Plugin - "McAfee SiteAdvisor" (Activé: true)
Plugin - "Windows Live\u0099 Photo Gallery" (Activé: true)

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} - C:\Users\kristobal\AppData\Local\Google\Chrome\Application\14.0.835.202\chrome_launcher.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086} - "?" (?)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files (x86)\PokerStars.FR\main.ico)
BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll) (x)
BHO\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - "CIESpeechBHO Class" (C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 7 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 28/11/2011 19:20:10 (4446 Octet(s))
C:\Ad-Report-SCAN[1].txt - 28/11/2011 18:02:50 (4325 Octet(s))

Fin à: 19:21:00, 28/11/2011

============== E.O.F ==============


Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3948.2546 [GMT 1:00]
Lancé depuis: c:\users\kristobal\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\063F\4D73.tmp
c:\program files (x86)\LP\063F\6133.tmp
c:\program files (x86)\LP\063F\644F.tmp
c:\program files (x86)\LP\063F\BB65.tmp
c:\program files (x86)\LP\063F\C199.tmp
c:\program files (x86)\LP\063F\E1F7.tmp
c:\programdata\FullRemove.exe
c:\users\kristobal\AppData\Roaming\Microsoft\Windows\Recent\Freeplayer.org.url
c:\windows\SysWow64\SvcWatch.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SvcWatch
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-10-28 au 2011-11-28 ))))))))))))))))))))))))))))))))))))
.
.
2011-11-28 18:31 . 2011-11-28 18:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-28 18:31 . 2011-11-28 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 17:07 . 2011-11-28 17:07 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-11-28 17:06 . 2011-11-28 17:08 -------- d-----w- C:\ZHP
2011-11-28 17:05 . 2011-11-28 17:07 -------- d-----w- c:\program files (x86)\ZHPDiag
2011-11-28 17:01 . 2011-11-28 17:02 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-11-28 12:09 . 2011-11-28 13:07 -------- d-----w- c:\users\kristobal\AppData\Local\Diagnostics
2011-11-28 10:59 . 2011-11-28 10:59 -------- d-----w- c:\users\kristobal\AppData\Roaming\Malwarebytes
2011-11-28 10:59 . 2011-11-28 10:59 -------- d-----w- c:\programdata\Malwarebytes
2011-11-28 10:58 . 2011-11-28 11:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-28 10:58 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 09:35 . 2011-11-28 09:35 -------- d-----w- c:\users\kristobal\AppData\Roaming\634E5
2011-11-28 09:14 . 2011-11-28 09:14 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-27 22:39 . 2011-11-27 22:39 -------- d-----w- c:\users\kristobal\AppData\Roaming\Avira
2011-11-27 22:34 . 2011-07-21 11:22 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-27 22:34 . 2011-07-21 11:22 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-27 22:34 . 2011-11-27 22:34 -------- d-----w- c:\programdata\Avira
2011-11-27 22:34 . 2011-11-27 22:34 -------- d-----w- c:\program files (x86)\Avira
2011-11-27 22:29 . 2011-11-28 11:05 -------- d-----w- c:\program files (x86)\634E5
2011-11-27 22:29 . 2011-11-28 11:59 -------- d-----w- c:\users\kristobal\AppData\Roaming\F2263
2011-11-25 19:20 . 2011-11-25 19:20 -------- d-----w- c:\users\kristobal\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
2011-11-25 19:20 . 2011-11-25 19:20 -------- d-----w- c:\program files (x86)\Winamax Poker
2011-11-25 19:19 . 2011-11-27 22:28 -------- d-----w- c:\users\kristobal\AppData\Local\Adobe
2011-11-08 23:20 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 23:20 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 23:20 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 23:20 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-03 09:13 . 2011-11-03 09:13 -------- d-----w- c:\program files (x86)\OrangeBS
2011-11-03 09:12 . 2011-11-23 11:54 -------- d-----w- c:\program files (x86)\Common Files\France Telecom
2011-11-03 09:12 . 2009-05-29 22:31 10496 ----a-w- c:\windows\system32\drivers\gtuhsser.sys
2011-11-03 09:11 . 2009-05-29 22:31 88576 ----a-w- c:\windows\system32\drivers\gtuhsbus.sys
2011-11-03 09:11 . 2009-05-29 22:31 129536 ----a-w- c:\windows\system32\drivers\gtuhs51.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 10:43 . 2011-10-25 10:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-16 10:52 . 2011-10-16 10:52 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-14 21:35 . 2011-10-14 21:35 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-14 21:35 . 2011-10-14 21:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-14 21:35 . 2011-10-14 21:35 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-09-01 05:24 . 2011-10-14 08:38 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-14 08:38 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-14 08:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-14 08:38 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-14 08:38 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-14 08:38 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-31 1092688]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-09 177448]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs51.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-31 352848]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-01-18 39528]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-30 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283066112-2287036311-1564892160-1001Core.job
- c:\users\kristobal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-13 17:58]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283066112-2287036311-1564892160-1001UA.job
- c:\users\kristobal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-13 17:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"combofix"="c:\combofix\CF20202.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:52667
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-BEWINTERNET-FR-DMESessionManager - c:\program files (x86)\OrangeBS\BEWInternet\SessionManager\SessionManager.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Heure de fin: 2011-11-28 19:35:55 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-11-28 18:35
.
Avant-CF: 672 464 015 360 octets libres
Après-CF: 674 199 031 808 octets libres
.
- - End Of File - - D24ADABA32E818EE9667FB6D1334DF68
0
Réponse 7 / 42
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
28 nov. 2011 à 20:24
Re,

* Télécharge sur le bureau RogueKiller (par tigzy)
https://www.luanagames.com/index.fr.html


*( Sous Vista/Seven,clique droit, lancer en tant qu'administrateur )

* Quitte tous tes programmes en cours
* Lance RogueKiller.exe.
* Lorsque demandé, tape 1 et valide
*Si le rogue empêche le lancement du programme, Renomme (RogueKiller) en "winlogon" ou "firefox". Sinon renomme le en winlogon.exe ou firefox.exe (rajouter l'extension .exe)
* Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
* Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois.
0
Réponse 8 / 42
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015
28 nov. 2011 à 21:08
RogueKiller V6.1.10 [18/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: kristobal [Droits d'admin]
Mode: Recherche -- Date : 28/11/2011 21:06:26

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:52667) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost


Termine : << RKreport[1].txt >>
RKreport[1].txt
0
Réponse 9 / 42
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
28 nov. 2011 à 21:21
Re,

Lance RogueKiller puis tapes : 2 ensuite 4 et poste les deux rapports correspondants

Bonne nuit

A demain

0
Réponse 10 / 42
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015
28 nov. 2011 à 21:24
RogueKiller V6.1.10 [18/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: kristobal [Droits d'admin]
Mode: Suppression -- Date : 28/11/2011 21:23:14

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:52667) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost


Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V6.1.10 [18/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: kristobal [Droits d'admin]
Mode: Proxy RAZ -- Date : 28/11/2011 21:23:23

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Entrees de registre: 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:52667) -> DELETED

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
0
Réponse 11 / 42
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
29 nov. 2011 à 08:35
Bonjour,

Lance ZHPDiag depuis le bureau et prépare stp un nouveau rapport ZHPDiag

@+
0
Réponse 12 / 42
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015
29 nov. 2011 à 09:52
bonjour,

Rapport de ZHPDiag v1.28.2423 par Nicolas Coolman, Update du 27/11/2011
Run by kristobal at 29/11/2011 09:46:43
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
State : Version à jour.


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v15.0.874.121 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3947 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 628 GB (91%) free of 684 GB

---\\ Logged in mode
~ Computer Name: KRISTOBAL-PC
~ User Name: kristobal
~ All Users Names: UpdatusUser, kristobal, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\kristobal\AppData\Roaming\
~ %Desktop% : C:\Users\kristobal\Desktop\
~ %Favorites% : C:\Users\kristobal\Favorites\
~ %LocalAppData% : C:\Users\kristobal\AppData\Local\
~ %StartMenu% : C:\Users\kristobal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 628 Go of 684 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoDispScrSavPage: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/10/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.DD81D91FF3B0763C392422865C9AC12E] - (....) (.14/07/2009 - 02:39:31.) -- C:\Windows\system32\rundll32.exe [45568]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\system32\Wininit.exe [129024]
[MD5.271E8FB1354AA205A214F280A6766E30] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/10/2011 - 06:17:57.) -- C:\Windows\system32\wininet.dll [1389056]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\system32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\system32\sppcomapi.dll [232448]
[MD5.0D57D091E06BB1E58E72E5D08479FDDF] - (....) (.14/07/2011 - 18:41:01.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]
[MD5.D5B031C308A409A0A576BFF4CF083D30] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/10/2011 - 03:34:03.) -- C:\Windows\system32\drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/10/2011 - 03:40:40.) -- C:\Windows\system32\drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/10/2011 - 07:41:34.) -- C:\Windows\system32\drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\drivers\volsnap.sys [295808]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/12
~ Mes musiques (My Musics) : 235/554
~ Mes Videos (My Videos) : 1/10
~ Mes Favoris (My Favorites) : 3/18
~ Mes Documents (My Documents) : 1/23
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 7/29
~ Scan Hidden Files in 00mn 00s



---\\ Processus lancés
[MD5.C0B97E53A0E39A48EEA2DCD500EEA07A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160] [PID.2844]
[MD5.75AD45ED633B866D90AEAA296C21F7E8] - (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336] [PID.2272]
[MD5.E7EA57B35951D093A9647D8D5CE3340D] - (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920] [PID.2440]
[MD5.0D360F06B168A6F37ACA9D9F958245DA] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280] [PID.1716]
[MD5.F0A99E3E103375FF23815C3E87C0FB57] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1092688] [PID.3076]
[MD5.9D51EA92A612B37E76E5E4621650C50A] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288] [PID.3084]
[MD5.C058352639E9749EDE92CD9760CACE5F] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [334416] [PID.3132]
[MD5.41D4102A550711871BB2DC49EA03CA7B] - (.CyberLink Corp. - clear.fi Movie Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448] [PID.3232]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768] [PID.3768]
[MD5.026423673B8563E9975BDA97ED6273C7] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [449608] [PID.3792]
[MD5.9DC1C210895A9F15AC8A9E3E40EFD768] - (.CyberLink Corp. - clear.fi Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [120104] [PID.4000]
[MD5.542D3040C7EF444589153BB625A84978] - (.CyberLink - DMREngine.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [169352] [PID.4224]
[MD5.DC1AA3868108B8FF57F6C8045FCD4603] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584] [PID.4552]
[MD5.5E101BF6336D3DEF4A588BF56BB2AA38] - (.Google Inc. - Google Chrome.) -- C:\Users\kristobal\AppData\Local\Google\Chrome\Application\chrome.exe [1036344] [PID.5744]
[MD5.A29999E6CF54648B4C9DA986A0AEB325] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [707072] [PID.5124]
[MD5.A5BCBAF0477C4869B67E0195AEA4A9CD] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360] [PID.]
[MD5.3CCE4AFA4AACDB28E01A148394212186] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480] [PID.]
[MD5.32C2CD16DC801AEF9EDAAFEA0DBD769E] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [352848] [PID.]
[MD5.F74285FC99CC90594619D6C85CCF37B7] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [416848] [PID.]
[MD5.F95126E44EBA95A30FB0E4CE6E916015] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [39528] [PID.]
[MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624] [PID.]
[MD5.1873214666F6F0A883742DF91FBC48C9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832] [PID.]
[MD5.B25F192EA1F84A316EB7C19EFCCCF33D] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.]
[MD5.D75C4B4A8FE6D7FD74A7EECDBAEC729F] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.]
[MD5.94E920BE59B9AB65D95E582DBAA136AC] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [366152] [PID.]
[MD5.A072423C3812472D326BC774610055CF] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2009704] [PID.]
[MD5.758C2CE427C343F780A205E28555C98D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.]
~ Scan Processes Running in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\kristobal\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.google.com/?gws_rd=ssl
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\kristobal\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\kristobal\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?cobrand=acer.msn.com&ocid=AARDHP&pc=MAAR
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: McAfee Phishing Filter [64Bits] - {27B4851A-3207-45A2-B947-BE8AFE6163AB} . (...) -- c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL (.not file.)
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter [64Bits] - {27B4851A-3207-45A2-B947-BE8AFE6163AB} . (...) -- c:\progra~1\mcafee\msk\mskapbho.dll (.not file.)
O2 - BHO: IESpeakDoc [64Bits] - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} . (.Atheros Commnucations - Bluetooth IE PlugIn.) -- C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
O2 - BHO: Windows Live Messenger Companion Helper [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) -- C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
~ Scan BHO in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\wscript.exe
O4 - HKLM\..\Run: [ETDCtrl] . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Serveur Stack Bluetooth.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Suite Common Rescource.) -- C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Dolby Advanced Audio v2] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Dolby PCEE4\pcee4.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcadeMovieService] . (.CyberLink Corp. - clear.fi Movie Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\Wow6432Node\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKUS\S-1-5-21-3283066112-2287036311-1564892160-1001-3283066112-2287036311-1564892160-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\system32\msiexec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\system32\msiexec.exe
O4 - HKUS\S-1-5-21-3283066112-2287036311-1564892160-1001-3283066112-2287036311-1564892160-1000\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\kristobal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\kristobal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\kristobal\Desktop\Ad-Remover.lnk . (...) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - Global Startup: C:\Users\kristobal\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: C:\Users\kristobal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 8.lnk . (.ashampoo Technology GmbH & Co. KG.) -- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 8\burningstudio.exe
O4 - Global Startup: C:\Users\kristobal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\kristobal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.fr.lnk . (.PokerStars.) -- C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
~ Scan Global Startup in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
~ Scan Winsock in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AA8A1DD-F3EC-48AD-843F-405C40846A2D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F6B91F6-071B-4EC2-AE97-EE3229A60D66}: DhcpNameServer = 193.253.141.132 193.253.141.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FB940D0-0E6A-4F59-9622-3E30F6CD247C}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FB940D0-0E6A-4F59-9622-3E30F6CD247C}: DhcpDomain = PXE.ACER.COM
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AA8A1DD-F3EC-48AD-843F-405C40846A2D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F6B91F6-071B-4EC2-AE97-EE3229A60D66}: DhcpNameServer = 193.253.141.132 193.253.141.133
O17 - HKLM\System\CS1\Services\Tcpip\..\{6FB940D0-0E6A-4F59-9622-3E30F6CD247C}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CS1\Services\Tcpip\..\{6FB940D0-0E6A-4F59-9622-3E30F6CD247C}: DhcpDomain = PXE.ACER.COM
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AA8A1DD-F3EC-48AD-843F-405C40846A2D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F6B91F6-071B-4EC2-AE97-EE3229A60D66}: DhcpNameServer = 193.253.141.132 193.253.141.133
O17 - HKLM\System\CS2\Services\Tcpip\..\{6FB940D0-0E6A-4F59-9622-3E30F6CD247C}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CS2\Services\Tcpip\..\{6FB940D0-0E6A-4F59-9622-3E30F6CD247C}: DhcpDomain = PXE.ACER.COM
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
~ Scan Protocole Additionnel in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll
~ Scan Winlogon in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA Compatible NVIDIA shim initializatio.) - C:\Windows\System32\nvinitx.dll
~ Scan AppInit DLL in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\system32\webcheck.dll
~ Scan SSODL in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AtherosSvc (AtherosSvc) . (.Atheros Commnucations - AdminService Application.) - C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
O23 - Service: Dritek WMI Service (DsiWMIService) . (.Dritek System Inc. - Dritek WMI Service.) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) . (.Acer Incorporated - ePowerSvc.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GREGService (GREGService) . (.Acer Incorporated - Global Registration Service.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Live Updater Service (Live Updater Service) . (.Acer Incorporated - Updater Service.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NTI IScheduleSvc (NTI IScheduleSvc) . (.NTI Corporation - Backup Manager Module.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 268.0.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ Scan Keys in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283066112-2287036311-1564892160-1001Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283066112-2287036311-1564892160-1001UA.job
[MD5.C76C72ACB62DA8537B1241C6B7B31F9E] [APT] [clear.fi] (.Acer Incorporated.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
[MD5.9DC1C210895A9F15AC8A9E3E40EFD768] [APT] [clear.fiAgent] (.CyberLink Corp..) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
[MD5.542D3040C7EF444589153BB625A84978] [APT] [DMREngine] (.CyberLink.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-3283066112-2287036311-1564892160-1001Core] (.Google Inc..) -- C:\Users\kristobal\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-3283066112-2287036311-1564892160-1001UA] (.Google Inc..) -- C:\Users\kristobal\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.3F3CA495B52E68FAF1B3125DDA0948BB] [APT] [Burn Notification] (.Acer.) -- C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe
~ Scan Scheduled Task in 00mn 02s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d'IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\system32\DRIVERS\avipbb.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\drivers\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (mwlPSDFilter) . (.Egis Technology Inc. - PSD Filter Driver.) - C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
O41 - Driver: (mwlPSDNServ) . (.Egis Technology Inc. - MyWinLocker PSD Named Pipe Driver.) - C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
O41 - Driver: (mwlPSDVDisk) . (.Egis Technology Inc. - MyWinLocker PSD Virtual Disk Driver.) - C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: ??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? - (.Microsoft Corporation.) [HKLM] -- {9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}
O42 - Logiciel: ???? ??? Windows Live - (.Microsoft Corporation.) [HKLM] -- {FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}
O42 - Logiciel: ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? - (.Microsoft Corporation.) [HKLM] -- {E18B30AA-6E2D-480C-B918-AF61009F4010}
O42 - Logiciel: ???? Windows Live - (.Microsoft Corporation.) [HKLM] -- {0A4C4B29-5A9D-4910-A13C-B920D5758744}
O42 - Logiciel: ????? Messenger - (.Microsoft Corporation.) [HKLM] -- {AB5977C5-11AE-4003-BA7D-261C48F2BC35}
O42 - Logiciel: ????? Windows Live - (.?????????? ??????????.) [HKLM] -- {B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}
O42 - Logiciel: ?????? ??????? ?? Windows Live - (.Microsoft Corporation.) [HKLM] -- {CE929F09-3853-4180-BD90-30764BFF7136}
O42 - Logiciel: ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? - (.Microsoft Corporation.) [HKLM] -- {BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}
O42 - Logiciel: ??????? Windows Live Mesh ActiveX ??? - (.Microsoft Corporation.) [HKLM] -- {622DE1BE-9EDE-49D3-B349-29D64760342A}
O42 - Logiciel: ???????? ?? Messenger - (.Microsoft Corporation.) [HKLM] -- {FEA0181F-3758-46DA-B7EC-F3CDFA7E0CE7}
O42 - Logiciel: ???????? ?????????? Windows Live - (.Microsoft Corporation.) [HKLM] -- {E83DC314-C926-4214-AD58-147691D6FE9F}
O42 - Logiciel: ????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) - (.Microsoft Corporation.) [HKLM] -- {A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}
O42 - Logiciel: ????????? Messenger - (.Microsoft Corporation.) [HKLM] -- {3705D53F-BB01-4BEE-8585-289E71CAC4B4}
O42 - Logiciel: ?????????? Windows Live - (.Microsoft Corporation.) [HKLM] -- {77F69CA1-E53D-4D77-8BA3-FA07606CC851}
O42 - Logiciel: ??????????? ?? Windows Live - (.Microsoft Corporation.) [HKLM] -- {4444F27C-B1A8-464E-9486-4C37BAB39A09}
O42 - Logiciel: Acer Backup Manager - (.NTI Corporation.) [HKLM] -- InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}
O42 - Logiciel: Acer Crystal Eye Webcam - (.CyberLink Corp..) [HKLM] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: Acer Crystal Eye Webcam - (.CyberLink Corp..) [HKLM] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: Acer GameZone Console - (.Oberon Media, Inc..) [HKLM] -- {C97623E2-0614-4845-B199-8E8BEC8E131C}_is1
O42 - Logiciel: Acer Registration - (.Acer Incorporated.) [HKLM] -- Acer Registration
O42 - Logiciel: Acer ScreenSaver - (.Acer Incorporated.) [HKLM] -- Acer Screensaver
O42 - Logiciel: Acer Updater - (.Acer Incorporated.) [HKLM] -- {EE171732-BEB4-4576-887D-CB62727F01CA}
O42 - Logiciel: Acer ePower Management - (.Acer Incorporated.) [HKLM] -- {3DB0448D-AD82-4923-B305-D001E521A964}
O42 - Logiciel: Acer eRecovery Management - (.Acer Incorporated.) [HKLM] -- {7F811A54-5A09-4579-90E1-C93498E230D9}
O42 - Logiciel: Acrobat.com - (.Adobe Systems Incorporated.) [HKLM] -- {287ECFA4-719A-2143-A09B-D6A12DE54E40}
O42 - Logiciel: ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ?????? - (.Microsoft Corporation.) [HKLM] -- {B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}
O42 - Logiciel: ActiveX-kontroll för fjärranslutningar för Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- {FE23D063-934D-4829-A0D8-00634CE79B4A}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 9.1 MUI - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-FFFF-7B44-A91000000001}
O42 - Logiciel: Ashampoo Burning Studio 8.09 - (.ashampoo GmbH & Co. KG.) [HKLM] -- Ashampoo Burning Studio 8_is1
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Backup Manager V3 - (.NTI Corporation.) [HKLM] -- {0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}
O42 - Logiciel: Bluetooth Win7 Suite (64) - (.Atheros Communications.) [HKLM] -- {230D1595-57DA-4933-8C4E-375797EBB7E1}
O42 - Logiciel: Broadcom Card Reader Driver Installer - (.Broadcom Corporation.) [HKLM] -- {4710662C-8204-4334-A977-B1AC9E547819}
O42 - Logiciel: Broadcom NetLink Controller - (.Broadcom Corporation.) [HKLM] -- {C91DCB72-F5BB-410D-A91A-314F5D1B4284}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Chicken Invaders 3 - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}
O42 - Logiciel: Complemento Messenger - (.Microsoft Corporation.) [HKLM] -- {3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}
O42 - Logiciel: Complément Messenger - (.Microsoft Corporation.) [HKLM] -- {6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
O42 - Logiciel: Control ActiveX Windows Live Mesh pentru conexiuni la distan?a - (.Microsoft Corporation.) [HKLM] -- {260E3D78-94E6-47EC-8E29-46301572BB1E}
O42 - Logiciel: Control ActiveX de Windows Live Mesh para conexiones remotas - (.Microsoft Corporation.) [HKLM] -- {04668DF2-D32F-4555-9C7E-35523DCD6544}
O42 - Logiciel: Control ActiveX del Windows Live Mesh per a connexions remotes - (.Microsoft Corporation.) [HKLM] -- {76C064E2-BB99-4453-8FDA-42BC01AD0734}
O42 - Logiciel: Controle ActiveX do Windows Live Mesh para Conexões Remotas - (.Microsoft Corporation.) [HKLM] -- {39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}
O42 - Logiciel: Controlo ActiveX do Windows Live Mesh para Ligações Remotas - (.Microsoft Corporation.) [HKLM] -- {E54EEB5D-41ED-40FE-B4A8-8565DB81469B}
O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Dolby Advanced Audio v2 - (.Dolby Laboratories Inc.) [HKLM] -- {B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}
O42 - Logiciel: Doplnok programu Messenger - (.Microsoft Corporation.) [HKLM] -- {6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}
O42 - Logiciel: Dream Day First Home - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}
O42 - Logiciel: ETDWare PS/2-X64 8.0.6.0_WHQL - (.ELAN Microelectronic Corp..) [HKLM] -- Elantech
O42 - Logiciel: Farm Frenzy 3 Ice Age - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118399487}
O42 - Logiciel: Flip Words - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}
O42 - Logiciel: Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych - (.Microsoft Corporation.) [HKLM] -- {B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}
O42 - Logiciel: Fotogalerija Windows Live - (.Microsoft Corporation.) [HKLM] -- {E59969EA-3B5B-4B24-8B94-43842A7FBFE9}
O42 - Logiciel: Freeplayer - (.Free.) [HKLM] -- Freeplayer
O42 - Logiciel: Galapago - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}
O42 - Logiciel: Galeria de Fotografias do Windows Live - (.Microsoft Corporation.) [HKLM] -- {0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}
O42 - Logiciel: Galeria fotografii uslugi Windows Live - (.Microsoft Corporation.) [HKLM] -- {CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}
O42 - Logiciel: Galeria fotogràfica del Windows Live - (.Microsoft Corporation.) [HKLM] -- {4736B0ED-F6A1-48EC-A1B7-C053027648F1}
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
O42 - Logiciel: Galerie foto Windows Live - (.Microsoft Corporation.) [HKLM] -- {CB66242D-12B1-4494-82D2-6F53A7E024A3}
O42 - Logiciel: Galería fotográfica de Windows Live - (.Microsoft Corporation.) [HKLM] -- {E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Identity Card - (.Acer Incorporated.) [HKLM] -- Identity Card
O42 - Logiciel: Intel(R) Control Center - (.Intel Corporation.) [HKLM] -- {F8A9085D-4C7A-41a9-8A77-C8998A96C421}
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM] -- {3E29EE6C-963A-4aae-86C1-DC237C4A49FC}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: Kontrola Windows Live Mesh ActiveX za daljinske veze - (.Microsoft Corporation.) [HKLM] -- {19CBDE24-2761-49A5-816B-D2BA65D0CA8D}
O42 - Logiciel: Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave - (.Microsoft Corporation.) [HKLM] -- {CA227A9D-09BE-4BFB-9764-48FED2DA5454}
O42 - Logiciel: Launch Manager - (.Acer Inc..) [HKLM] -- LManager
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.2.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: Messenger ???? - (.Microsoft Corporation.) [HKLM] -- {CF088261-BC81-4FB9-9BA0-7B5B9602D01A}
O42 - Logiciel: Messenger Assistent - (.Microsoft Corporation.) [HKLM] -- {56D42B00-572C-4AE9-BCFB-CD45A3B5D0E1}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {0535A238-D489-430E-9851-88E78BF84AAB}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {066219C8-4BE6-46D7-9E01-60FCFA6B32DC}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {082E37F5-3924-4168-A69A-1B6B1FEA587C}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {3889988F-762B-4B85-AB17-71C9CC3AE445}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {50816F92-1652-4A7C-B9BC-48F682742C4B}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {6DD3B54B-F0D0-4A69-8344-F52033225A02}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {781E0319-15CD-4A4C-A47E-D9FFF697E7A1}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {8142D25E-028A-4563-86ED-5755783C8029}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {847C879C-1467-4924-A491-1302B4C58F70}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {939C80FA-96C9-44A6-B318-8E7D8BD8481B}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {96403552-88D1-429F-9C92-388B814B885E}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {B44F3823-52DD-45CA-A916-8B320778715D}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {C7DAD22D-29D4-438F-B986-03B9ED582EA4}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {D58E381C-DE02-46A9-B9D1-A2CB807D2676}
O42 - Logiciel: Messenger Laguna - (.Microsoft Corporation.) [HKLM] -- {71542B43-809A-4A82-ADE0-88245759DC25}
O42 - Logiciel: Messenger Suradnik - (.Microsoft Corporation.) [HKLM] -- {3FD1CB9F-807F-451B-926C-9D19C84CFC61}
O42 - Logiciel: Messenger kíséro - (.Microsoft Corporation.) [HKLM] -- {F3ECEB0A-82A0-4DB9-BB44-393A66BA0871}
O42 - Logiciel: Messenger-kumppani - (.Microsoft Corporation.) [HKLM] -- {D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}
O42 - Logiciel: Microsoft Office 2010 - (.Microsoft Corporation.) [HKLM] -- {95140000-0070-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Moniteur de la technologie Intel® Turbo Boost 2.0 - (.Intel.) [HKLM] -- {B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}
O42 - Logiciel: MyWinLocker - (.Egis Technology Inc..) [HKLM] -- {0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}
O42 - Logiciel: MyWinLocker 4 - (.Egis Technology Inc..) [HKLM] -- {39F15B50-A977-4CA6-B1C3-6A8724CDA025}
O42 - Logiciel: MyWinLocker Suite - (.Egis Technology Inc..) [HKLM] -- InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}
O42 - Logiciel: MyWinLocker Suite - (.Egis Technology Inc..) [HKLM] -- {17DF9714-60C9-43C9-A9C2-32BCAED44CBE}
O42 - Logiciel: NTI Media Maker 9 - (.NTI Corporation.) [HKLM] -- InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
O42 - Logiciel: NVIDIA Pilote graphique 268.00 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
O42 - Logiciel: Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení - (.Microsoft Corporation.) [HKLM] -- {B6190387-0036-4BEB-8D74-A0AFC5F14706}
O42 - Logiciel: Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia - (.Microsoft Corporation.) [HKLM] -- {C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}
O42 - Logiciel: Poczta uslugi Windows Live - (.Microsoft Corporation.) [HKLM] -- {64376910-1860-4CEF-8B34-AA5D205FC5F1}
O42 - Logiciel: Podstawowe programy Windows Live - (.Microsoft Corporation.) [HKLM] -- {7A9D47BA-6D50-4087-866F-0800D8B89383}
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr
O42 - Logiciel: Pomocnik Messenger - (.Microsoft Corporation.) [HKLM] -- {BD8DA595-F501-4ABE-85A0-5C23E82472A0}
O42 - Logiciel: Posta Windows Live - (.Microsoft Corporation.) [HKLM] -- {7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}
O42 - Logiciel: Raccolta foto di Windows Live - (.Microsoft Corporation.) [HKLM] -- {ED16B700-D91F-44B0-867C-7EB5253CA38D}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Renesas Electronics USB 3.0 Host Controller Driver - (.Renesas Electronics Corporation.) [HKLM] -- InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}
O42 - Logiciel: Renesas Electronics USB 3.0 Host Controller Driver - (.Renesas Electronics Corporation.) [HKLM] -- {5442DAB8-7177-49E1-8B22-09A049EA5996}
O42 - Logiciel: S?????? f?t???af??? t?? Windows Live - (.Microsoft Corporation.) [HKLM] -- {C00C2A91-6CB3-483F-80B3-2958E29468F1}
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2478663
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2518870
O42 - Logiciel: Shredder - (.Egis Technology Inc..) [HKLM] -- {C2695E83-CF1D-43D1-84FE-B3BEC561012A}
O42 - Logiciel: Spremljevalec Messenger - (.Microsoft Corporation.) [HKLM] -- {F14F9EE9-9B68-42B4-90F7-0924F7619281}
O42 - Logiciel: Sprill and Ritchie - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117932650}
O42 - Logiciel: St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? - (.Microsoft Corporation.) [HKLM] -- {F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523
O42 - Logiciel: Urruneko konexioetarako Windows Live Mesh ActiveX kontrola - (.Microsoft Corporation.) [HKLM] -- {7BA6DF02-B094-45D7-A3C9-BE3684253922}
O42 - Logiciel: Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi - (.Microsoft Corporation.) [HKLM] -- {241E7104-937A-4366-AD57-8FDDDB003939}
O42 - Logiciel: VLC media player 1.1.11 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: Welcome Center - (.Acer Incorporated.) [HKLM] -- Acer Welcome Center
O42 - Logiciel: WinRAR 4.01 (32 bits) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Winamax Poker - (.Table 14.) [HKLM] -- wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O42 - Logiciel: Winamax Poker - (.Table 14.) [HKLM] -- {449970F2-3F03-B47F-7D4C-B0A020B96EFF}
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live ??? - (.Microsoft Corporation.) [HKLM] -- {EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}
O42 - Logiciel: Windows Live ???? - (.Microsoft Corporation.) [HKLM] -- {EEF99142-3357-402C-B298-DEC303E12D92}
O42 - Logiciel: Windows Live Argazki Galeria - (.Microsoft Corporation.) [HKLM] -- {86F444A5-C9B9-41DC-AF28-B5E46F5497C7}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- {06B05153-97E4-427E-B1A8-E098F6C5E52F}
O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- {17835B63-8308-427F-8CF5-D76E0D5FE457}
O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- {17F99FCE-8F03-4439-860A-25C5A543
0
Réponse 13 / 42
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
29 nov. 2011 à 12:59
Salut,

Le rapport est incomplet, héberge le stp!

@+
0
Réponse 14 / 42
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015
29 nov. 2011 à 13:02
c'est a dire?
0
Réponse 15 / 42
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
29 nov. 2011 à 13:04
Tu peux l'héberger avec l'un de ces sites:
http://dl.free.fr
http://ww38.toofiles.com/fr/documents-upload.html
https://www.terafiles.net/
https://www.casimages.com/
http://pjjoint.malekal.com/

* Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Hébergement de rapport sur cijoint.fr/

Rend toi sur ce site : http://www.cijoint.fr/
Clique sur Choisissez un fichier
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme : http://www.cijoint.fr/cjlink.php?file=cj44123/cijSKAP5fU.txt
est ajouté dans la page. Copie ce lien dans ta réponse.

@+
0
Réponse 16 / 42
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015
29 nov. 2011 à 13:08
il me dit qu'il ne peut uploader fichier avec extension
0
Réponse 17 / 42
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015
29 nov. 2011 à 13:12
mauvaise manip surement, voila le résultat
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20111129_b7x8s13y7k14
0
Réponse 18 / 42
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
Modifié par Fish66 le 29/11/2011 à 13:53
Re,
1/
C'est quoi ce logiciel : O42 - Logiciel: ????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) ?
Désinstalle le stp

2/
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )


O87 - FAEL: "{F9C70229-D44D-4D27-8936-F2CE5D2224F2}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (.not file.) => Infection Diverse (Trojan.Agent)
[MD5.ED92900BF225E26A4E54C2C14FA1424F] [SPRF][09/09/2011] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\kristobal\AppData\Local\Temp\AskSLib.dll [246440]
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr => PartyGaming PokerStars
O43 - CFD: 29/11/2011 - 11:55:42 - [2,730] ----D- C:\Users\kristobal\AppData\Local\PokerStars.FR => PartyGaming PokerStars
O43 - CFD: 16/11/2011 - 09:13:04 - [0] ----D- C:\Users\kristobal\AppData\Local\{0020FC67-D11B-45A1-BCAE-4BBED73B7666}
O43 - CFD: 03/11/2011 - 22:53:46 - [0] ----D- C:\Users\kristobal\AppData\Local\{06A76174-A636-4CEF-A269-873A34DEAE9F}
O43 - CFD: 16/10/2011 - 12:55:32 - [0] ----D- C:\Users\kristobal\AppData\Local\{0E62856F-1A59-4BDD-9D1E-244A910123B9}
O43 - CFD: 06/11/2011 - 21:59:32 - [0] ----D- C:\Users\kristobal\AppData\Local\{1155A2D2-1C25-4050-ACD3-B4341740E61C}
O43 - CFD: 28/11/2011 - 10:35:42 - [0] ----D- C:\Users\kristobal\AppData\Local\{296D3C30-4660-4262-AC26-5E1FE7DF29B4}
O43 - CFD: 18/10/2011 - 08:45:42 - [0] ----D- C:\Users\kristobal\AppData\Local\{2B9FDF2E-F726-41F1-A25C-F0D7044E5F77}
O43 - CFD: 09/11/2011 - 21:20:22 - [0] ----D- C:\Users\kristobal\AppData\Local\{32490B29-B5B6-4B0A-B944-1BD5EC81DB3F}
O43 - CFD: 01/11/2011 - 22:05:18 - [0] ----D- C:\Users\kristobal\AppData\Local\{34EF531F-495A-45E3-BE40-8FB8986BC6CE}
O43 - CFD: 01/11/2011 - 22:05:30 - [0] ----D- C:\Users\kristobal\AppData\Local\{35BD83E8-7608-4D9E-9FC2-355108A58308}
O43 - CFD: 25/10/2011 - 23:11:24 - [0] ----D- C:\Users\kristobal\AppData\Local\{38B4C43C-0C26-438E-B7D7-3656D30E319F}
O43 - CFD: 03/11/2011 - 22:53:36 - [0] ----D- C:\Users\kristobal\AppData\Local\{39A65429-92F2-445C-9D51-C683FDBEA10C}
O43 - CFD: 06/11/2011 - 21:59:20 - [0] ----D- C:\Users\kristobal\AppData\Local\{3D22913B-55C9-4240-935F-33B9B30C866D}
O43 - CFD: 05/11/2011 - 00:19:56 - [0] ----D- C:\Users\kristobal\AppData\Local\{4507F978-2F4F-4A2D-843B-D15D4760253A}
O43 - CFD: 24/10/2011 - 20:16:52 - [0] ----D- C:\Users\kristobal\AppData\Local\{452E5EDD-040E-4244-A7EE-D5C3D43DBA30}
O43 - CFD: 18/10/2011 - 08:45:30 - [0] ----D- C:\Users\kristobal\AppData\Local\{464A6820-B54F-42B6-A88B-AB13DC3AD2E2}
O43 - CFD: 23/11/2011 - 12:51:46 - [0] ----D- C:\Users\kristobal\AppData\Local\{47B04B95-ADAB-4165-87AC-7406E313E8EB}
O43 - CFD: 09/11/2011 - 21:20:34 - [0] ----D- C:\Users\kristobal\AppData\Local\{4FD5319D-9EA1-4F35-934E-5B585657FF22}
O43 - CFD: 05/11/2011 - 09:53:24 - [0] ----D- C:\Users\kristobal\AppData\Local\{5072F94D-761E-439A-90C0-36EBA3C973A2}
O43 - CFD: 05/11/2011 - 09:53:22 - [0] ----D- C:\Users\kristobal\AppData\Local\{5A1FD917-23E2-46EA-B999-085B01A810BC}
O43 - CFD: 07/11/2011 - 20:25:58 - [0] ----D- C:\Users\kristobal\AppData\Local\{63A08BF2-A083-4F0A-B48B-597D48F88ECB}
O43 - CFD: 27/11/2011 - 23:26:02 - [0] ----D- C:\Users\kristobal\AppData\Local\{73ACC03C-2F0B-4E97-9CA1-7D48568837C5}
O43 - CFD: 29/10/2011 - 09:11:26 - [0] ----D- C:\Users\kristobal\AppData\Local\{78894CFF-118D-4789-9446-A0140BDD2547}
O43 - CFD: 07/11/2011 - 20:26:08 - [0] ----D- C:\Users\kristobal\AppData\Local\{7B07C7E7-1A05-48F5-8DD4-88C9B4A4A0E1}
O43 - CFD: 21/10/2011 - 08:10:06 - [0] ----D- C:\Users\kristobal\AppData\Local\{7D3A7496-DC6F-4072-AECA-9B52C79C6A4F}
O43 - CFD: 16/10/2011 - 12:55:04 - [0] ----D- C:\Users\kristobal\AppData\Local\{80372C83-1BF0-41A8-A42B-15571BC9F658}
O43 - CFD: 03/11/2011 - 10:51:44 - [0] ----D- C:\Users\kristobal\AppData\Local\{825FCD5E-6A43-4C69-AA29-55706A9E7F02}
O43 - CFD: 28/11/2011 - 10:35:44 - [0] ----D- C:\Users\kristobal\AppData\Local\{84DAF2BA-C799-40C0-ADFF-E8580F905C83}
O43 - CFD: 24/10/2011 - 20:17:04 - [0] ----D- C:\Users\kristobal\AppData\Local\{85F3CC50-5392-423A-B91E-5C1ED90F8902}
O43 - CFD: 21/10/2011 - 08:10:06 - [0] ----D- C:\Users\kristobal\AppData\Local\{8C491F46-3F97-4D7D-B5CD-A508E30B71F4}
O43 - CFD: 20/10/2011 - 08:55:46 - [0] ----D- C:\Users\kristobal\AppData\Local\{A7031CEF-C645-47C4-B9B4-19FB4A9600C9}
O43 - CFD: 09/11/2011 - 00:16:04 - [0] ----D- C:\Users\kristobal\AppData\Local\{A9E4FB4E-0380-4287-A8BB-F915F41052E8}
O43 - CFD: 17/10/2011 - 08:35:56 - [0] ----D- C:\Users\kristobal\AppData\Local\{B7C86933-43CD-4A0D-9F71-73869DECBC15}
O43 - CFD: 25/10/2011 - 11:43:38 - [0] ----D- C:\Users\kristobal\AppData\Local\{C452F8ED-47A7-4E68-82C6-DE05B48FB073}
O43 - CFD: 06/11/2011 - 01:22:44 - [0] ----D- C:\Users\kristobal\AppData\Local\{CBF101D8-2E8C-4094-8B28-257C5B48A904}
O43 - CFD: 03/11/2011 - 10:51:44 - [0] ----D- C:\Users\kristobal\AppData\Local\{CEE2A1FE-E4C2-4782-8A00-4CBF6D9293F2}
O43 - CFD: 25/10/2011 - 23:11:36 - [0] ----D- C:\Users\kristobal\AppData\Local\{D34FBCFF-1323-4CB2-92D0-00FD915B3605}
O43 - CFD: 24/10/2011 - 20:17:14 - [0] ----D- C:\Users\kristobal\AppData\Local\{DA1C56C9-7275-424F-9776-4E3ECB440DD6}
O43 - CFD: 06/11/2011 - 01:22:34 - [0] ----D- C:\Users\kristobal\AppData\Local\{DEEE2BD8-B9A3-458D-8CFE-C3A068A2AF05}
O43 - CFD: 04/11/2011 - 15:31:34 - [0] ----D- C:\Users\kristobal\AppData\Local\{E49B392D-5C0B-407C-8D09-7C4F90F9BD73}
O43 - CFD: 29/10/2011 - 09:11:38 - [0] ----D- C:\Users\kristobal\AppData\Local\{E997AE29-5E2C-4130-971F-AA704E7BEDCE}
O43 - CFD: 20/10/2011 - 08:55:46 - [0] ----D- C:\Users\kristobal\AppData\Local\{EF3EB2F4-EC4D-46A2-A962-9803E207626F}
O43 - CFD: 16/11/2011 - 09:13:16 - [0] ----D- C:\Users\kristobal\AppData\Local\{F0D53693-0523-4DB8-B58D-6DF06E7E2D58}

FirewallRAZ
EmptyFlash



Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

Clique sur le bouton GO

Copie/Colle le rapport à l'écran dans ton prochain message.

3/
* Télécharge OTM (OldTimer) sur ton Bureau

ICI >> OTM (OldTimer)
* Double clic "OTMoveIt3.exe"
* Utilisateurs Windows Vista / 7 Clic droit sur "OTMoveIt3.exe" choisis "exécuter en tant qu'administrateur" afin de le lancer.

- Copie (Ctrl+C) le texte suivant en gras ci-dessous :



:files
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
C:\Users\kristobal\AppData\Roaming\634E5
C:\Users\kristobal\AppData\Roaming\F2263
C:\Users\kristobal\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
C:\Program Files (x86)\634E5
C:\Users\kristobal\AppData\Local\Temp\AskSLib.dll

:Reg
[-HKCU\Software\Ask.com.tmp]





- Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

@+
_ _ _ Fish66_ _ _ I''"""""I_ _ membre _ _I''"""""I_ _ contributeur _ _ _
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
0
Réponse 19 / 42
kristobalc 31 Messages postés 31 Date d'inscription lundi 28 novembre 2011 Statut Membre Dernière intervention 20 janvier 2015
29 nov. 2011 à 17:45
https://pjjoint.malekal.com/files.php?id=20111129_q10v15s13d11n12
https://pjjoint.malekal.com/files.php?id=20111129_e9w15j15p7z11
0
Réponse 20 / 42
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
29 nov. 2011 à 18:34
Re,

1/
Pour OTM, tu as copié les lignes demandées pour ZHPFix et non celles demandées!

Refais stp la procédure d'OTM

@+
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Virus détecté
Koony -
MisteryBean -

6 réponses
y a t'il des virus qu'avast ne detecte pas
davivid -
Utilisateur anonyme -

24 réponses
Mon ordinateur a été infecté par un virus ou
henry4002 -
jorginho67 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses