Rapport ZHDiag [Fermé]

Signaler
Messages postés
545
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
6 octobre 2017
-
Fish66
Messages postés
17499
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
26 novembre 2019
-
pouvez vous me dire se qui ne va pas , merci
Rapport de ZHPDiag v2013.3.28.105 par Nicolas Coolman, Update du 28/03/2013
Run by ThierryGr at 29/03/2013 18:58:38
State : Version à jour.
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16521
GCIE: Google Chrome v25.0.1364.172 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4090 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 236 GB (82%) free of 286 GB

---\\ Logged in mode
~ Computer Name: PC-THIERRYGR
~ User Name: ThierryGr
~ All Users Names: ThierryGr, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\ThierryGr\AppData\Roaming\
~ %Desktop% : C:\Users\ThierryGr\Desktop\
~ %Favorites% : C:\Users\ThierryGr\Favorites\
~ %LocalAppData% : C:\Users\ThierryGr\AppData\Local\
~ %StartMenu% : C:\Users\ThierryGr\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 236 Go of 286 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.27/02/2013 - 04:38:48.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.69F1D418B4C4EC23033D598E4CBC6B73] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/03/2013 - 09:56:41.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/02/2013 - 04:46:24.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.28/02/2013 - 21:14:03.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/32
~ Mes Documents (My Documents) : 1/78
~ Mon Bureau (My Desktop) : 1/646
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.B95AC0CDB8F068F0C024CD344B354298] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1274320] [PID.2908]
[MD5.D488A250019E213C8FB3B20E4DEA6D2A] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3573624] [PID.3784]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [268248] [PID.1768]
[MD5.5397E32E882C0148CEC13D9EACFB7157] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222208] [PID.1612]
[MD5.D54EAB26A6060E8A6318A947C8541B79] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6184448] [PID.776]
[MD5.0F5FAAC852DB4C340B7A2F187E3358B8] - (.Egis Technology Inc. - MyWinLocker Service.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [311592] [PID.1684]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\ThierryGr\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IDM Helper [64Bits] - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO [64Bits] - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Advanced SystemCare Browser Protection [64Bits] - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} . (.IObit - Pas de description.) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
~ BHO: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-288523959-3676502038-438742901-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\Windows\system32\SnippingTool.exe
O4 - GS\TaskBar: Veille.lnk . (...) -- ystem32\rundll32.exe (.not file.)
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: EverestPoker.fr.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\EverestPoker.fr\casino.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Poker 770.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\Poker 770\casino.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: PartyPoker.fr.lnk . (...) -- C:\Programs\PartyFrance\PartyFrance.exe
O4 - GS\QuickLaunch: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
O4 - GS\QuickLaunch: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: Sandboxie - DefaultBox.lnk . (...) -- C:\Program Files (x86)\Sandboxie\Start.exe (.not file.)
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - Global Startup: C:\Users\ThierryGr\Desktop\6 . pour plus des logiciels et astuces cliquez ici.url . (.Skype Technologies S.A. - Skype.) -- C:\Users\ThierryGr\Desktop\6 . pour plus des logiciels et astuces cliquez ici.url
O4 - GS\Desktop: Charlie Poker.lnk . (...) -- C:\Users\ThierryGr\Downloads\Programs\CharliePoker.exe
O4 - GS\Desktop: EverestPoker.fr.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\EverestPoker.fr\casino.exe
O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\Desktop: Free Alarm Clock.lnk . (.Comfort Software Group - Free Alarm Clock.) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
O4 - GS\Desktop: Partouche Poker.fr.lnk . (...) -- C:\Program Files (x86)\Partouche Poker.fr\PartouchePoker.exe
O4 - GS\Desktop: PartyPoker.fr.lnk . (...) -- C:\Programs\PartyFrance\PartyFrance.exe
O4 - GS\Desktop: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
O4 - GS\Desktop: Poker 770.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\Poker 770\casino.exe
O4 - GS\Desktop: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
O4 - GS\SendTo: SendTo - Raccourci.lnk . (...) -- C:\Users\ThierryGr\AppData\Roaming\Microsoft\Windows\SendTo
~ Global Startup: Scanned in 00mn 00s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 6 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{17A84B06-4747-48A0-8A40-55144FCDF6F0}: NameServer = 78.47.115.195,86.64.145.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{52C08618-7E1D-400D-A34C-68579460E9DD}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{17A84B06-4747-48A0-8A40-55144FCDF6F0}: NameServer = 78.47.115.195,86.64.145.143
O17 - HKLM\System\CS1\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{52C08618-7E1D-400D-A34C-68579460E9DD}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{17A84B06-4747-48A0-8A40-55144FCDF6F0}: NameServer = 78.47.115.195,86.64.145.143
O17 - HKLM\System\CS2\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{52C08618-7E1D-400D-A34C-68579460E9DD}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: MyWinLocker Service (MWLService) . (.Egis Technology Inc. - MyWinLocker Service.) - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
~ Services: 1 Legitimates Scanned in 00mn 04s



---\\ Enumération Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1070]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1074]
[MD5.5A78D672EAE975D40DE35CE6B650282B] [APT] [ASC6_PerformanceMonitor] (.IObit.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [703808]
[MD5.74660C1E9139D95F4E006E8E49EA4986] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [3273136]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.7F59E4F51DA9C9C6B29B881D8DD92400] [APT] [Burn Notification] (.Acer.) -- C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [675840]
~ Scheduled Task: Scanned in 00mn 04s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 7 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
~ Drivers: 78 Legitimates Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Bundled software uninstaller - (...) [HKLM][64Bits] -- bi_uninstaller
O42 - Logiciel: ExpressFiles - (.http://www.express-files.com/.) [HKCU][64Bits] -- ExpressFiles
O42 - Logiciel: Free Alarm Clock 2.7.0 - (.Comfort Software Group.) [HKLM][64Bits] -- {8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1
O42 - Logiciel: Hola(TM) 1.0.241 - Better Internet - (.Hola Networks Ltd..) [HKLM][64Bits] -- Hola
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: MediaMonkey 4.0 - (.Ventis Media Inc..) [HKLM][64Bits] -- MediaMonkey_is1
O42 - Logiciel: PMU Poker - (.PMU.) [HKLM][64Bits] -- PMUPoker
O42 - Logiciel: Partouche Poker.fr - (.Partouche.) [HKLM][64Bits] -- Partouche Poker.fr
O42 - Logiciel: PartyPoker.fr - (.PartyFrance.) [HKLM][64Bits] -- PartyPokerFr
O42 - Logiciel: Poker 770 - (...) [HKCU][64Bits] -- Poker 770
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr
O42 - Logiciel: Sandboxie 3.76 (64-bit) - (.SANDBOXIE L.T.D.) [HKLM][64Bits] -- Sandboxie
O42 - Logiciel: Tixati - (...) [HKLM][64Bits] -- tixati
O42 - Logiciel: UnibetFR Poker 1.0.0 - (.Unibet.) [HKLM][64Bits] -- UnibetFR Poker_is1
O42 - Logiciel: VpnOneClick - (.VpnOneClick.) [HKCU][64Bits] -- 31dfee6c296bca85
O42 - Logiciel: Winamax Poker - (.Winamax.) [HKLM][64Bits] -- wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O42 - Logiciel: Winamax Poker - (.Winamax.) [HKLM][64Bits] -- {4C7445F5-21FF-8D8B-B620-3A69444E3695}
~ Logic: 103 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BI]
[HKCU\Software\BitTorrent]
[HKCU\Software\ComfortSoftware]
[HKCU\Software\MediaMonkey]
[HKCU\Software\PMU]
[HKCU\Software\PTECH]
[HKCU\Software\Partouche Technologies]
[HKCU\Software\Partouche]
[HKCU\Software\PartyFrance]
[HKCU\Software\geissplugin]
[HKLM\Software\Wow6432Node\ExpressFiles]
[HKLM\Software\Wow6432Node\Partouche]
[HKLM\Software\cFos]
~ Key Software: 172 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/03/2013 - 01:59:02 - [0,003] ----D C:\Program Files (x86)\Driver Fusion
O43 - CFD: 04/03/2013 - 06:42:56 - [9,090] ----D C:\Program Files (x86)\ExpressFiles
O43 - CFD: 27/02/2013 - 03:33:12 - [2,712] ----D C:\Program Files (x86)\FreeAlarmClock
O43 - CFD: 07/03/2013 - 12:00:36 - [4,634] ----D C:\Program Files (x86)\GUM6490.tmp
O43 - CFD: 07/03/2013 - 11:36:36 - [4,634] ----D C:\Program Files (x86)\GUM698F.tmp
O43 - CFD: 19/03/2013 - 18:00:11 - [50,122] ----D C:\Program Files (x86)\MediaMonkey
O43 - CFD: 14/03/2013 - 18:34:54 - [135,426] ----D C:\Program Files (x86)\Partouche Poker.fr
O43 - CFD: 06/03/2013 - 06:27:14 - [70,517] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 07/03/2013 - 19:59:35 - [4,732] ----D C:\Program Files (x86)\Winamax Poker
O43 - CFD: 19/03/2013 - 17:59:59 - [0,535] ----D C:\ProgramData\MediaMonkey
O43 - CFD: 27/02/2013 - 15:25:39 - [0,000] ----D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
O43 - CFD: 26/02/2013 - 18:49:38 - [0,000] ----D C:\ProgramData\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
O43 - CFD: 27/02/2013 - 15:25:39 - [0,000] ----D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 27/02/2013 - 03:30:12 - [0] -SH-D C:\Users\ThierryGr\AppData\Roaming\.#
O43 - CFD: 14/03/2013 - 17:13:29 - [0] ----D C:\Users\ThierryGr\AppData\Roaming\.Temp_Updater_Directory
O43 - CFD: 28/02/2013 - 23:18:53 - [6,178] ----D C:\Users\ThierryGr\AppData\Roaming\1
O43 - CFD: 25/03/2013 - 01:53:49 - [0,003] ----D C:\Users\ThierryGr\AppData\Roaming\adma
O43 - CFD: 18/03/2013 - 08:50:26 - [11,071] ----D C:\Users\ThierryGr\AppData\Roaming\cef-cache
O43 - CFD: 18/03/2013 - 23:24:44 - [6,178] ----D C:\Users\ThierryGr\AppData\Roaming\CharliePoker
O43 - CFD: 04/03/2013 - 06:48:10 - [0,008] ----D C:\Users\ThierryGr\AppData\Roaming\ExpressFiles
O43 - CFD: 28/03/2013 - 02:20:40 - [1,721] ----D C:\Users\ThierryGr\AppData\Roaming\MediaMonkey
O43 - CFD: 19/03/2013 - 16:00:09 - [13,624] ----D C:\Users\ThierryGr\AppData\Roaming\OpenCandy
O43 - CFD: 18/03/2013 - 08:50:13 - [0,001] ----D C:\Users\ThierryGr\AppData\Roaming\PartyFrance
O43 - CFD: 28/02/2013 - 13:23:56 - [0] ----D C:\Users\ThierryGr\AppData\Roaming\PDAppFlex
O43 - CFD: 07/03/2013 - 17:20:44 - [0,001] ----D C:\Users\ThierryGr\AppData\Roaming\PMU
O43 - CFD: 24/03/2013 - 09:34:18 - [0,695] ----D C:\Users\ThierryGr\AppData\Roaming\tixati
O43 - CFD: 25/03/2013 - 01:08:16 - [0,001] ----D C:\Users\ThierryGr\AppData\Local\BACS
O43 - CFD: 26/02/2013 - 22:19:00 - [0,214] ----D C:\Users\ThierryGr\AppData\Local\Bundled software uninstaller
O43 - CFD: 19/03/2013 - 18:14:52 - [0] ----D C:\Users\ThierryGr\AppData\Local\MediaMonkey
O43 - CFD: 28/02/2013 - 01:40:33 - [0,151] ----D C:\Users\ThierryGr\AppData\Local\P5
O43 - CFD: 27/02/2013 - 18:44:18 - [0,000] ----D C:\Users\ThierryGr\AppData\Local\Partouche Technologies
O43 - CFD: 25/03/2013 - 19:19:11 - [3,255] ----D C:\Users\ThierryGr\AppData\Local\PokerStars.FR
O43 - CFD: 06/03/2013 - 06:25:48 - [0,003] ----D C:\Users\ThierryGr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.FR
O43 - CFD: 04/03/2013 - 06:33:36 - [0,001] ----D C:\Users\ThierryGr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
O43 - CFD: 27/02/2013 - 23:45:59 - [0,000] ----D C:\Users\ThierryGr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VpnOneClick
~ Program Folder: 193 Legitimates Scanned in 00mn 24s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D99ECBC985B621682AEA20CE3E1620C0] - 26/03/2013 - 22:47:58 ---A- . (...) -- C:\AdwCleaner[R10].txt [1845]
O44 - LFC:[MD5.E92772058A3F40B568789D6C53FD350B] - 26/03/2013 - 19:33:57 ---A- . (...) -- C:\AdwCleaner[R9].txt [1784]
O44 - LFC:[MD5.B235883236189ECF02860EECEDF5D88A] - 25/03/2013 - 20:16:29 RSHAD . (.Hola Networks Ltd. - Hola Network Adapter.) -- C:\Windows\System32\Drivers\hola_net.sys [86512]
O44 - LFC:[MD5.02B4CBF7C17A164E28173F461E16C511] - 25/03/2013 - 20:16:29 RSHAD . (.Hola Networks Ltd. - Hola Network Management Driver.) -- C:\Windows\System32\Drivers\hola_drv.sys [570480]
O44 - LFC:[MD5.91855D950C56B1CF4CCA15F212ADB672] - 25/03/2013 - 20:16:29 RSHAD . (.Hola Networks Ltd. - Hola Network Monitor Driver.) -- C:\Windows\System32\Drivers\hola_mon_drv.sys [86256]
O44 - LFC:[MD5.D84F5E8901FCABA3495FB3F40A4960A4] - 25/03/2013 - 05:12:17 ---A- . (...) -- C:\AdwCleaner[R8].txt [1582]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 24/03/2013 - 09:56:41 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 24/03/2013 - 09:56:41 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.F5C7EAE8B2247F40F7B8B600072D667B] - 22/03/2013 - 19:31:18 ---A- . (...) -- C:\AdwCleaner[R7].txt [1521]
O44 - LFC:[MD5.551B4A8BCEAE93CC5EF1B2A8653B0364] - 22/03/2013 - 18:53:36 ---A- . (...) -- C:\Windows\Sandboxie.ini [1612]
O44 - LFC:[MD5.A55BD908C70E528237D9642AE7F6A271] - 19/03/2013 - 15:33:01 ---A- . (...) -- C:\AdwCleaner[R6].txt [1388]
O44 - LFC:[MD5.3D384E18A0C7FCB605D13E1E46BF862A] - 17/03/2013 - 13:08:36 ---A- . (...) -- C:\AdwCleaner[R5].txt [1339]
O44 - LFC:[MD5.A7C6FDA563AB8295B649DD416CDF3AD6] - 15/03/2013 - 04:32:25 ---A- . (...) -- C:\AdwCleaner[R4].txt [1278]
O44 - LFC:[MD5.A41EBAA9418FBA438375380C35E59AD9] - 07/03/2013 - 10:34:52 ---A- . (...) -- C:\Windows\win.ini [419]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/03/2013 - 14:11:45 RSHAD . (...) -- C:\Windows\System32\Drivers\Msft_Kernel_androidusb_01009.Wdf [0]
O44 - LFC:[MD5.D6FCCE1CC439D6E3238393F1E34C48D2] - 05/03/2013 - 14:44:39 ---A- . (...) -- C:\AdwCleaner[S3].txt [3857]
O44 - LFC:[MD5.B85BF5AE9DE91AFF40F072554A219650] - 05/03/2013 - 10:33:02 ---A- . (...) -- C:\AdwCleaner[R3].txt [3755]
O44 - LFC:[MD5.1EB47301104C576B7B77AC07F6982631] - 03/03/2013 - 11:09:20 ---A- . (...) -- C:\AdwCleaner[R2].txt [1146]
O44 - LFC:[MD5.99D120F8E107AD2437E75DFA0EF8B714] - 03/03/2013 - 07:50:12 ---A- . (...) -- C:\AdwCleaner[S2].txt [25989]
O44 - LFC:[MD5.C87DAD3F7B698D2865FE4154E1623459] - 03/03/2013 - 07:49:44 ---A- . (...) -- C:\AdwCleaner[R1].txt [25787]
O44 - LFC:[MD5.9A67F4489F341AFFDC92D7926A8B3299] - 03/03/2013 - 04:23:19 ---A- . (...) -- C:\AdwCleaner[S1].txt [3218]
O44 - LFC:[MD5.DD72849FE94E6F49732E1E9A6484FBAF] - 28/02/2013 - 23:50:31 ---A- . (.Microsoft - Filtre du convertisseur RDP (redirecteur).) -- C:\Windows\SysNative\DShowRdpFilter.dll [281600]
O44 - LFC:[MD5.DD72849FE94E6F49732E1E9A6484FBAF] - 28/02/2013 - 23:50:31 ---A- . (.Microsoft - Filtre du convertisseur RDP (redirecteur).) -- C:\Windows\System32\DShowRdpFilter.dll [281600]
O44 - LFC:[MD5.0A551CCDEF9D6F99A008B5B075354650] - 28/02/2013 - 23:50:04 ---A- . (.Microsoft - robocopy.) -- C:\Windows\SysNative\Robocopy.exe [128000]
O44 - LFC:[MD5.0A551CCDEF9D6F99A008B5B075354650] - 28/02/2013 - 23:50:04 ---A- . (.Microsoft - robocopy.) -- C:\Windows\System32\Robocopy.exe [128000]
O44 - LFC:[MD5.345BC7CADBE91E78B52497EF3B0D910B] - 28/02/2013 - 23:47:57 ---A- . (.Windows (R) Codename Longhorn DDK provider - Services de gestion des polices.) -- C:\Windows\SysNative\fms.dll [116224]
O44 - LFC:[MD5.345BC7CADBE91E78B52497EF3B0D910B] - 28/02/2013 - 23:47:57 ---A- . (.Windows (R) Codename Longhorn DDK provider - Services de gestion des polices.) -- C:\Windows\System32\fms.dll [116224]
O44 - LFC:[MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - 28/02/2013 - 23:47:03 RSHAD . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\Drivers\HpSAMD.sys [78720]
O44 - LFC:[MD5.1153AC6E133AA849853DFD407B086B80] - 28/02/2013 - 21:19:04 ---A- . (...) -- C:\Windows\SysNative\locale.nls [420064]
O44 - LFC:[MD5.1153AC6E133AA849853DFD407B086B80] - 28/02/2013 - 21:19:04 ---A- . (...) -- C:\Windows\System32\locale.nls [420064]
O44 - LFC:[MD5.A2E0F1E01A0983E9C94565BBEC862BF7] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification COB-AU.) -- C:\Windows\SysNative\cob-au.rs [40960]
O44 - LFC:[MD5.A2E0F1E01A0983E9C94565BBEC862BF7] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification COB-AU.) -- C:\Windows\System32\cob-au.rs [40960]
O44 - LFC:[MD5.65A8302C7551CFE45FAA2BC085C9E7E2] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification DJCTQ.) -- C:\Windows\SysNative\djctq.rs [15360]
O44 - LFC:[MD5.65A8302C7551CFE45FAA2BC085C9E7E2] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification DJCTQ.) -- C:\Windows\System32\djctq.rs [15360]
O44 - LFC:[MD5.54B11BB2AFBC3D5EBA9C96F0C1820B9B] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification FPB.) -- C:\Windows\SysNative\fpb.rs [46592]
O44 - LFC:[MD5.54B11BB2AFBC3D5EBA9C96F0C1820B9B] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification FPB.) -- C:\Windows\System32\fpb.rs [46592]
O44 - LFC:[MD5.997938D423CE830161CB6059434E3C9F] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification OFLC-NZ.) -- C:\Windows\SysNative\oflc-nz.rs [45568]
O44 - LFC:[MD5.997938D423CE830161CB6059434E3C9F] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification OFLC-NZ.) -- C:\Windows\System32\oflc-nz.rs [45568]
O44 - LFC:[MD5.933222B19FF3E7EA5F65517EA1F7D57E] - 28/02/2013 - 21:15:49 RSHAD . (...) -- C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [3]
O44 - LFC:[MD5.933222B19FF3E7EA5F65517EA1F7D57E] - 28/02/2013 - 21:15:30 RSHAD . (...) -- C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [3]
O44 - LFC:[MD5.018423F8F2FB945B039A16D05F3B1D50] - 19/06/2012 - 13:31:00 RSHAD . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [293889]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 10/11/2010 - 02:48:34 ---A- . (...) -- C:\Windows\SysNative\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 10/11/2010 - 02:48:34 RSHAD . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 05/11/2010 - 03:20:53 ---A- . (...) -- C:\Windows\SysNative\systemsf.ebd [347904]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 05/11/2010 - 03:20:53 RSHAD . (...) -- C:\Windows\System32\systemsf.ebd [347904]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 05/11/2010 - 03:20:45 ---A- . (...) -- C:\Windows\SysNative\RacRules.xml [105559]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 05/11/2010 - 03:20:45 ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559]
~ Files: 1831 Legitimates Scanned in 01mn 07s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 8 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Advanced SystemCare 6 [Key] . (.IObit - ASCTray.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
O53 - SMSR:HKLM\...\startupreg\IDMan [Key] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O53 - SMSR:HKLM\...\startupreg\MSC [Key] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O53 - SMSR:HKLM\...\startupreg\NoIE4StubProcessing [Key] . (.Microsoft Corporation - Outil de Registre de la console.) -- C:\Windows\system32\reg.exe
~ SMSR Keys: 5 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoInternetOpenWith"=1
~ Keys: Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.D5BCB77BE83CF99F508943945D46343D] - 26/03/2009 - 20:16:08 ---A- . (.Dritek System Inc. - Dritek 64-bit PS/2 Keyboard Filter Driver.) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys [25608]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 25/03/2013 - C:\Windows\System32\DRIVERS\hola_drv.sys (hola-drv) .(.Hola Networks Ltd. - Hola Network Management Driver.) - LEGACY_HOLA-DRV
O64 - Services: CurCS - 25/03/2013 - C:\Windows\System32\DRIVERS\hola_mon_drv.sys (hola-mon-drv) .(.Hola Networks Ltd. - Hola Network Monitor Driver.) - LEGACY_HOLA-MON-DRV
O64 - Services: CurCS - 16/12/2012 - C:\Program Files\Sandboxie\SbieDrv.sys (SbieDrv) .(.SANDBOXIE L.T.D - Sandboxie Kernel Mode Driver.) - LEGACY_SBIEDRV
~ Legacy: 82 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.62B7C506B092D460898F3296DA94B728] [SPRF][18/07/2009] (.Oberon Media - FullRemove.) -- C:\ProgramData\FullRemove.exe [36136]
[MD5.0E0045E0BE24AADE596C83E52D58F683] [SPRF][29/03/2013] (...) -- C:\Users\ThierryGr\AppData\Local\Temp\~gu-ver.dat [116]
[MD5.E12994628BCFA505B4C21EFFF18F1FCB] [SPRF][18/03/2013] (.France Telecom - DSLtest.) -- C:\Users\ThierryGr\Desktop\DSLtest2105.exe [1551872]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{42F0998B-EDE0-4932-B35A-64B8E6FF4BFB}" | In - None - P6 - TRUE | .(.Acer Incorporated - Acer Arcade Deluxe.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
O87 - FAEL: "{FAFA97D6-AD3A-4AD6-BC93-3C1777A6BE8A}" | In - None - P6 - TRUE | .(.Acer Corp. - Acer Arcade Deluxe PlayMovie.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
O87 - FAEL: "{012851C1-A837-4E95-8930-94B3EF610700}" | In - None - P6 - TRUE | .(.Acer Corp. - Acer Arcade Deluxe PlayMovie Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
O87 - FAEL: "{F225FA05-9897-4EF1-9C2E-1CB07862F482}" | In - None - P6 - TRUE | .(.Acer Incorporated - Acer HomeMedia.) -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
O87 - FAEL: "TCP Query User{64E5982C-C5DD-4F17-B97B-CCA46632B38E}C:\program files\tixati\tixati.exe" | In - Private - P6 - TRUE | .(.Tixati Software Inc. - Tixati.) -- C:\program files\tixati\tixati.exe
O87 - FAEL: "UDP Query User{7D23861D-D432-4D0B-B921-32F4ED670AED}C:\program files\tixati\tixati.exe" | In - Private - P17 - TRUE | .(.Tixati Software Inc. - Tixati.) -- C:\program files\tixati\tixati.exe
O87 - FAEL: "{0014639D-70DF-4658-8876-E27E70AF36D3}" | In - Private - P6 - TRUE | .(.http://www.express-files.com/ - ExpressDL Application.) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe
O87 - FAEL: "{3123EA61-96B9-42EF-80A5-EDC51818EAED}" | In - Private - P17 - TRUE | .(.http://www.express-files.com/ - ExpressDL Application.) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe
O87 - FAEL: "{F5F585D8-8AD5-4AE7-8E79-140213B5816F}" | In - Private - P6 - TRUE | .(.http://www.express-files.com/ - ExpressFiles Application.) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
O87 - FAEL: "{49C27F38-BE4C-4EA6-9CD5-D34BF469CE6A}" | In - Private - P17 - TRUE | .(.http://www.express-files.com/ - ExpressFiles Application.) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
O87 - FAEL: "{6FC0CAE8-58FD-4BEE-916E-FFE6D6E5934E}" | In - Private - P6 - TRUE | .(.Hola Networks Ltd. - Hola Service.) -- C:\Program Files\Hola\app\hola_svc.exe
O87 - FAEL: "{2A28CE90-183F-454B-9C23-6FA07687439C}" | In - Private - P17 - TRUE | .(.Hola Networks Ltd. - Hola Service.) -- C:\Program Files\Hola\app\hola_svc.exe
~ Firewall: 151 Legitimates Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : v2.11334 - (28/03/2013)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKCU\Software\PartyFrance] =>Casino.OnlineGames
[HKCU\Software\poker 770] =>Adware.Casino
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] =>Adware.MegaSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
C:\Users\ThierryGr\AppData\Roaming\OpenCandy =>Adware.OpenCandy
C:\Users\ThierryGr\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch
~ Additionnel: Scanned in 00mn 14s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "9EC6D81181F59F2459A84176A626F9ED" . (.Iminent.) -- C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}\imbooster.ico
~ Update Products: 82 Legitimates Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 15/01/2013 465216 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
SS - | Disabled 28/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SS - | Disabled 02/07/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Disabled 02/08/2012 204288 | (BrcmMgmtAgent) . (.Broadcom Corporation.) - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
SS - | Disabled 05/08/2009 844320 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SS - | Disabled 26/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 26/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 26/02/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 25/03/2013 5309552 | (hola_svc) . (.Hola Networks Ltd..) - C:\Program Files\Hola\app\hola_svc.exe
SS - | Disabled 25/03/2013 5309552 | (hola_updater) . (.Hola Networks Ltd..) - C:\Program Files\Hola\app\hola_updater.exe
SS - | Disabled 11/12/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 07/08/2009 311592 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
SS - | Disabled 21/08/2009 62720 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
SS - | Disabled 18/06/2009 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
SS - | Disabled 18/06/2009 144640 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
SS - | Disabled 16/12/2012 123664 | (SbieSvc) . (.SANDBOXIE L.T.D.) - C:\Program Files\Sandboxie\SbieSvc.exe
SS - | Disabled 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s



End of the scan (647 lines in 02mn 30s)(0)

6 réponses

Messages postés
17499
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
26 novembre 2019
1 297
Bonsoir,
Télécharge AdwCleaner (merci à Xplode)

Lance AdwCleaner

Clique sur le bouton [ Suppression ]

Patiente...

Poste le rapport qui apparait en fin de recherche.

(Le rapport est sauvegardé aussi sous C:\ AdwCleaner[SX].Txt)
Messages postés
545
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
6 octobre 2017
49
j ai déjà ce logiciel , je l ai executer et il n a rien trouvé
Messages postés
17499
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
26 novembre 2019
1 297
Bonjour,

Poste alors le rapport stp
Messages postés
545
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
6 octobre 2017
49
# AdwCleaner v2.115 - Rapport créé le 30/03/2013 à 12:58:00
# Mis à jour le 17/03/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : ThierryGr - PC-THIERRYGR
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\ThierryGr\Desktop\Sécurité\AdwCleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Navigateurs] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v25.0.1364.172

Fichier : C:\Users\ThierryGr\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.
Messages postés
17499
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
26 novembre 2019
1 297
1/
Désinstalle le logiciel: Poker 770

2/
=> Copie tout le texte présent en gras ci-dessous (Sélectionne-le, clique droit dessus et choisis "Copier").




[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
O42 - Logiciel: Poker 770 - (...) [HKCU][64Bits] -- Poker 770
O43 - CFD: 19/03/2013 - 16:00:09 - [13,624] ----D C:\Users\ThierryGr\AppData\Roaming\OpenCandy
[MD5.62B7C506B092D460898F3296DA94B728] [SPRF][18/07/2009] (.Oberon Media - FullRemove.) -- C:\ProgramData\FullRemove.exe
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C] => Infection PUP (Adware.IMBooster)
[HKCU\Software\PartyFrance] => Casino.OnlineGames
[HKCU\Software\poker 770] => Infection BT (Adware.Casino)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] => Bing Search
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] => Bing Search
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] => Bing Search
[HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED]
[HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED]
[HKLM\Software\Wow6432Node\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED]
[HKLM\Software\Wow6432Node\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED]
C:\Users\ThierryGr\AppData\Roaming\OpenCandy => Infection PUP (Adware.OpenCandy)
C:\Users\ThierryGr\AppData\Local\Bundled software uninstaller
O90 - PUC: "9EC6D81181F59F2459A84176A626F9ED" . (.Iminent.) -- C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}\imbooster.ico => Infection PUP (Adware.IMBooster)
O4 - GS\Programs: EverestPoker.fr.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\EverestPoker.fr\casino.exe





=> Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.

(Sous Vista/Win7, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur)

=> Une fois ZHPFix ouvert, clique sur le bouton "Coller le presse-papier".

=> Dans l'encadré principal, tu verras donc les lignes que tu as copié précédemment apparaître. Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

=> Clique sur "GO" pour lancer le nettoyage. Laisse l'outil travailler et ne touche à rien.

=> Une fois terminé, copie-colle le rapport dans ton prochain message.

=========================================

Aide : <<< ZHPFix ICI >>>

3/
/!\ ATTENTION : cette analyse peut durer quelques heures /!\

* Télécharge MBAM et installe le selon l'emplacement par défaut

http://www.malwarebytes.org/mwb-download.php

* Installe-le puis configure-le comme indiqué : <<< ICI >>>

* si tu n'as rien modifié fais directement quitter sinon enregistrer

* Lance Malwarebytes' Anti-Malware

=================================

Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.

==> Ce logiciel gratuit est à garder.

=================================

* Fais la mise à jour

* Clique dans l'onglet "Recherche"

* Coche l'option "Exécuter un examen complet" puis sur le bouton "Rechercher"

* Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"

A la fin de l'analyse, si MBAM n'a rien trouvé :

* Clique sur OK, le rapport s'ouvre spontanément

Si des menaces ont été détectées :

* Clique sur OK puis "Afficher les résultats"

*Vérifie que toutes les lignes sont cochées

* Choisis l'option "Supprimer la sélection"

* Si MBAM demande le redémarrage de Windows : Clique sur "Oui"

* Le rapport s'ouvre automatiquement après la suppression, il se trouve aussi dans l'onglet "Rapports/Logs"

* Copie/colle le rapport dans le prochain message

Remarque :

- S'il y'a un problème de mise à jour de mbam, tu peux la faire manuellement en téléchargeant ce fichier puis en l'exécutant.
Messages postés
545
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
6 octobre 2017
49
merci de ta réponse , mais pourquoi desinstaller poker 770 ? c'est un logiciel de poker avec lequel je joue
Fish66
Messages postés
17499
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
26 novembre 2019
1 297
Je te conseille de le désinstaller, c'est une arnaque et il provoque des problèmes de ralentissement,..
Tu peux lire : ce sujet