Sujet Précédent Sujet Suivant

Rapports malwarebytes et ZHPDIAG

Fermé
vreilranoemie - 30 janv. 2014 à 14:40
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 9 févr. 2014 à 12:03
Bonjour,

Tout d'abord je tiens à préciser que, le scan de MalwareBytes a bien été pris en compte, sauf que lors de la suppression des fichiers malveillants trouvés, le logiciel ne répondez plus et j'ai dû re-démarrer mon pc. Une fois re-démarrer, le même problème persister... est-ce un problème?

Néanmoins j'ai réussi à rélever les rapports de malwarebytes et ZHPDIAG (ci-dessous), qu'est-ce que vous me conseillez s'il vous plait?

1) RAPPORT MALWAREBYTES :

2014/01/30 12:15:45 +0100 PC-DE-RAKOTO RAKOTO MESSAGE Starting protection
2014/01/30 12:15:45 +0100 PC-DE-RAKOTO RAKOTO MESSAGE Protection started successfully
2014/01/30 12:15:45 +0100 PC-DE-RAKOTO RAKOTO MESSAGE Starting IP protection
2014/01/30 12:16:23 +0100 PC-DE-RAKOTO RAKOTO MESSAGE IP Protection started successfully
2014/01/30 12:16:31 +0100 PC-DE-RAKOTO RAKOTO MESSAGE Starting database refresh
2014/01/30 12:16:31 +0100 PC-DE-RAKOTO RAKOTO MESSAGE Stopping IP protection
2014/01/30 12:16:33 +0100 PC-DE-RAKOTO RAKOTO MESSAGE IP Protection stopped successfully
2014/01/30 12:16:38 +0100 PC-DE-RAKOTO RAKOTO MESSAGE Database refreshed successfully
2014/01/30 12:16:38 +0100 PC-DE-RAKOTO RAKOTO MESSAGE Starting IP protection
2014/01/30 12:16:50 +0100 PC-DE-RAKOTO RAKOTO MESSAGE IP Protection started successfully
2014/01/30 13:17:29 +0100 PC-DE-RAKOTO (null) MESSAGE Starting protection
2014/01/30 13:17:29 +0100 PC-DE-RAKOTO (null) MESSAGE Protection started successfully
2014/01/30 13:17:29 +0100 PC-DE-RAKOTO (null) MESSAGE Starting IP protection
2014/01/30 13:17:37 +0100 PC-DE-RAKOTO (null) MESSAGE IP Protection started successfully


2) RAPPORT ZHPDIAG :

~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par RAKOTO (30/01/2014 14:01:57)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v32.0.1700.102 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Basic, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 8QXTR
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v7.0.1466.0
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus v3.8.130.10

---\\ Logiciels d'optimisation du système
CCleaner v3.16 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 10 ActiveX
Adobe Reader 9 - Français

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 107 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2813 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 1 GB (0%) free of 143 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-RAKOTO
~ User Name: RAKOTO
~ All Users Names: UpdatusUser, RAKOTO, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\RAKOTO\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\RAKOTO\AppData\Roaming\
~ %Desktop% : C:\Users\RAKOTO\Desktop\
~ %Favorites% : C:\Users\RAKOTO\Favorites\
~ %LocalAppData% : C:\Users\RAKOTO\AppData\Local\
~ %StartMenu% : C:\Users\RAKOTO\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 1 Go of 143 Go)
D: Hard drive, Flash drive, Thumb drive (Free 144 Go of 145 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 6 Go)
G: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.4CC9DF09C3D915BA0A101A11DB684F26] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/11/2013 - 23:42:41.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/316
~ Mes musiques (My Musics) : 1/312
~ Mes Videos (My Videos) : 1/2
~ Mes Documents (My Documents) : 1/1030
~ Mon Bureau (My Desktop) : 1/5435
~ Menu demarrer (Programs) : 1/62
~ Hidden Files: Scanned in 00mn 06s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2148]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3272]
[MD5.B776DFE408E415AA901030C022EEB7DA] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821472] [PID.3720]
[MD5.8419248D3F16873230A82D55053445E5] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [6144000] [PID.3240]
[MD5.693580DFFC1949FD5FDAF39D181521B1] - (.Team H2O - Team H2O CLEDX.) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe [200069] [PID.156]
[MD5.AF409A10409440972E78BDB1BAF02A3D] - (.Pas de propriétaire - Wireless net configuration UI.) -- C:\Program Files\Sweex\LW153\UI.exe [1183744] [PID.2148]
[MD5.BAD0D303EF0A519409C625738F3E10A3] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4282728] [PID.3868]
[MD5.270B6BFFDE7A8199DFEB9735BBB1918F] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\RAKOTO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968] [PID.2764]
[MD5.28EB3329341AE1260083A372477A9622] - (.Spotify Ltd - Spotify.) -- C:\Users\RAKOTO\AppData\Roaming\Spotify\spotify.exe [6118400] [PID.296]
[MD5.D3D4BD94434A9CB4B35E82283EAE8EFB] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe [273296] [PID.3344]
[MD5.CC5281D750AE952A5E3ACCA451C77653] - (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files\MyPC Backup\MyPC Backup.exe [1945128] [PID.1268] =>PUP.MyPCBackup
[MD5.5C3A2B6200D29878A268017ADCDA5AE7] - (...) -- C:\Users\RAKOTO\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [603648] [PID.5436]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4356]
[MD5.85A5DB9C8DEFDDE941EC121ADB5B3175] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [2744960] [PID.5576]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.4524]
[MD5.31B8835B003CAA6D31BEAD83DDBF98E5] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.8.) -- C:\Windows\system32\nvvsvc.exe [634656] [PID.972]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1380]
[MD5.1ED58DA041A992EEEC934290508B6B71] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [865056] [PID.1496]
[MD5.04AC21E821F259845BD7367CEE057290] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808] [PID.1868]
[MD5.2E3E53A6AEF23E24F402C7855B9B1542] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [144176] [PID.776]
[MD5.17023C57A820B5CD411B90C1C772E030] - (.Just Develop It - Backup Stack.) -- C:\Program Files\MyPC Backup\BackupStack.exe [32808] [PID.992] =>PUP.MyPCBackup
[MD5.5AB58C337AC65837FE404462AD6265AB] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [345376] [PID.1220]
[MD5.4D06D9A26227AC485305133916888DF1] - (.Pas de propriétaire - Acer Empowering Technology Framework Servic.) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576] [PID.1520]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.224]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2132]
[MD5.06A49B7BDC36CFBF97DD90804F833369] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024] [PID.2332]
[MD5.A1545B731579895D8CC44FC0481C1192] - (.Microsoft Corporation - Service de la passerelle de la couche Appli.) -- C:\Windows\System32\alg.exe [59392] [PID.4052]
[MD5.0629259E3AF6BB0534FCECA208973404] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856] [PID.5628]
[MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904] [PID.5792]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\RAKOTO\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.certified-toolbar.com =>PUP.CertifiedToolbar
G0 - GCSP: Preference [User Data\Default][HomePage] about:newtab?source=home
G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.5.2 (Désactivé) =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [npgpgjiajblpbldjkelafjjhfjcddlba] HomeTab v.5.6, (Activé) =>PUP.CertifiedToolbar
~ Google Browser: 12 Legitimates Filtered in 00mn 47s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\1uhg3era.default\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\1uhg3era.default\user.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_211644\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_211644\user.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_363969\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_395134\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_396583\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_493975\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_543699\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_605140\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_667447\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_711406\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_76029\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_777407\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_809658\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_83090\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_863789\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_926804\prefs.js
C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_976040\prefs.js
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\1uhg3era.default\searchplugins\babylon.xml =>PUP.Babylon
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\1uhg3era.default\searchplugins\conduit.xml
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\1uhg3era.default\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_211644\searchplugins\babylon.xml =>PUP.Babylon
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_211644\searchplugins\conduit.xml
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_211644\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_363969\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_395134\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_396583\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_493975\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_543699\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_605140\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_667447\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_711406\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_76029\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_777407\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_809658\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_83090\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_863789\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_926804\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_976040\searchplugins\Web Search.xml =>Parasite.Pugi
M3 - MFPP: Plugins - [RAKOTO] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>PUP.Babylon
M3 - MFPP: Plugins - [RAKOTO] -- C:\Program Files\Mozilla FireFox\searchplugins\Web Search.xml =>Parasite.Pugi
M2 - MFEP: prefs.js [RAKOTO - 1uhg3era.default\***@***] [] Delta Toolbar v1.5.0 (..) =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [RAKOTO - 1uhg3era.default\{65093ada-5318-4c6c-8e13-43cf81c389e8}] [] Yahoo Community Smartbar v1.2.1 (..) =>Hijacker.SmartBar
M2 - MFEP: prefs.js [RAKOTO - 1uhg3era.default\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [] DVDVideoSoftTB Community Toolbar v3.21.0.1 (..)
M2 - MFEP: prefs.js [RAKOTO - 1uhg3era.default\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - 1uhg3era.default\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}] [] DealPly v2.0 (..) =>PUP.DealPly
M2 - MFEP: prefs.js [RAKOTO - Solo_211644\***@***] [] Delta Toolbar v1.5.0 (..) =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [RAKOTO - Solo_211644\{65093ada-5318-4c6c-8e13-43cf81c389e8}] [] Yahoo Community Smartbar v1.2.1 (..) =>Hijacker.SmartBar
M2 - MFEP: prefs.js [RAKOTO - Solo_211644\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [] DVDVideoSoftTB Community Toolbar v3.20.0.3 (..)
M2 - MFEP: prefs.js [RAKOTO - Solo_211644\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_211644\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}] [] DealPly v2.0 (..) =>PUP.DealPly
M2 - MFEP: prefs.js [RAKOTO - Solo_363969\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_395134\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_396583\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_493975\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_543699\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_605140\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_667447\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_711406\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_76029\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_777407\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_809658\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_83090\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_863789\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_926804\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
M2 - MFEP: prefs.js [RAKOTO - Solo_976040\{9c72a7f0-9ced-4876-80b8-2cebdc068f07}] [] HomeTab v5.6 (..) =>PUP.CertifiedToolbar
~ Firefox Browser: 365 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:56847 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 43



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} . (.SimplyGen - Complitly - Helps you search the web.) -- C:\Users\RAKOTO\AppData\Roaming\Complitly\Complitly.dll =>Adware.PredictAd
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Yahoo Community Smartbar (by Linkury) - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>Hijacker.SmartBar
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Advanced System Protector.lnk . (...) -- C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe (.not file.) =>PUP.AdvancedSystemProtector
O4 - GS\Desktop [Public]: Free mp3 Wma Converter.lnk . (...) -- C:\Users\RAKOTO\Downloads\FreeMp3WmaConverterSetup-r0-n-bf.exe (.not file.)
O4 - GS\Desktop [Public]: Freemake Audio Converter.lnk . (.Freemake - Freemake Audio Converter.) -- C:\Program Files\Freemake\Freemake Audio Converter\FreemakeAudioConverter.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Launch iStream.exe.lnk . (.Acresso Software Inc. - InstallShield.) -- C:\Windows\Installer\{F7CAF5FC-BB46-4F80-BC70-7EB1E67AD7D0}\iStream.exe1_4B9C550B587B4A408026108D76FB32C2.exe
O4 - GS\Desktop [Public]: Launch JSC.exe.lnk . (.Acresso Software Inc. - InstallShield.) -- C:\Windows\Installer\{F7CAF5FC-BB46-4F80-BC70-7EB1E67AD7D0}\JSC.exe1_97465CA95D5F44478F8AA6FBA3EAD33D.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Sweex Wireless LAN.lnk . (...) -- C:\Program Files\Sweex\LW153\UI.exe
O4 - GS\Desktop [Public]: Virtual CloneDrive.lnk . (.Elaborate Bytes AG - VirtualCloneDrive Preferences.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe
O4 - GS\Desktop [Public]: X-Lite 4.lnk . (.CounterPath - X-Lite 4.) -- C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: OfferBox.lnk . (...) -- C:\Program Files\OfferBox\OfferBox.exe (.not file.) =>PUP.OfferBox
O4 - GS\QuickLaunch [UpdatusUser]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [RAKOTO]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [RAKOTO]: Internet - Raccourci.lnk - Clé orpheline
O4 - GS\QuickLaunch [RAKOTO]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [RAKOTO]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [RAKOTO]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [RAKOTO]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [RAKOTO]: Jouer (EasyBits GO).lnk . (.EasyBits Software AS - Game Organizer.) -- C:\ProgramData\Easybits GO\EasyBitsGO.exe =>.EasyBits Software AS
O4 - GS\Program [RAKOTO]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [RAKOTO]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [RAKOTO]: ASIO4ALL v2 Instruction Manual.lnk . (...) -- C:\Program Files\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf
O4 - GS\Desktop [RAKOTO]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [RAKOTO]: VirtualDJ Home FREE.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files\VirtualDJ\virtualdj_home.exe
~ Global Startup: 94 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O4 - GS\Startup [RAKOTO]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [eRecoveryService] Clé orpheline
O4 - HKLM\..\Run: [LanguageShortcut] . (.Pas de propriétaire - Language Application.) -- C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [WarReg_PopUp] . (.eMachines - WR_PopUp.) -- C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [H2O] . (.Team H2O - Team H2O CLEDX.) -- C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SWEEX Utilty] . (.Pas de propriétaire - Wireless net configuration UI.) -- C:\Program Files\Sweex\LW153\UI.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (.not file.) =>PUP.SweetIM
O4 - HKLM\..\Run: [offerbox] C:\Program Files\OfferBox\OfferBox.exe (.not file.) =>PUP.OfferBox
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [X-Lite 4] . (.CounterPath - X-Lite 4.) -- C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (.not file.) =>P2P.µTorrent
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\RAKOTO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files\Steam\Steam.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\RAKOTO\AppData\Roaming\Spotify\Spotify.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\RAKOTO\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3599547332-3928998950-2471930844-1000\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-3599547332-3928998950-2471930844-1000\..\Run: [X-Lite 4] . (.CounterPath - X-Lite 4.) -- C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe
O4 - HKUS\S-1-5-21-3599547332-3928998950-2471930844-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3599547332-3928998950-2471930844-1000\..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (.not file.) =>P2P.µTorrent
O4 - HKUS\S-1-5-21-3599547332-3928998950-2471930844-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\RAKOTO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-3599547332-3928998950-2471930844-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files\Steam\Steam.exe
O4 - HKUS\S-1-5-21-3599547332-3928998950-2471930844-1000\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
O4 - HKUS\S-1-5-21-3599547332-3928998950-2471930844-1000\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\RAKOTO\AppData\Roaming\Spotify\Spotify.exe
O4 - HKUS\S-1-5-21-3599547332-3928998950-2471930844-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\RAKOTO\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E38947E4-A2A7-40BA-B57C-9BC41B63B78D}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{450AD1AE-1572-43A9-8972-2E416609ED5F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{E38947E4-A2A7-40BA-B57C-9BC41B63B78D}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{450AD1AE-1572-43A9-8972-2E416609ED5F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{E38947E4-A2A7-40BA-B57C-9BC41B63B78D}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{E38947E4-A2A7-40BA-B57C-9BC41B63B78D}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Google - Google Desktop.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
~ Services: 11 Legitimates Filtered in 00mn 10s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Advanced System Protector] (...) -- C:\Program Files\RegClean Pro\SystweakASP.exe (.not file.) [0] =>PUP.AdvancedSystemProtector
[MD5.00000000000000000000000000000000] [APT] [Advanced System Protector_startup] (...) -- C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe (.not file.) [0] =>PUP.AdvancedSystemProtector
[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\RAKOTO\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files\DealPly\DealPlyUpdate.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [{62E95D01-0D51-46F4-80E0-177EAB1B9265}] (...) -- C:\Users\RAKOTO\Desktop\7z465.exe (.not file.) [0]
[MD5.396740474AD80B8B17C2339BEA3A2D1C] [APT] [Protected Search] (...) -- C:\Program Files\HomeTab\ProtectedSearch.exe [89160] =>PUP.CertifiedToolbar
[MD5.69DDDDF1A9E46CF47CABD3962F6441DF] [APT] [SystemSockets] (...) -- C:\Program Files\HomeTab\SystemSockets.exe [36936] =>PUP.CertifiedToolbar
~ Scheduled Task: 25 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: Complitly - (.Complitly.) [HKLM] -- {4FFBB818-B13C-11E0-931D-B2664824019B}_is1 =>Adware.PredictAd
O42 - Logiciel: DealPly - (.DealPly.) [HKLM] -- DealPly =>PUP.DealPly
O42 - Logiciel: JSC HD - (.Nom de votre société.) [HKLM] -- {F7CAF5FC-BB46-4F80-BC70-7EB1E67AD7D0}
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM] -- MyPC Backup =>PUP.MyPCBackup
O42 - Logiciel: SweetIM for Messenger 3.6 - (.SweetIM Technologies Ltd..) [HKLM] -- {B85C4CB2-B352-4BD8-818C-BCE353599107} =>PUP.SweetIM
O42 - Logiciel: Yahoo Community Smartbar - (.Linkury Inc..) [HKLM] -- {9E105931-898D-457E-B175-7F422AA0A5E3} =>Hijacker.SmartBar
O42 - Logiciel: Yahoo Community Smartbar Engine - (.Linkury Inc..) [HKCU] -- {791fe6da-a582-4142-897a-d163eb45be23} =>Hijacker.SmartBar
~ Logic: 19 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5b558ddae569e445]
[HKCU\Software\APN PIP]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Complitly] =>Adware.PredictAd
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Delta]
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\5b558ddae569e445]
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Delta]
[HKLM\Software\PIP]
[HKLM\Software\SimplyGen] =>Adware.PredictAd
~ Key Software: 321 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/01/2014 - 13:13:26 - [0] ----D C:\Program Files\Advanced System Protector =>PUP.AdvancedSystemProtector
O43 - CFD: 08/08/2013 - 13:51:18 - [0] ----D C:\Program Files\Delta
O43 - CFD: 30/01/2014 - 13:13:26 - [0,416] ----D C:\Program Files\HomeTab =>PUP.CertifiedToolbar
O43 - CFD: 21/02/2012 - 18:45:36 - [0,350] ----D C:\Program Files\JSC Sport
O43 - CFD: 09/08/2013 - 21:31:22 - [28,359] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 08/08/2013 - 13:54:07 - [0,070] ----D C:\Program Files\RegClean Pro =>Rogue.RegistryPowerCleaner
O43 - CFD: 08/08/2013 - 13:50:34 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 30/01/2014 - 13:43:51 - [0] ----D C:\ProgramData\BrowserDefender =>Hijacker.Eazel
O43 - CFD: 07/01/2014 - 18:47:12 - [0,071] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 16/07/2009 - 18:54:25 - [1,294] ----D C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
O43 - CFD: 12/08/2013 - 09:06:17 - [0] ----D C:\ProgramData\?2?2-1533-40C5-AD09-953C574F14BCÄ2?2
O43 - CFD: 09/08/2013 - 21:37:40 - [0] ----D C:\ProgramData\?@?@-1533-40C5-AD09-953C574F14BCÄ@?@
O43 - CFD: 04/09/2013 - 08:26:01 - [0] ----D C:\ProgramData\?E?E-1533-40C5-AD09-953C574F14BCÄE?E
O43 - CFD: 02/09/2013 - 08:20:37 - [0] ----D C:\ProgramData\?è?è-1533-40C5-AD09-953C574F14BCÄè?è
O43 - CFD: 01/09/2013 - 18:34:55 - [0] ----D C:\ProgramData\?î?î-1533-40C5-AD09-953C574F14BCÄî?î
O43 - CFD: 11/08/2013 - 12:08:25 - [0] ----D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 12/08/2013 - 09:28:49 - [0] ----D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 12/08/2013 - 16:45:58 - [0] ----D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 02/09/2013 - 16:30:36 - [0] ----D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 10/08/2013 - 08:41:50 - [0] ----D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 09/08/2013 - 21:30:54 - [0] ----D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 15/08/2013 - 11:27:30 - [0] ----D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 14/08/2013 - 12:55:58 - [0] ----D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
O43 - CFD: 08/08/2013 - 13:51:05 - [0,974] ----D C:\Users\RAKOTO\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 08/08/2013 - 13:50:34 - [0,003] ----D C:\Users\RAKOTO\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 30/01/2014 - 13:13:26 - [0,467] ----D C:\Users\RAKOTO\AppData\Roaming\Complitly =>Adware.PredictAd
O43 - CFD: 07/02/2013 - 18:38:37 - [0] ----D C:\Users\RAKOTO\AppData\Roaming\DealPly =>PUP.DealPly
O43 - CFD: 30/01/2014 - 13:13:26 - [0] ----D C:\Users\RAKOTO\AppData\Roaming\Delta
O43 - CFD: 30/01/2014 - 13:13:26 - [0] ----D C:\Users\RAKOTO\AppData\Roaming\HomeTab =>PUP.CertifiedToolbar
O43 - CFD: 06/07/2012 - 11:15:55 - [0,440] ----D C:\Users\RAKOTO\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 16/02/2013 - 20:31:31 - [0] ----D C:\Users\RAKOTO\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 02/07/2013 - 11:02:24 - [0] ----D C:\Users\RAKOTO\AppData\Local\Smartbar =>Hijacker.SmartBar
O43 - CFD: 08/08/2013 - 13:51:35 - [0,001] ----D C:\Users\RAKOTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender =>Hijacker.Eazel
O43 - CFD: 08/08/2013 - 13:54:30 - [0,002] ----D C:\Users\RAKOTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup
~ 1191 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1478 Legitimates Filtered in 01mn 07s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/01/2014 - 13:17:23 ---A- . (...) -- C:\Windows\System32\LogConfigTemp.xml [0]
~ Files: 4 Legitimates Filtered in 00mn 08s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{8e2c3c7b-72ee-11de-8b96-001d72b620af}\AutoRun\command. (...) -- E:\Launcher.exe (.not file.)
O51 - MPSK:{9456c12c-d8df-11df-a982-001d72b620af}\AutoRun\command. (...) -- C:\Windows\system32\Start.exe (.not file.)
O51 - MPSK:{ef63a935-76bb-11dc-8982-806e6f6e6963}\AutoRun\command. (.Valve Corporation - Steam Autorun Setup.) -- F:\SETUP.exe
~ Keys: Scanned in 00mn 01s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (...) -- C:\Program Files\Skype\Phone\Skype.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (...) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe (.not file.)
~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.B53F9635457B56DCFFEF750E18AEC6CB] - 09/05/2005 - 20:08:40 ---A- . (.Team H2O - Team H2O CLEDX DevWhore.) -- C:\Windows\System32\Drivers\cledx.sys [33792]
O58 - SDL:[MD5.687AF6BB383885FF6A64071B189A7F3E] - 16/02/2013 - 20:31:33 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [242240]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.4B4A21E158C039EE0888741BFE1D24E0] - 09/04/2001 - 14:03:56 ---A- . (.Syncrosoft Hard- und Software GmbH - Internet Protection Hardware Driver.) -- C:\Windows\System32\Drivers\NSynas32.sys [17784]
O58 - SDL:[MD5.85557234B421D99C87D46E57248793F0] - 25/11/2002 - 14:46:16 ---A- . (.Syncrosoft GmbH - SynasUSB.sys.) -- C:\Windows\System32\Drivers\synasUSB.sys [16896]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:32:45 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:32:49 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.4B8A9C16B6D9258ED99C512AECB8C555] - 19/04/2010 - 19:47:42 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41984]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\1uhg3era.default\searchplugins\conduit.xml
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2269050&SearchSource=13,http://search.condui[...]
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search,DVDVideoSoftTB Customized Web Search,DVDVide[...]
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.EngineOwner", "");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 08 2011 21:55:46 GMT+0200");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 30 2011 11:27:35 GMT+0200");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.locale", "en");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 30 2011 10:50:24 GMT+0200");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.showTrayIcon", false);
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("CommunityToolbar.alert.userId", "{e65a2ee2-d31b-4e0e-80dc-1e0c2f3b1543}");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("browser.search.defaultengine", "Web Search");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("browser.search.defaultenginename", "Web Search");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("browser.search.order.1", "Web Search");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("browser.search.selectedEngine", "Web Search");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111804&tt=010712_4"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.hardId", "0cc3ae8400000000000000160a182bdd"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.id", "0cc3ae8400000000000000160a182bdd"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15527"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:15:58"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); =>PUP.Babylon
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.dfltLng", "fr");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.id", "0cc3ae8400000000000000160a182bdd");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.instlDay", "15925");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.vrsn", "1.8.22.0");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.vrsnTs", "1.8.22.014:51:19");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta.vrsni", "1.8.22.0");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta_i.babTrack", "affID=119293&tt=070813_wt3&tsp=4968");
O69 - SBI: prefs.js [RAKOTO - 1uhg3era.default] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: C:\Users\RAKOTO\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_211644\searchplugins\conduit.xml
O69 - SBI: prefs.js [RAKOTO - Solo_211644] user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2269050&SearchSource=13,http://search.condui[...]
O69 - SBI: prefs.js [RAKOTO - Solo_211644] user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search,DVDVideoSoftTB Customized Web Search,DVDVide[...]
O69 - SBI: prefs.js [RAKOTO -
A voir également:

7 réponses

Réponse 1 / 7
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
Modifié par Fish66 le 30/01/2014 à 14:47
Salut,
1/
Le rapport est incomplet, héberge le stp sur : FEC Upload ou : malekal.com
Tu peux faire ceci quand même :
2/
Télécharge : AdwCleaner (merci à Xplode)
Lance AdwCleaner
Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.
Poste le rapport qui apparait en fin de recherche.
(Le rapport est sauvegardé aussi sous C:\AdwCleaner\AdwCleaner[x].txt)
----------------------------
Pour éviter d'avoir des publicités et des toolbars, tu peux lire <<< ceci >>>

2/
Télécharge: Junkware Removal Tool à partir ce lien : https://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/

!!! Ne clique pas sur Download !!! , attends simplement que la fenetre de telechargement arrive pour confirmation

* Enregistre ce fichier sur le bureau.

* Ferme tout tes navigateurs

Sous XP, double-clique sur l'icône et presse une touche lorsque cela sera demandé.
Sous Vista/7/8, clic droit et Exécuter en temps qu'administrateur.

* NB: Le bureau disparaitra un instant, c'est normal.

* Laisse le programme travailler ne touche plus à rien

* Poste le rapport généré à la fin de l'analyse.

Tuto : http://hackinginterdit.blogspot.fr/2013/02/junkware-removal-tool.html

@+

¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
0
Réponse 2 / 7
vreilranoemie
5 févr. 2014 à 16:42
Re-bonjour,


Voici les rapports de MalwareByte, ZHPDiag, AdwCleaner et Junkware Removal Tool (ci-dessous). Que me conseillez vous s'il vous plait?

Merci d'avance !

1) RAPPORT MALWAREBYTES :

https://forums-fec.be/upload/www/?a=d&i=7520350920

2) RAPPORT ZHPDiag :

https://forums-fec.be/upload/www/?a=d&i=4588305717

3) RAPPORT AdwCleaner :

https://forums-fec.be/upload/www/?a=d&i=9818594526

4) RAPPORT Junkware Removal Tool :

https://forums-fec.be/upload/www/?a=d&i=3330880309
0
Réponse 3 / 7
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
5 févr. 2014 à 20:14
Bonsoir,
Le rapport de ADWcleaner est en mode recherche! :-)
Relance ADWCleaner, choisis "Nettoyer" puis poste le rapport stp
Bonne soirée
0
Réponse 4 / 7
vreilranoemie
7 févr. 2014 à 13:02
Bonjour,

Voici le rapport de AdwCleaner :

https://forums-fec.be/upload/www/?a=d&i=2799692004

Merci d'avance !

Bonne journée :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
7 févr. 2014 à 18:58
Bonsoir,
1/
Le rapport de ADWCleaner est incomplet, est ce que tu peux envoyer
la totalité du rapport ?

2/
Lance ZHPDiag depuis le bureau

Ensuite coche tout au tournevis (aide ici) puis lance l'analyse, ferme le et héberge le rapport. colle le lien dans ta prochaine réponse

Bonne soirée
0
Réponse 6 / 7
vreilranoemie
8 févr. 2014 à 22:47
Bonsoir,

Tout d'abord, quand je lance un scan avec le logiciel MalwareBytes, le scan est bien pris en compte, sauf que lors de la suppression des fichiers malveillants trouvés, le logiciel ne répond pas, et je suis dans dans l'obligation de quitter le logiciel, est-ce un problème?

Voici le rapport ZHPDiag (tout coché au tournevis) :

https://forums-fec.be/upload/www/?a=d&i=2202565049

Voici le rapport ADWCleaner :

https://forums-fec.be/upload/www/?a=d&i=7374177895


Merci d'avance !

Bonne soirée
0
Réponse 7 / 7
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
9 févr. 2014 à 12:03
Bonjour,
1/ 
le 06/10/2012 par Xplode
Supprime ta version de ADWCleaner (n'est pas à jour) .
Télécharge l a dernière version puis poste le rapport de nettoyage stp.

2/
* Télécharge sur le bureau RogueKiller (par tigzy)
https://www.luanagames.com/index.fr.html

* ( Sous Vista/Seven,clique droit, lancer en tant qu'administrateur )
* Quitte tous tes programmes en cours
* Lance RogueKiller.exe

Si l'infection bloque le programme, il faut le relancer plusieurs fois ou le renommer en winlogon.exe

* Laisse le prescan se terminer, clique sur Scan

* Clique sur Rapport pour l'ouvrir puis copie/colle le sur le dans ton prochain message

@+

0

Discussions similaires

a quoi sert vraiment ce logiciel ZHPDIAG
Utilisateur anonyme -
Utilisateur anonyme -

7 réponses
impossible de désinstaller malwarebytes
gwen -
Lafaye -

8 réponses
malwarebytes gratuit mais au fiinal payant
Awdeline -
Did -

5 réponses
Malwarebytes version 3.2.2.2029
Penndu -
Utilisateur anonyme -

59 réponses
Cherche clé d'activation pour Malwarebyte Anti-malware valide
chris.dumont -
teutates -

2 réponses