Sujet Précédent Sujet Suivant

Freesofttoday

Résolu/Fermé
ti titi - 18 avril 2014 à 17:24
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 18 avril 2014 à 23:21
Hello tout le monde, après une recherche de dll et installation, je me retrouve avec ce "cher" freesofttoday sur le pc avec impossibilité de le supprimer (désinstallation effectuée mais sur l'écran des programmes, il doit me manquer la moitié des programmes installés désormais).

Si quelqu'un peut me donner un coup de main, ce serait appréciable j'avoue.

Ci-joint, le rapport ZHPDIAG:

~ Rapport de ZHPDiag v2014.4.18.33 - Nicolas Coolman (18/04/2014)
~ Lancé par user (18/04/2014 10:43:05)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17041

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7TP9F
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.10 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8075 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 40 GB (35%) free of 112 GB

---\\ Mode de connexion au système
~ Computer Name: USER-PC
~ User Name: user
~ All Users Names: user, UpdatusUser, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 40 Go of 112 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 216 Go of 699 Go)
F: CD-ROM drive (Free 0 Go of 2 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/03/2014 - 07:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/48
~ Mes Documents (My Documents) : 2/312
~ Mon Bureau (My Desktop) : 1/26
~ Menu demarrer (Programs) : 1/6
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.2ABAD4BFC7A1CACF84466323E65B8F4B] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [406328] [PID.3328]
[MD5.E965B5D231E1F8A7324479913F85DD4B] - (...) -- C:\Users\user\AppData\Local\fst_fr_156\upfst_fr_156.exe [3267536] [PID.3364] =>PUA.FSTfr9
[MD5.92240CD724D8044D11EE2B625800D54B] - (.Smartbar - Smartbar.) -- C:\Users\user\AppData\Local\Smartbar\Application\Smartbar.exe [21536] [PID.3752] =>Hijacker.SmartBar
[MD5.0F2644DAA234BAF4E20B80196C23364C] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205624] [PID.4084]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016] [PID.3880]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3928]
[MD5.F41F7FD3BA9A1535AF8D4CEF5EF5B899] - (...) -- C:\Program Files (x86)\fst_fr_156\fst_fr_156.exe [3982800] [PID.3364] =>PUA.FSTfr9
[MD5.F0B44103F4233C17F05F498298ABE6B3] - (.Pas de propriétaire - Lrcnta.) -- C:\Users\user\AppData\Local\Smartbar\Application\Lrcnta.exe [12832] [PID.4252] =>Hijacker.SmartBar
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5596]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.3924]
[MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe [1864368] [PID.880]
[MD5.161233DC79656145086BDBD6918A08D4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8216576] [PID.5728]
[MD5.DC2BA6926FA0CDCE273CC9897F05584A] - (.ASUSTek Computer Inc. - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [107320] [PID.1360]
[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1420]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1448]
[MD5.CF060ECF514B1B71488843D46460F4F0] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [303928] [PID.1788]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.1948]
[MD5.D58C10AFF2B5C09D615623A4DAC0E330] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [109048] [PID.1992]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.1064]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2032]
[MD5.A9AFE5B0648C8D7A411A72D8222F7F6E] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592] [PID.2144]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome

~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8vd6zyqh.default\prefs.js
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8vd6zyqh.default\searchplugins\Web Search.xml =>Parasite.Pugi
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
O3 - Toolbar: Shopping Helper Smartbar - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>Hijacker.SmartBar
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Age of Mythology - The Titans Expansion.lnk . (.Ensemble Studios - Age of Mythology - The Titans Expansion.) -- E:\Install\Age Of Mythology\aomx.exe
O4 - GS\Desktop [Public]: Age of Mythology.lnk . (.Ensemble Studios - Age of Mythology.) -- E:\Install\Age Of Mythology\aom.exe
O4 - GS\Desktop [Public]: AudioWizard.lnk . (...) -- C:\Program Files (x86)\Realtek\Audio\HDA\MaxxAudioControl64.exe (.not file.)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PS3 Media Server.lnk . (.PS3 Media Server - PS3 Media Server.) -- E:\Install\PS3 Media Server\pms.exe
O4 - GS\Desktop [Public]: Total War ROME II.lnk . (.The Creative Assembly Ltd - Total War: Rome II.) -- E:\Install\Total War - Rome II Caesar in Gaul\Total War ROME II\Rome2.exe
O4 - GS\Program [Public]: AudioWizard.lnk . (...) -- C:\Program Files (x86)\Realtek\Audio\HDA\MaxxAudioControl64.exe (.not file.)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Total War ROME II.lnk . (.The Creative Assembly Ltd - Total War: Rome II.) -- E:\Install\Total War - Rome II Caesar in Gaul\Total War ROME II\Rome2.exe
O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [user]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [user]: age2_x2.lnk . (.Microsoft Corporation - Age of Empires II Expansion.) -- E:\Install\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
O4 - GS\Desktop [user]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [user]: Call of Duty Ghosts.lnk . (.Activision - Call of Duty: Ghosts.) -- E:\Install\Call of Duty Ghosts\iw6sp64_ship.exe
O4 - GS\Desktop [user]: Play Star Wars Galactic Battlegrounds - Clone Campaigns.lnk . (...) -- E:\Install\LucasArts\Star Wars Galactic Battlegrounds\Clone Campaigns\CloneCampaigns.exe
O4 - GS\Desktop [user]: Play Star Wars Galactic Battlegrounds.lnk . (...) -- E:\Install\LucasArts\Star Wars Galactic Battlegrounds\swgbg.exe
O4 - GS\Desktop [user]: Start Unlocker.lnk . (...) -- E:\Install\Unlocker\Unlocker.exe
~ Global Startup: 75 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- E:\Install\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Browser Infrastructure Helper] . (.Smartbar - Smartbar.) -- C:\Users\user\AppData\Local\Smartbar\Application\Smartbar.exe =>Hijacker.SmartBar
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_156] . (...) -- C:\Program Files (x86)\fst_fr_156\fst_fr_156.exe =>PUA.FSTfr9
O4 - HKLM\..\Wow6432Node\RunOnce: [upfst_fr_156.exe] . (...) -- C:\Users\user\AppData\Local\fst_fr_156\upfst_fr_156.exe =>PUA.FSTfr9
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-566187485-2188778428-363198614-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- E:\Install\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-566187485-2188778428-363198614-1000\..\Run: [Browser Infrastructure Helper] . (.Smartbar - Smartbar.) -- C:\Users\user\AppData\Local\Smartbar\Application\Smartbar.exe =>Hijacker.SmartBar
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{67A57AA7-14B0-4CC7-BF6E-57477936C6FF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{67A57AA7-14B0-4CC7-BF6E-57477936C6FF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{67A57AA7-14B0-4CC7-BF6E-57477936C6FF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (.not file.) =>Toolbar.Conduit
~ AppInit DLL: Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\TutoTag] =>AgenceExclusive
[HKCU\Software\Tutorials] =>AgenceExclusive
[HKLM\Software\WanDrv]
[HKLM\Software\Wow6432Node\SPCP]
[HKLM\Software\Wow6432Node\Tutorials] =>AgenceExclusive
[HKLM\Software\Wow6432Node\free_soft_today] =>Adware.FreeSoftToday
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 145 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/04/2014 - 10:12:59 - [] ----D C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 18/04/2014 - 10:02:30 - [] ----D C:\Program Files (x86)\fst_fr_156 =>PUA.FSTfr9
O43 - CFD: 06/02/2014 - 01:49:42 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 07/02/2014 - 01:30:35 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 06/02/2014 - 01:49:25 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 06/02/2014 - 01:49:58 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 07/02/2014 - 01:30:35 - [] ----D C:\Users\user\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 07/02/2014 - 01:30:38 - [] ----D C:\Users\user\AppData\Local\Babylon =>PUP.Babylon
O43 - CFD: 18/04/2014 - 10:00:21 - [] -SH-D C:\Users\user\AppData\Local\EmieSiteList
O43 - CFD: 18/04/2014 - 10:00:21 - [] -SH-D C:\Users\user\AppData\Local\EmieUserList
O43 - CFD: 18/04/2014 - 10:04:44 - [] ----D C:\Users\user\AppData\Local\freeSOFTtoday =>Adware.FreeSoftToday
O43 - CFD: 18/04/2014 - 10:21:37 - [] ----D C:\Users\user\AppData\Local\fst_fr_156 =>PUA.FSTfr9
O43 - CFD: 18/04/2014 - 10:02:27 - [] ----D C:\Users\user\AppData\Local\LPT =>Adware.Incredibar
O43 - CFD: 18/04/2014 - 10:02:25 - [] ----D C:\Users\user\AppData\Local\Smartbar =>Hijacker.SmartBar
~ Program Folder: 123 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CBA88FBBB0D6611476452B8B0BC39149] - 17/04/2014 - 22:43:56 ---A- . (.Firelight Technologies - FMOD Event System.) -- C:\Windows\System32\fmod_event.dll [417792]
O44 - LFC:[MD5.97D058913189B1DF4DA4AD829AB7BF5E] - 17/04/2014 - 22:47:12 ---A- . (.Firelight Technologies - FMOD Ex Sound System.) -- C:\Windows\System32\fmodex.dll [1086976]
O44 - LFC:[MD5.EAA3219A4A7B0B3772A1C2940C2DAD50] - 17/04/2014 - 23:56:39 ---A- . (.Firelight Technologies - FMOD Net Event System.) -- C:\Windows\System32\fmod_event_net.dll [818688]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/04/2014 - 09:17:10 ---A- . (...) -- C:\END [0]
~ Files: 63 Legitimates Filtered in 00mn 01s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{355d4785-8f84-11e3-a1ba-6c71d9a300e0}\AutoRun\command. (.Microsoft Studios - State of Decay - Breakdown Setup.) -- F:\Setup.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 03/04/2014 - 19:36:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 03/04/2014 - 19:36:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F1CE49C11A9833A5D2EC32443A142064] - 06/12/2013 - 14:37:50 ---A- . (.Visicom Media Inc. - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [35232]
O58 - SDL:[MD5.039E4A64A5B6DE525E8CACFF1207B049] - 27/11/2013 - 02:54:02 ---A- . (.Visicom Media Inc. - ManyCam Virtual Webcam Driver.) -- C:\Windows\System32\Drivers\mcvidrv.sys [42016]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 16 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 16/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\fst_fr_156\upfst_fr_156.exe [3267536] =>PUA.FSTfr9
O61 - LFC: 17/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 17/04/2014 - 10:43:22 ---A- . (...) -- C:\Users\user\Downloads\fmod_event(1).zip [88336]
O61 - LFC: 17/04/2014 - 10:43:22 ---A- . (...) -- C:\Users\user\Downloads\fmod_event.zip [131378]
O61 - LFC: 17/04/2014 - 10:43:22 ---A- . (...) -- C:\Users\user\Downloads\fmodex.zip [286519]
O61 - LFC: 17/04/2014 - 10:43:22 ---A- . (.Dll-Files.com.) -- C:\Users\user\Downloads\dffsetup-fmod_event.exe [5359680]
O61 - LFC: 17/04/2014 - 10:43:22 ---A- . (.Dll-Files.com.) -- C:\Users\user\Downloads\dffsetup-fmodex.exe [5359680]
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State [63197]
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\LPT\UserSettings.xml [13440] =>Adware.Incredibar
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\Smartbar\Application\DomainBlackList.xml [345] =>Hijacker.SmartBar
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\Smartbar\Application\Smartbar.exe.config [16246] =>Hijacker.SmartBar
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\Smartbar\Application\***@***\install.rdf [1042] =>PUP.HelperBar
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\Smartbar\Application\sb.host.json [199] =>Hijacker.SmartBar
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\Smartbar\DistributionFiles\Configs\IconsSettings.xml [56358] =>Hijacker.SmartBar
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\Smartbar\DistributionFiles\Configs\UserSettings.xml [13440] =>Hijacker.SmartBar
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\freeSOFTtoday\freeSOFTtoday\1.0\freeSOFTtoday.cyl [58] =>Adware.FreeSoftToday
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\fst_fr_156\fst_fr_156\1.10\cnf.cyl [131] =>PUA.FSTfr9
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\fst_fr_156\fst_fr_156\1.10\eorezo.cyl [69] =>PUA.FSTfr9
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\fst_fr_156\upfst_fr_156.cyp [652] =>PUA.FSTfr9
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (...) -- C:\Users\user\AppData\Local\fst_fr_156\user_profil.cyp [1676] =>PUA.FSTfr9
O61 - LFC: 18/04/2014 - 10:43:21 ---A- . (.FreeSoftToday.) -- C:\Users\user\AppData\Local\fst_fr_156\Download\majfstfr.exe [6619528] =>PUA.FSTfr9
O61 - LFC: 18/04/2014 - 10:43:21 -SHA- . (...) -- C:\Users\user\AppData\Local\EmieSiteList\container.dat [0]
O61 - LFC: 18/04/2014 - 10:43:21 -SHA- . (...) -- C:\Users\user\AppData\Local\EmieUserList\container.dat [0]
O61 - LFC: 18/04/2014 - 10:43:22 ---A- . (...) -- C:\Users\user\Downloads\Java.exe [448920]
O61 - LFC: 18/04/2014 - 10:43:22 R--A- . (...) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}\icon.ico [32038]
~ Files: 62 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: ZHPFix 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [user - 8vd6zyqh.default] user_pref("browser.search.defaultenginename", "Web Search");
O69 - SBI: prefs.js [user - 8vd6zyqh.default] user_pref("browser.search.selectedEngine", "Web Search");
O69 - SBI: prefs.js [user - 8vd6zyqh.default] user_pref("extensions.crossrider.bic", "1440472b31c14edbd9cf01d5b67174e8"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BC8FAF80A6FEE9CA7D51F744A6F0D45E] [WIS][18/04/2014] (.ReSoft Ltd. - Shopping Helper Smartbar.) -- C:\Windows\Installer\4197e1.msi [9502720] =>Hijacker.SmartBar
~ WIS: 30 Legitimates Filtered in 00mn 03s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bittorrent_7-8-2-build-30489_fr_11039_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bittorrent_7-8-2-build-30489_fr_11039_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_new_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_new_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Smartbar_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Smartbar_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\speedupmypc_RASAPI32 =>PUP.SpeedUpMyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\speedupmypc_RASMANCS =>PUP.SpeedUpMyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedyPC_RASAPI32 =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedyPC_RASMANCS =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SSStub_Somo_SpeedyPC_RASAPI32 =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SSStub_Somo_SpeedyPC_RASMANCS =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Uninstall Bubble Dock_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Uninstall Bubble Dock_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_RASMANCS =>PUP.WpManager
~ BTK: 143 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] (SmartbarInternetExplorerBHOEngine) =>Hijacker.SmartBar
[HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Shopping Helper Smartbar) =>Hijacker.SmartBar
~ BCK: 4566 Legitimates Filtered in 00mn 03s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 04/11/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 03/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 15/01/2013 107320 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 03/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 03/04/2014 109048 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 08/07/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/05/2013 1826592 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 03s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by user at 18/04/2014 10:43:39
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by user at 18/04/2014 10:43:41

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (18/04/2014)
Clés trouvées (Keys found) : 24
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 17
Fichiers trouvés (Files found) : 12

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\SpeedyPC Software] =>PUP.SpeedyPC
[HKLM\Software\Wow6432Node\SpeedyPC Software] =>PUP.SpeedyPC
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKLM\Software\Wow6432Node\Microsoft\Tracing\speedupmypc_RASAPI32] =>PUP.SpeedUpMyPC
[HKLM\Software\Wow6432Node\Microsoft\Tracing\speedupmypc_RASMANCS] =>PUP.SpeedUpMyPC
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{ae07101b-46d4-4a98-af68-0333ea26e113} =>Hijacker.SmartBar^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Browser Infrastructure Helper =>Hijacker.SmartBar^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_156 =>PUA.FSTfr9^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:upfst_fr_156.exe =>PUA.FSTfr9^
C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect^
C:\Program Files (x86)\fst_fr_156 =>PUA.FSTfr9^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\user\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\user\AppData\Local\Babylon =>PUP.Babylon^
C:\Users\user\AppData\Local\freeSOFTtoday =>Adware.FreeSoftToday^
C:\Users\user\AppData\Local\fst_fr_156 =>PUA.FSTfr9^
C:\Users\user\AppData\Local\LPT =>Adware.Incredibar^
C:\Users\user\AppData\Local\Smartbar =>Hijacker.SmartBar^
C:\Program Files (x86)\SearchProtect =>Toolbar.Conduit
C:\ProgramData\SpeedyPC Software =>PUP.SpeedyPC
C:\Users\user\AppData\Roaming\SpeedyPC Software =>PUP.SpeedyPC
C:\Users\user\AppData\Local\SearchProtect =>Toolbar.Conduit
C:\Users\user\AppData\Local\Temp\Smartbar =>Hijacker.SmartBar
C:\Users\user\AppData\Local\fst_fr_156\upfst_fr_156.exe =>PUA.FSTfr9^
C:\Users\user\AppData\Local\Smartbar\Application\Smartbar.exe =>Hijacker.SmartBar^
C:\Program Files (x86)\fst_fr_156\fst_fr_156.exe =>PUA.FSTfr9^
C:\Users\user\AppData\Local\Smartbar\Application\Lrcnta.exe =>Hijacker.SmartBar^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKLM\Software\Wow6432Node\free_soft_today] =>Adware.FreeSoftToday^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Windows\Installer\4197e1.msi =>Hijacker.SmartBar^
[HKCR\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] (SmartbarInternetExplorerBHOEngine) =>Hijacker.SmartBar^
[HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Shopping Helper Smartbar) =>Hijacker.SmartBar^
~ Additionnel Scan: 171320 Items scanned in 00mn 11s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9
http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.webs.com/apps/blog/show/26632288-parasite-pugi =>Parasite.Pugi
http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/41695065-pup-anyprotect =>PUP.AnyProtect
http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>AgenceExclusive
http://nicolascoolman.webs.com/apps/blog/show/33340107-adware-freesofttoday =>Adware.FreeSoftToday
http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector
http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock =>PUP.BubbleDock
http://nicolascoolman.webs.com/apps/blog/show/28224126-pup-speedypc =>PUP.SpeedyPC
http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 18 link(s) detected in 00mn 00s



~ 994 Legitimates filtered by white list
End of the scan (588 lines in 00mn 48s)(0)

Merci d'avance.

7 réponses

Réponse 1 / 7
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 637
18 avril 2014 à 17:31
Salut,

Tu as installé des adwares et programmes parasites sur ton PC.
Voici la procédure à suivre pour les supprimer :


Un nettoyage AdwCleaner (environ 10/15min) :
======================================
Suis ce tutorial https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
Vas sur le lien, télécharge AdwCleaner comme indiqué.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

puis :



Scan Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour puis lance un examen.

A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.


0
Réponse 2 / 7
ti titi
18 avril 2014 à 17:58
Hello malekal_morte, j'ai donc effectué ce que tu m'as donné comme instructions sans problème apparent, ci-joint les 2 rapports.Par contre, sur l'ecran des programmes installées sur mon pc, je ne revois pas toutes mes installations...:

Rapport Adwcleaner:

# AdwCleaner v3.023 - Rapport créé le 18/04/2014 à 17:37:42
# Mis à jour le 01/04/2014 par Xplode
# Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)
# Nom d'utilisateur : user - USER-PC
# Exécuté depuis : C:\Users\user\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\IePluginService
Dossier Supprimé : C:\ProgramData\WPM
Dossier Supprimé : C:\Program Files (x86)\AnyProtectEx
Dossier Supprimé : C:\Program Files (x86)\Nosibay
Dossier Supprimé : C:\Program Files (x86)\SearchProtect
Dossier Supprimé : C:\Program Files (x86)\SupTab
Dossier Supprimé : C:\Program Files (x86)\fst_fr_156
Dossier Supprimé : C:\Windows\SysWOW64\SearchProtect
Dossier Supprimé : C:\users\user\AppData\Local\Babylon
Dossier Supprimé : C:\users\user\AppData\Local\Freesofttoday
Dossier Supprimé : C:\users\user\AppData\Local\LPT
Dossier Supprimé : C:\users\user\AppData\Local\SearchProtect
Dossier Supprimé : C:\users\user\AppData\Local\Smartbar
Dossier Supprimé : C:\users\user\AppData\Local\fst_fr_156
Dossier Supprimé : C:\users\user\AppData\Local\Temp\Smartbar
Dossier Supprimé : C:\users\user\AppData\Roaming\awesomehp
Dossier Supprimé : C:\users\user\AppData\Roaming\Babylon
Dossier Supprimé : C:\users\user\AppData\Roaming\DriverCure
Dossier Supprimé : C:\users\user\AppData\Roaming\Nosibay
Fichier Supprimé : C:\END
Fichier Supprimé : C:\Windows\System32\roboot64.exe

***** [ Raccourcis ] *****


***** [ Registre ] *****

Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Valeur Supprimée : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.bho
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\speedupmypc
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_fr_156]
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Valeur Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : HKCU\Software\APN PIP
Clé Supprimée : HKCU\Software\Nosibay
Clé Supprimée : HKCU\Software\SmartBar
Clé Supprimée : HKCU\Software\smartbarbackup
Clé Supprimée : HKCU\Software\smartbarlog
Clé Supprimée : HKCU\Software\Tutorials
Clé Supprimée : HKCU\Software\TutoTag
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKLM\Software\supTab
Clé Supprimée : HKLM\Software\supWPM
Clé Supprimée : HKLM\Software\Tutorials
Donnée Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17041

Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (fr)

[ Fichier : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g5j9pnrn.default-1397810734314\prefs.js ]


-\\ Google Chrome v34.0.1847.116

[ Fichier : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : homepage
Supprimée : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8404 octets] - [18/04/2014 17:36:51]
AdwCleaner[S0].txt - [6644 octets] - [18/04/2014 17:37:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6704 octets] ##########


Rapport Malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18/04/2014
Scan Time: 17:49:04
Logfile: rapport_Malwarebytes.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.18.06
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268760
Time Elapsed: 4 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\awesomehpSoftware, Quarantined, [3b93a7840a713303a3aa81fad62cfb05],
PUP.Optional.DPMM.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DP1815, Quarantined, [933bd15a0e6d171ffb8383f2bc466898],

Registry Values: 0
(No malicious items detected)

Registry Data: 7
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[6668a88389f24ee8cc5a69bf9c6818e8]
PUP.Optional.Snapdo, HKU\S-1-5-21-566187485-2188778428-363198614-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snapdo.com/... Good: (http://www.google.com), Bad: (http://feed.snapdo.com/...[e5e969c21d5eee48b7e03aedd92b38c8]
PUP.Optional.Snapdo, HKU\S-1-5-21-566187485-2188778428-363198614-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/...{searchTerms}, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/...{searchTerms}),Replaced,[76588f9c047725110b8aa384758f3dc3]
PUP.Optional.Snapdo, HKU\S-1-5-21-566187485-2188778428-363198614-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/...{searchTerms}, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/...{searchTerms}),Replaced,[6c622cff205bb77f2d6948df877ddf21]
PUP.Optional.Snapdo, HKU\S-1-5-21-566187485-2188778428-363198614-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.snapdo.com/...{searchTerms}, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/...{searchTerms}),Replaced,[eae43cefa7d4181e0c8c2ff8d62e1ce4]
PUP.Optional.Snapdo, HKU\S-1-5-21-566187485-2188778428-363198614-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.snapdo.com/...{searchTerms}, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/...{searchTerms}),Replaced,[9d3161ca3f3c191dc8d1bd6a39cbca36]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-566187485-2188778428-363198614-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/...{searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/...{searchTerms}),Replaced,[6b6343e886f5a096ba743be3e81c758b]

Folders: 1
Adware.EoRezo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_today, Quarantined, [ca0455d682f99b9b5c9156169969639d],

Files: 10
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\is-UL01I.tmp\SPIdentifier.exe, Quarantined, [25a9f932710aae888d965cabb34eb24e],
Adware.EoRezo, C:\Users\user\AppData\Local\Temp\4d80bef0-854b-42e9-ab84-10813ec97011\software\Freesofttoday.exe, Quarantined, [517d9398dba02e089028e883ea170af6],
Heuristics.Shuriken, C:\Users\user\AppData\Local\Temp\4d80bef0-854b-42e9-ab84-10813ec97011\software\freeven-prox-1-2.exe, Quarantined, [ffffffffffffffffffffffffffffffff],
PUP.Optional.ShoppingHelper.A, C:\Users\user\AppData\Local\Temp\4d80bef0-854b-42e9-ab84-10813ec97011\software\ShoppinHelper2_Setup2.exe, Quarantined, [d0fe0e1d80fb78be7800cd6fcf314ab6],
PUP.Optional.OpenCandy, C:\Users\user\Downloads\daemon-tools-lite_4-48-1-0347_fr_10729.exe, Quarantined, [2aa461cadba056e07a0bf655699ba45c],
PUP.Optional.Babylon.A, C:\Users\user\Downloads\unlocker_1-9-2_fr_20237.exe, Quarantined, [3b9369c283f855e17d34a45cda27e41c],
PUP.Optional.BundleInstaller.A, C:\Users\user\Downloads\Java.exe, Quarantined, [8f3fdc4f7209cf678dbd0f31f40d7b85],
PUP.Optional.SmartBar.A, C:\Windows\Installer\4197e1.msi, Quarantined, [0ac48ba0e89355e1a72cd057659b4bb5],
Adware.EoRezo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_today\Freesofttoday.lnk, Quarantined, [ca0455d682f99b9b5c9156169969639d],
PUP.Optional.Bubbledock.A, C:\Users\user\AppData\Roaming\Bubble Dock.boostrap.log, Quarantined, [e3eb62c9a6d593a369724637748ecc34],

Physical Sectors: 0
(No malicious items detected)


(end)
0
Réponse 3 / 7
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 637
18 avril 2014 à 18:05
ok, voici la suite :



Sur Firefox : Menu Outils / Modules complémentaires
Onglet Extension.
Donne la liste.

Sur Google Chrome : Menu en haut à droite puis Outils / Extensions
Donne la liste.

puis :

Faire un Scan OTL - Temps : Environ 40min
=============================================
OTL permet de diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Clique sur le bouton Analyse.

**** Si durant le scan - OTL ne répond pas, ne touche à rien et laisse le scan se poursuivre ****

* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans une réponse.
Je répète : donne le lien du rapport pjjoint ici en réponse.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE


0
Réponse 4 / 7
ti titi
18 avril 2014 à 18:23
- Pour firefox, il y a seulement avast online security.

- Pour chrome, il y a seulement "documents Google 0.5" mais la page d'accueil est le fameux "snapado".

Lien du rapport OTL:
http://pjjoint.malekal.com/files.php?id=OTL_20140418_v11m9p7j10i7

Lien du rapport Extra:
http://pjjoint.malekal.com/files.php?id=OTL_Extras_20140418_p12k9m5d9u13

Merci malekal_morte
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 637
18 avril 2014 à 21:21
Les rapports sont corrects.

Pour snapdo, réinitialise/reparamètre Google Chrome :https://www.malekal.com/reparer-google-chrome/?t=35837&start=
0
Réponse 6 / 7
ti titi
18 avril 2014 à 21:29
Ok un grand merci a toi.

Derniere chose, ce matin, j'ai donc essayé de désinstaller ces fameux programmes cachés (freesofttoday, etc) et depuis, des programmes manquent dans la liste des programmes installés (programmes & fonctionnalités), assez embetant pour les desinstallations, restauration (point de restauration a 3 jours)?

Et encore merci
0
Réponse 7 / 7
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 637
18 avril 2014 à 23:21
Je ne pense pas qu'il y est de solutions malheureusement pour retrouver la liste des programmes.
0