[sangochipsyaya]

bjrG lancé ZHPdiag,ZHPfixs ZHP cleaner,comment savoir si le pc est clean ?merci pr votre aide !---\\ Navigateurs InternetMSIE: Internet Explorer v11.0.9600.17207 (Defaut)---\\ Informations sur les produits Windows~ Langage: Franà§aisWindows 8.1, 32-bit (Build 9600)Windows Server License Manager Script : OK~ Windows(R) Operating System, OEM_DM channelWindows ID Activation : OK~ Windows Partial Key : BPYCDWindows License : OK~ Windows Remaining Initializations Number : 999Software Protection Service (Protection logicielle) : OKWindows Automatic Updates : OKWindows Activation Technologies : OK---\\ Logiciels de protection du systèmeavast! Free Antivirus v9.0.2021Spyware Terminator 2012 v3.0.0.82Windows Defender W8 (Deactivate)---\\ Logiciels d'optimisation du système---\\ Logiciels de partage PeerToPeerVuze v5.3.0.0 =>P2P.Azureus---\\ Surveillance de Logiciels---\\ Informations sur le système~ Processor: x86 Family 6 Model 55 Stepping 3, GenuineIntel~ Operating System: 32 BitsBoot mode: Normal (Normal boot)Total RAM: 1933 MB (37% free)System Restore: Activé (Enable)System drive C: has 10 GB (34%) free of 28 GB---\\ Mode de connexion au système~ Computer Name: YAYASEB~ User Name: sebastien~ All Users Names: sebastien, HomeGroupUser$, Administrateur, ~ Unselected Option: NoneLogged in as Administrator---\\ Variables d'environnement~ System Unit : C:\~ %AppZHP% : C:\Users\sebastien\AppData\Roaming\ZHP\~ %AppData% : C:\Users\sebastien\AppData\Roaming\~ %Desktop% : C:\Users\sebastien\Desktop\~ %Favorites% : C:\Users\sebastien\Favorites\~ %LocalAppData% : C:\Users\sebastien\AppData\Local\~ %StartMenu% : C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\~ %Windir% : C:\Windows\~ %System% : C:\Windows\System32\---\\ Enumération des unités disquesC: Hard drive, Flash drive, Thumb drive (Free 10 Go of 28 Go)---\\ Etat du Centre de Sécurité Windows~ Security Center: 38 Legitimates Filtered in 00mn 00s---\\ Recherche particulière de fichiers génériques[MD5.119E091B5386379BC5AA598BE9440C75] - (.Microsoft Corporation - Explorateur Windows.) (.04/03/2014 - 12:16:50.) -- C:\Windows\Explorer.exe [2088160][MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 03:49:55.) -- C:\Windows\System32\Wininit.exe [112640][MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18/06/2014 - 23:13:59.) -- C:\Windows\System32\wininet.dll [1791488][MD5.70C57DC69D4A7D92D2CAC90C3AD16E6F] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/02/2014 - 10:21:25.) -- C:\Windows\System32\Winlogon.exe [459264][MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:08:12.) -- C:\Windows\System32\sppcomapi.dll [438272][MD5.D75FB05E8DBF21FA0EF313C7503243F1] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30/05/2014 - 04:05:35.) -- C:\Windows\system32\Drivers\AFD.sys [461312][MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 06:33:25.) -- C:\Windows\system32\Drivers\atapi.sys [23392][MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 05:11:55.) -- C:\Windows\system32\Drivers\Cdfs.sys [73728][MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 02:59:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [124928][MD5.55758EBBC45E1628161121D7CFEAD4A1] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 09:23:11.) -- C:\Windows\system32\Drivers\DfsC.sys [102400][MD5.3D06FB84CFFB1D959ACE7690A27A89E1] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 08:22:40.) -- C:\Windows\system32\Drivers\HDAudBus.sys [69632][MD5.5043E69532392A43549E5D41E22638AA] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 05:10:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [82944][MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 12:03:35.) -- C:\Windows\system32\Drivers\IpNat.sys [126976][MD5.E11D4B798CF0FF9F739CD9BDC552FF08] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.30/04/2014 - 06:29:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [333312][MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 05:08:26.) -- C:\Windows\system32\DriversetBT.sys [218624][MD5.BAFDB3519A9D1A6A0665A70696BA98D5] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/03/2014 - 02:09:53.) -- C:\Windows\system32\Driverstfs.sys [1679704][MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 05:11:49.) -- C:\Windows\system32\Drivers\Parport.sys [81408][MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 05:07:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [81920][MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.22/08/2013 - 14:08:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [143872][MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 07:13:54.) -- C:\Windows\system32\Drivers\tdx.sys [87040][MD5.F4138DC230FC3DFE9E31201561D0491B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/03/2014 - 11:37:49.) -- C:\Windows\system32\Drivers\volsnap.sys [264536]~ Generic Processes: Scanned in 00mn 00s---\\ Etat des fichiers cachés (Caché/Total)~ Mes images (My Pictures) : 2/206~ Mes musiques (My Musics) : 1/30~ Mes Videos (My Videos) : 2/8~ Mes Favoris (My Favorites) : 1/44~ Mes Documents (My Documents) : 2/24~ Mon Bureau (My Desktop) : 1/16~ Menu demarrer (Programs) : 1/108~ Hidden Files: Scanned in 00mn 00s---\\ Processus lancés[MD5.B653254145EACA973D9093DF7E180091] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [585112] [PID.2080][MD5.2197DED64442B4B342971598208A7D1A] - (.Microsoft Corporation - Processus hôte pour Tà¢ches Windows.) -- C:\Windows\system32\taskhostex.exe [66624] [PID.3432][MD5.B1F15D633A4F8D2A534C876959D98389] - (.ASUSTek Computer INC. - ASUS AC Reminder Service.) -- C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [1314416] [PID.3664][MD5.EBCB7B97A720AE9E445CFA7119F5C5B0] - (.ASUSTek Computer INC. - ASUS Patch For Touch Panel.) -- C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [144512] [PID.3672][MD5.26C235F7E5D754B275774D6F5ABA72B0] - (.Pas de propriétaire - AsyncSystemSockets.) -- C:\Program Files\HomeTab\WBrowserDirect.exe [34376] [PID.2072] =>PUP.CertifiedToolbar[MD5.C640F23B2E64585D33ADC99C6591C924] - (.Microsoft Corporation - Clavier tactile et volet d’écriture manuscr.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [292824] [PID.2772][MD5.0F2644DAA234BAF4E20B80196C23364C] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [205624] [PID.1296][MD5.9999F683118B467BAB96E50BAE2B1A8B] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [406328] [PID.1036][MD5.FA49E150E6B71E91DFC6330D61E0220E] - (.Microsoft Corporation - OneDrive Sync Engine.) -- C:\Windows\System32\skydrive.exe [877056] [PID.3264][MD5.0DE2BE4BF8BA9B31B7147086694E2EE1] - (.AsusTek - ASUS Smart Gesture Loader.) -- C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe [198968] [PID.4144][MD5.23704A20ABFCBF08E4DD94978C618373] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [19256] [PID.4256][MD5.75E504C816F04640ED065B43A1908996] - (.AsusTek - ASUS Smart Gesture Center.) -- C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe [276280] [PID.4272][MD5.8998A4837A47F16F27000C0A61EFC90D] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29920] [PID.4340][MD5.1A1BB3669A9A3268D34FDD439351CDDE] - (.AsusTek - ASUS Smart Gesture Helper.) -- C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe [170296] [PID.4492][MD5.A9EBEFD3FC125D31EB33A8BB1AB17BE8] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [812208] [PID.4580][MD5.154043DD95B7970A0A3BE111D1D41D3F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [308696] [PID.5204][MD5.0295AFE1985EA8495E4A1DBFB6388FB7] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [394200] [PID.5308][MD5.C74B3ED011FD7F27BBC386041959614B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [318936] [PID.5364][MD5.AB14BC0BF8FE9E58E9525BE4BF37A745] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [315352] [PID.5492][MD5.F9D8F969951F3903AF113C0AC34B8AB2] - (.Intel Corporation - Intel DPTF LPM Service Helper.) -- C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [73216] [PID.5560][MD5.57F9306C2109EAD742BA152827B9E3DE] - (.Realtek Semiconductor - Gestionnaire audio Realtek.) -- C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064] [PID.5616][MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.5684][MD5.D9DEADDC75DAC6B324E0525C63D6A85E] - (...) -- C:\Program Files\fst_fr_121\fst_fr_121.exe [3982288] [PID.5708] =>Adware.FreeSoftToday[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.5928][MD5.3144DA7F8CC09DACED3366A1F0CA5FB6] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2774936] [PID.3908][MD5.8659562E466C698A218CBE66C8AB264E] - (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3681688] [PID.4116][MD5.232C540A6867297218F3492C5B8797D6] - (.Microsoft Corporation - Windows Reader.) -- C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x86__8wekyb3d8bbwe\glcnd.exe [8236032] [PID.1588][MD5.BE163A49AF17E292B8D27AB52437FDC7] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe [3202872] [PID.5672][MD5.044C57C0B61A20B982F40AD8E436EC0C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8090624] [PID.2736][MD5.AFFE53934D6D0216B5755FA2DB683BA8] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [877536] [PID.5480][MD5.DB0FE6E51909BEB42004242EB08FEF47] - (.Microsoft Corporation - Host Process for Setting Synchronization.) -- C:\Windows\System32\SettingSyncHost.exe [517120] [PID.7376][MD5.5457E108FA0265380666C0A55E76589B] - (.Microsoft Corporation - Communications Service.) -- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x86__8wekyb3d8bbwe\LiveComm.exe [138240] [PID.7764][MD5.564AFA3569D05842C65C16C07BDAF822] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [78336] [PID.1528][MD5.28C27484043BDE86B91D1428673B7D2A] - (.ASUSTek Computer Inc. - ASLDR Service.) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416] [PID.1536][MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1580][MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1608][MD5.F15B96D82B8F112FCBA101F178866806] - (.ASUSTek Computer Inc. - AsHidSrv Service.) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224] [PID.1984][MD5.44A17208F438F915FCB490DE8FF052AD] - (.ASUS Cloud Corporation - Asus WebStorage Windows Service.) -- C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680] [PID.2012][MD5.24C493C72530413C32CE9AF26096F66F] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) -- C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1617072] [PID.828][MD5.D25495A9B90AE621AC67863A4C03FCC8] - (.Intel Corporation - Intel DPTF Processor Service.) -- C:\Windows\system32\DptfParticipantProcessorService.exe [75264] [PID.1380][MD5.B6412CCB17B27C9491A676D588E9E34E] - (.Microsoft Corporation - Device Association Framework Provider Host.) -- C:\Windows\system32\dashost.exe [64000] [PID.1680][MD5.D6AAD99C2D47FDA3CE9933D3056CD406] - (.Intel Corporation - Intel DPTF Critical Service.) -- C:\Windows\system32\DptfPolicyCriticalService.exe [89088] [PID.1668][MD5.1A623562049B9B89AB6C8E8B3944E3A9] - (.Intel Corporation - Intel DPTF LPM Service.) -- C:\Windows\system32\DptfPolicyLpmService.exe [82432] [PID.1956][MD5.72CA1CBD58509FB68330D7C245B7F1CC] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) -- C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752] [PID.1204][MD5.26A330EB3B7CBEA21A5B47CB952D9234] - (.GenTechnologies Apps, LLC - MovieMode Service.) -- C:\ProgramData\RWLHhxKaAxm\kKdtnwjTR.exe [2319728] [PID.2208] =>PUP.MovieMode[MD5.93633BF732F57408D8732322E6F1083A] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe [303928] [PID.3392][MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.3972][MD5.463790AEF94D8EAB674631257F53252E] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.5748][MD5.97E604B01B589199FB97E35A9A87B582] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216] [PID.5288]~ Processes Running: Scanned in 00mn 01s---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserveR1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com =>PUP.CertifiedToolbarR1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab~ IE Browser: 10 Legitimates Filtered in 00mn 00s---\\ Internet Explorer, Proxy Management (R5)R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no keyR5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll~ Proxy management: Scanned in 00mn 00s---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programsF2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,F2 - REG:system.ini: Shell=C:\Windows\explorer.exeF2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe~ Keys: Scanned in 00mn 00s---\\ Hosts file redirection (O1)~ Le fichier hosts est sain (The hosts file is clean).~ Hosts File: Scanned in 00mn 00s~ Nombre de lignes (Lines number): 21---\\ Browser Helper Objects de navigateur (O2)O2 - BHO: CrossriderApp0048922 - {11111111-1111-1111-1111-110411891122} Clé orpheline =>PUP.CrossRiderO2 - BHO: Browser Extensions - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Clé orphelineO2 - BHO: trolatunt - {59bc35cc-f3cb-4e2b-a21d-481d781207af} Clé orpheline =>PUP.TrolatuntO2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Clé orphelineO2 - BHO: HelloWorldBHO - {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} . (.FlowSurf Inc. - FlowSurf toolbar.) -- C:\Program Files\Flowsurf\FlowSurf.dll =>PUP.FlowSurf~ BHO: 48 Legitimates Filtered in 00mn 00s---\\ Autres liens utilisateurs (O4)O4 - GS\Desktop [Public]: Vuze.lnk . (.Azureus Software, Inc - Vuze Launcher.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.AzureusO4 - GS\Program [Public]: Vuze.lnk . (.Azureus Software, Inc - Vuze Launcher.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.AzureusO4 - GS\QuickLaunch [sebastien]: Vuze.lnk . (.Azureus Software, Inc - Vuze Launcher.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus~ Global Startup: 3 Legitimates Filtered in 00mn 01s---\\ Applications lancées au démarrage du système (O4)O4 - HKLM\..\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files\ASUS\APRP\APRP.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] . (.Intel Corporation - Intel DPTF LPM Service Helper.) -- C:\Windows\system32\DptfPolicyLpmServiceHelper.exe O4 - HKLM\..\Run: [RtkNGUI] . (.Realtek Semiconductor - Gestionnaire audio Realtek.) -- C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [fst_fr_121] . (...) -- C:\Program Files\fst_fr_121\fst_fr_121.exe =>Adware.FreeSoftTodayO4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKLM\..\Run: [SpywareTerminatorShield] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe O4 - HKLM\..\Run: [SpywareTerminatorUpdater] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe O4 - HKCU\..\Run: [LiveSupport] C:\Program Files\LiveSupport\LiveSupport.exe (.not file.) =>PUP.LiveSupportO4 - HKCU\..\Run: [WindApp] . (.Nosibay - WindApp installer.) -- C:\Users\sebastien\AppData\Roaming\Store\WindApp\WindApp Update.exe O4 - HKUS\S-1-5-21-4235602390-3450967959-3003525134-1001\..\Run: [LiveSupport] C:\Program Files\LiveSupport\LiveSupport.exe (.not file.) =>PUP.LiveSupportO4 - HKUS\S-1-5-21-4235602390-3450967959-3003525134-1001\..\Run: [WindApp] . (.Nosibay - WindApp installer.) -- C:\Users\sebastien\AppData\Roaming\Store\WindApp\WindApp Update.exe ~ Application: Scanned in 00mn 00s---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll =>.Microsoft CorporationO9 - Extra button: FlowSurf - {6CA2A4DE-483E-456B-8634-6445460D7097} -- c:\I+D\Development\Ideas\Contextual Browsing\Workspaces\IEExtensionv4\Icon\browseye.ico (.not file.) =>PUP.FlowSurfO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation~ IE Extra Buttons: Scanned in 00mn 00s---\\ Modification Domaine/Adresses DNS (O17)O17 - HKLM\System\CCS\Services\Tcpip\..\{5064B233-D9D7-4B20-A711-723E1C3C0E4F}: DhcpNameServer = 192.168.1.1 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\..\{B00E32EF-EBBC-4780-95B4-A31A7BDDF1A2}: DhcpNameServer = 13.6.0.99O17 - HKLM\System\CCS\Services\Tcpip\..\{B00E32EF-EBBC-4780-95B4-A31A7BDDF1A2}: DhcpDomain = WDS03.COMO17 - HKLM\System\CS1\Services\Tcpip\..\{5064B233-D9D7-4B20-A711-723E1C3C0E4F}: DhcpNameServer = 192.168.1.1 192.168.1.1O17 - HKLM\System\CS1\Services\Tcpip\..\{B00E32EF-EBBC-4780-95B4-A31A7BDDF1A2}: DhcpNameServer = 13.6.0.99O17 - HKLM\System\CS1\Services\Tcpip\..\{B00E32EF-EBBC-4780-95B4-A31A7BDDF1A2}: DhcpDomain = WDS03.COMO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1~ Domain: Scanned in 00mn 00s---\\ Protocole additionnel (O18)O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft CorporationO18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation~ Protocole Additionnel: Scanned in 00mn 00s---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll~ Winlogon: Scanned in 00mn 00s---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)O20 - AppInit_DLLs: . (...) - C:\Program Files\suptab\search~1.dll (.not file.) =>PUP.SupTab~ AppInit DLL: Scanned in 00mn 00s---\\ Liste des services NT non Microsoft et non désactivés (O23)O23 - Service: kKdtnwjTR (kKdtnwjTR) . (.GenTechnologies Apps, LLC - MovieMode Service.) - C:\ProgramData\RWLHhxKaAxm\kKdtnwjTR.exe =>PUP.MovieModeO23 - Service: Update melondrea (Update melondrea) . (...) - C:\Program Files\melondrea\updatemelondrea.exe (.not file.) =>PUP.Melondrea~ Services: 14 Legitimates Filtered in 00mn 19s---\\ Tà¢ches planifiées en automatique (O39)[MD5.DF2332BD0B59A91B9490867411603E9F] [APT] [0d5e438e-eb9f-4ae3-b34b-343a750e00ef-1] (.smart-saverplus.) -- C:\Program Files\SmartSaver+ 3\SmartSaver+ 3-codedownloader.exe [558952] =>PUP.CrossRider[MD5.7E11F472CC72989E3E0479CD860B488E] [APT] [0d5e438e-eb9f-4ae3-b34b-343a750e00ef-11] (.smart-saverplus.) -- C:\Program Files\SmartSaver+ 3\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-11.exe [1937768] =>PUP.CrossRider[MD5.B7BC37E10E715418E96B41D8578E26C7] [APT] [0d5e438e-eb9f-4ae3-b34b-343a750e00ef-2] (.smart-saverplus.) -- C:\Program Files\SmartSaver+ 3\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-2.exe [388456] =>PUP.CrossRider[MD5.7E11F472CC72989E3E0479CD860B488E] [APT] [0d5e438e-eb9f-4ae3-b34b-343a750e00ef-3] (.smart-saverplus.) -- C:\Program Files\SmartSaver+ 3\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-3.exe [1937768] =>PUP.CrossRider[MD5.3126AA4D7BB9EE656BC57F2F0612AFE5] [APT] [0d5e438e-eb9f-4ae3-b34b-343a750e00ef-4] (.smart-saverplus.) -- C:\Program Files\SmartSaver+ 3\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-4.exe [871272] =>PUP.CrossRider[MD5.8F7505C949C55096079AC959B5233705] [APT] [0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5] (.smart-saverplus.) -- C:\Program Files\SmartSaver+ 3\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5.exe [492392] =>PUP.CrossRider[MD5.8F7505C949C55096079AC959B5233705] [APT] [0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5_user] (.smart-saverplus.) -- C:\Program Files\SmartSaver+ 3\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5.exe [492392] =>PUP.CrossRider[MD5.6784919E1B1C7A5A01DE2F31847B7280] [APT] [fsupdate] (...) -- C:\Program Files\Flowsurf\fsupd.exe [57295] =>PUP.FlowSurf[MD5.956E90BB7C7D1DE6802E0C20E6DCB811] [APT] [WindApp Update] (.Nosibay.) -- C:\Users\sebastien\AppData\Roaming\Store\WindApp\WindApp Update.exe [160552][MD5.00000000000000000000000000000000] [APT] [wp_update] (...) -- C:\Users\sebastien\AppData\Roaming\~nmniakt.exe (.not file.) [0] =>PUP.WpManager[MD5.26C235F7E5D754B275774D6F5ABA72B0] [APT] [SystemSockets] (...) -- C:\Program Files\HomeTab\WBrowserDirect.exe [34376] =>PUP.CertifiedToolbarO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-1 - (.smart-saverplus.) -- C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-1.job [1556] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-1 - (.smart-saverplus.) -- C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-1 [1556] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-11 - (.smart-saverplus.) -- C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-11.job [3810] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-11 - (.smart-saverplus.) -- C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-11 [3810] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-2 - (.smart-saverplus.) -- C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-2.job [1372] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-2 - (.smart-saverplus.) -- C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-2 [1372] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-3 - (.smart-saverplus.) -- C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-3.job [3128] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-3 - (.smart-saverplus.) -- C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-3 [3128] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-4 - (.smart-saverplus.) -- C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-4.job [2364] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-4 - (.smart-saverplus.) -- C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-4 [2364] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5 - (.smart-saverplus.) -- C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5.job [1454] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5 - (.smart-saverplus.) -- C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5 [1454] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5_user - (.smart-saverplus.) -- C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5_user.job [1470] =>PUP.CrossRiderO39 - APT: 0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5_user - (.smart-saverplus.) -- C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5_user [1470] =>PUP.CrossRiderO39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [970]O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [970]O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [974]O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [974]O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1074]O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1078]~ Scheduled Task: 184 Legitimates Filtered in 00mn 08s---\\ Pilotes lancés au démarrage du système (O41)O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sysO41 - Driver: ({0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys =>PUP.LinkiDoo~ Drivers: 44 Legitimates Filtered in 00mn 00s---\\ Logiciels installés (O42)O42 - Logiciel: Browser Extensions - (.Spigot, Inc..) [HKCU] -- {3A787631-66A2-4634-B928-A37E73B58FB6} =>PUP.DealioO42 - Logiciel: HomeTab 6.7 - (.SimplyTech LTD.) [HKLM] -- {e81f26c8-ad20-4b25-b45e-72eb1d53c655}_is1 =>PUP.CertifiedToolbarO42 - Logiciel: Movie Mode - (.GenTechnologies Apps, LLC.) [HKLM] -- MovieMode =>PUP.MovieModeO42 - Logiciel: Supporter 1.80 - (.SaveClicker.) [HKLM] -- {5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4} =>PUP.SaveClickerO42 - Logiciel: WindApp (remove only) - (.Store.) [HKCU] -- WindAppO42 - Logiciel: fst_fr_121 - (.free_soft_to_day.) [HKLM] -- fst_fr_121_is1 =>Adware.FreeSoftToday~ Logic: 18 Legitimates Filtered in 00mn 01s---\\ HKCU & HKLM Software Keys[HKCU\Software\Boxore] =>Adware.Boxore[HKCU\Software\Conduit] =>Toolbar.Conduit[HKCU\Software\Conduit_Search_Protect][HKCU\Software\Deeal] =>PUP.DeealFr[HKCU\Software\Flowsurf] =>PUP.FlowSurf[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar[HKCU\Software\InstallCore] =>Adware.InstallCore[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver[HKCU\Software\SaveSenseLive] =>PUP.SaveSense[HKCU\Software\SaveSense] =>PUP.SaveSense[HKCU\Software\Softonic] =>Toolbar.Conduit[HKCU\Software\Store][HKCU\Software\TutoTag] =>PUP.AgenceExclusive[HKCU\Software\Tutorials] =>PUP.AgenceExclusive[HKCU\Software\Vittalia] =>PUP.Vittalia[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday[HKCU\Software\trolatunt] =>PUP.Trolatunt[HKLM\Software\Boxore] =>Adware.Boxore[HKLM\Software\Conduit] =>Toolbar.Conduit[HKLM\Software\IePlugin][HKLM\Software\Iminent] =>Adware.IMBooster[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver[HKLM\Software\SmartSaver+ 3] =>PUP.CrossRider[HKLM\Software\Tutorials] =>PUP.AgenceExclusive[HKLM\Software\Wpm] =>PUP.WpManager[HKLM\Software\free_soft_to_day] =>Adware.FreeSoftToday[HKLM\Software\supTab] =>PUP.SupTab[HKLM\Software\supWPM] =>PUP.WpManager[HKLM\Software\trolatunt] =>PUP.Trolatunt~ Key Software: 173 Legitimates Filtered in 00mn 01s---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)O43 - CFD: 07/03/2014 - 12:07:24 - [] ----D C:\Program Files\ConduitO43 - CFD: 04/07/2014 - 23:50:18 - [] ----D C:\Program Files\Flowsurf =>PUP.FlowSurfO43 - CFD: 07/03/2014 - 12:13:57 - [] ----D C:\Program Files\fst_fr_121 =>Adware.FreeSoftTodayO43 - CFD: 05/08/2014 - 17:17:07 - [] ----D C:\Program Files\HomeTab =>PUP.CertifiedToolbarO43 - CFD: 07/03/2014 - 12:22:44 - [0] ----D C:\Program Files\IminentToolbar =>Adware.IMBoosterO43 - CFD: 09/03/2014 - 10:45:43 - [0] ----D C:\Program Files\melondrea =>PUP.MelondreaO43 - CFD: 23/03/2014 - 10:16:09 - [0] ----D C:\Program Files\SaveClicker =>PUP.SaveClickerO43 - CFD: 05/08/2014 - 11:14:26 - [] ----D C:\Program Files\SmartSaver+ 3 =>PUP.CrossRiderO43 - CFD: 07/06/2014 - 19:16:53 - [0] ----D C:\Program Files\Supporter =>PUP.SaveClickerO43 - CFD: 21/04/2014 - 10:03:28 - [] ----D C:\Program Files\SupTab =>PUP.SupTabO43 - CFD: 07/03/2014 - 12:07:21 - [] ----D C:\ProgramData\ConduitO43 - CFD: 07/06/2014 - 19:20:03 - [] ----D C:\ProgramData\IePluginService =>PUP.IePluginServiceO43 - CFD: 05/08/2014 - 11:06:11 - [] ----D C:\ProgramData\MovieMode =>PUP.MovieModeO43 - CFD: 05/08/2014 - 11:08:42 - [] ----D C:\ProgramData\RWLHhxKaAxmO43 - CFD: 23/03/2014 - 10:19:21 - [0] ----D C:\ProgramData\SaveClicker =>PUP.SaveClickerO43 - CFD: 09/03/2014 - 12:00:24 - [] ----D C:\ProgramData\SaveSenseLive =>PUP.SaveSenseO43 - CFD: 23/03/2014 - 10:16:37 - [] ----D C:\ProgramData\WPM =>PUP.WpManagerO43 - CFD: 24/07/2014 - 12:25:39 - [] ----D C:\Users\sebastien\AppData\Roaming\Browser ExtensionsO43 - CFD: 21/03/2014 - 17:09:55 - [] ----D C:\Users\sebastien\AppData\Roaming\qone8 =>Hijacker.Qone8O43 - CFD: 09/03/2014 - 12:00:21 - [] ----D C:\Users\sebastien\AppData\Roaming\SaveSense =>PUP.SaveSenseO43 - CFD: 05/08/2014 - 11:05:52 - [] ----D C:\Users\sebastien\AppData\Roaming\StoreO43 - CFD: 21/03/2014 - 14:47:59 - [] ----D C:\Users\sebastien\AppData\Roaming\SupTab =>PUP.SupTabO43 - CFD: 08/08/2014 - 19:19:06 - [] ----D C:\Users\sebastien\AppData\Roaming\wp_update =>PUP.WpManagerO43 - CFD: 07/03/2014 - 12:45:50 - [0] ----D C:\Users\sebastien\AppData\Local\ConduitO43 - CFD: 07/06/2014 - 19:21:51 - [] ----D C:\Users\sebastien\AppData\Local\fst_fr_121 =>Adware.FreeSoftTodayO43 - CFD: 05/08/2014 - 11:31:15 - [] ----D C:\Users\sebastien\AppData\Local\MovieMode =>PUP.MovieModeO43 - CFD: 07/06/2014 - 19:23:16 - [] ----D C:\Users\sebastien\AppData\Local\SaveSense =>PUP.SaveSenseO43 - CFD: 09/03/2014 - 12:00:24 - [] ----D C:\Users\sebastien\AppData\Local\SaveSenseLive =>PUP.SaveSenseO43 - CFD: 09/03/2014 - 12:00:10 - [] ----D C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.SaveSense~ Program Folder: 141 Legitimates Filtered in 00mn 01s---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)O44 - LFC:[MD5.A87F33DB239683F4E658AEAB3A2AF177] - 04/08/2014 - 11:37:06 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys [52920] =>PUP.LinkiDooO44 - LFC:[MD5.E30F1E40E0697F56EF89F95CA9ACB286] - 05/08/2014 - 10:13:16 ---A- . (.Pas de propriétaire - Toolbar_Exe_Launcher_Form.) -- C:\Windows\Launcher.exe [34376]O44 - LFC:[MD5.D01279C0E768EC619FFB3D8DD1E7B5F3] - 05/08/2014 - 10:15:41 ---A- . (...) -- C:\Windows\System32\${LOGFILE} [3254]O44 - LFC:[MD5.884DE4DC5EF9F185AAD86A6309AA74A3] - 10/08/2014 - 19:17:14 ---A- . (...) -- C:\Windows\win.ini [194]~ Files: 13 Legitimates Filtered in 00mn 06s---\\ Derniers fichiers créés dans Windows Prefetcher (O45)O45 - LFCP:[MD5.98A558FA452F97A12E26BD40ECB279C4] - 03/08/2014 - 17:10:41 ---A- - C:\Windows\Prefetch\AZUREUS.EXE-B2EC3F05.pf =>P2P.AzureusO45 - LFCP:[MD5.4FB027B6084A38ABDBA3DEF1566808EF] - 05/08/2014 - 10:05:59 ---A- - C:\Windows\Prefetch\BUBBLE DOCK.EXE-3EAD0A34.pf =>PUP.BubbleDockO45 - LFCP:[MD5.5274907E987AE56FA444507357803C8A] - 11/08/2014 - 10:08:53 ---A- - C:\Windows\Prefetch\FST_FR_121.EXE-12F8002E.pf =>Adware.FreeSoftTodayO45 - LFCP:[MD5.3856DFA21C8BB2CC86BC2D9A11FB904D] - 05/08/2014 - 10:13:13 ---A- - C:\Windows\Prefetch\HOMETAB.TMP-DF71FA67.pf =>PUP.CertifiedToolbarO45 - LFCP:[MD5.96C20C331187AB59E7523C31A25670A6] - 07/03/2014 - 11:13:24 ---A- - C:\Windows\Prefetch\IMINENT_1712-B2FCAD5E.EXE-4CD81EDC.pf =>Adware.IMBoosterO45 - LFCP:[MD5.110843B13C2C4272E1E3274CA0D6B936] - 05/08/2014 - 09:23:56 ---A- - C:\Windows\Prefetch\SEARCHPROTECTION.EXE-B8F67CF7.pf =>PUP.SearchProtectO45 - LFCP:[MD5.92F1DAAE9C5927195F9B73529C6592E1] - 10/08/2014 - 19:14:46 ---A- - C:\Windows\Prefetch\SMARTSAVER+ 3-BG.EXE-3548A12A.pf =>PUP.CrossRiderO45 - LFCP:[MD5.DF21D0F3C2F2FBF0B2EA7788B90D8EA1] - 10/08/2014 - 22:14:00 ---A- - C:\Windows\Prefetch\SMARTSAVER+ 3-CODEDOWNLOADER.-2F12538F.pf =>PUP.CrossRiderO45 - LFCP:[MD5.FE6A58AD266A624E3B91DB519122944E] - 21/03/2014 - 13:34:16 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_SONGR-E91137CE.pf =>Toolbar.ConduitO45 - LFCP:[MD5.515FA3D91E4537C9E948BCC6A27DF896] - 10/08/2014 - 19:17:14 ---A- - C:\Windows\Prefetch\TROLATUNT.PURBROWSE.EXE-3C3252FE.pf =>PUP.TrolatuntO45 - LFCP:[MD5.15448F2752836BA361A011BF39796634] - 21/03/2014 - 13:42:51 ---A- - C:\Windows\Prefetch\UNINSTALL BUBBLE DOCK.EXE-2670EE50.pf =>PUP.BubbleDockO45 - LFCP:[MD5.AB279887F14D39F3C25064B197029D7E] - 05/08/2014 - 10:12:45 ---A- - C:\Windows\Prefetch\UNINSTALL BUBBLE DOCK.EXE-AB6FE9FF.pf =>PUP.BubbleDockO45 - LFCP:[MD5.2D8C6573765E7ABAAC2DC1452AA8D5BF] - 05/08/2014 - 10:12:35 ---A- - C:\Windows\Prefetch\UNINSTALL BUBBLE DOCK.EXE-ADE18E66.pf =>PUP.BubbleDockO45 - LFCP:[MD5.DBF78EEE3A6E53C9EF48A67A5647D701] - 10/08/2014 - 18:21:14 ---A- - C:\Windows\Prefetch\UPDATETROLATUNT.EXE-5B863921.pf =>PUP.TrolatuntO45 - LFCP:[MD5.33FAEF632AE8012D5476F25F641D7437] - 10/08/2014 - 18:17:10 ---A- - C:\Windows\Prefetch\UTILTROLATUNT.EXE-AD20C749.pf =>PUP.TrolatuntO45 - LFCP:[MD5.CB2608197829D3843C09043E6AD0999E] - 24/07/2014 - 11:20:23 ---A- - C:\Windows\Prefetch\VUZEBITTORRENTCLIENTINSTALLER-882EDAC1.pf =>P2P.BitTorrentO45 - LFCP:[MD5.6FE83A214B136F5C0DC7640DA3BD496B] - 24/07/2014 - 11:21:15 ---A- - C:\Windows\Prefetch\VUZEINSTALLER.EXE-EC01B491.pf =>P2P.Azureus~ Prefetcher: 17 Legitimates Filtered in 00mn 00s---\\ Déni du service (Local Security Authority) (O48)~ LSA: 3 Legitimates Filtered in 00mn 00s---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0~ MWPS: 17 Legitimates Filtered in 00mn 00s---\\ Liste des pilotes du système (SDL) (O58)O58 - SDL:05/07/2014 - 20:38:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL SoftwareO58 - SDL:05/07/2014 - 20:38:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL SoftwareO58 - SDL:05/07/2014 - 20:38:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL SoftwareO58 - SDL:03/10/2013 - 03:38:22 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [16088]O58 - SDL:06/09/2013 - 13:25:18 ---A- . (.Capella Microsystems, Inc. - Capella Micro Sensor Filter Driver.) -- C:\Windows\System32\Drivers\CPLMACPI.sys [16488]O58 - SDL:21/06/2011 - 10:24:06 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]O58 - SDL:22/01/2014 - 08:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [88576]O58 - SDL:22/01/2014 - 08:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [184192]O58 - SDL:22/08/2013 - 06:32:57 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26976]O58 - SDL:04/08/2014 - 11:37:06 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw.sys [52920] =>PUP.LinkiDoo~ Drivers: 72 Legitimates Filtered in 00mn 03s---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)O61 - LFC: 05/08/2014 - 14:14:20 ---A- . (...) -- C:\Users\sebastien\AppData\LocalLow\HomeTab\stbcfg.bin [1148] =>PUP.CertifiedToolbarO61 - LFC: 06/08/2014 - 14:14:18 ---A- . (...) -- C:\Users\sebastien\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10243.bin [257704]O61 - LFC: 07/08/2014 - 14:14:18 ---A- . (...) -- C:\Users\sebastien\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin [411415]O61 - LFC: 11/08/2014 - 14:14:18 ---A- . (...) -- C:\Users\sebastien\AppData\Local\Microsoft\Windows\INetCache\Low\IE\AMV2I0Z0\ams1.ib.adnxs[1].com [8]O61 - LFC: 11/08/2014 - 14:14:18 ---A- . (...) -- C:\Users\sebastien\AppData\Local\Microsoft\Windows\INetCache\Low\IE\OAA9LLLR\ZHPDiag2[1].exe [0] =>.Nicolas Coolman~ 8360 Fichiers temporaires (Temporary files)~ 4 Fichiers cookies (Cookies files)~ Files: 35 Legitimates Filtered in 00mn 02s---\\ Liste des outils de désinfection (LATC) (O63)O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman~ ADS: Scanned in 00mn 00s---\\ Menu de démarrage Internet (SMI) (O68)O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe~ Keys: Scanned in 00mn 00s---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - http://search.certified-toolbar.com =>PUP.CertifiedToolbar~ Keys: Scanned in 00mn 00s---\\ Recherche particulière à  la racine du système (SPRF) (O84)[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]~ Files: 1 Legitimates Filtered in 00mn 00s---\\ Liste des exceptions du parefeu (FirewallRules) (O87)O87 - FAEL: "{B94B79BB-C652-4524-A376-84C993C18299}" | In - Private - P6 - TRUE | .(.Azureus Software, Inc - Vuze Launcher.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.AzureusO87 - FAEL: "{3783DB06-28F5-4260-8E55-F93BAE25F83F}" | In - Private - P17 - TRUE | .(.Azureus Software, Inc - Vuze Launcher.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.AzureusO87 - FAEL: "{E183C152-BED9-4CE8-9D55-BF3BA4172669}" | In - Public - P6 - TRUE | .(.Azureus Software, Inc - Vuze Launcher.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.AzureusO87 - FAEL: "{B2667029-F26E-4EF0-9664-5DFE59A64298}" | In - Public - P17 - TRUE | .(.Azureus Software, Inc - Vuze Launcher.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus~ Firewall: 4 Legitimates Filtered in 00mn 04s---\\ Enumère les données de la clé NameSpace (MNS) (O92)O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}~ MNS: 6 Legitimates Filtered in 00mn 00s---\\ Recherche de clés de registre Tracing (O100)HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtectorHKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtectorHKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32 =>PUP.CertifiedToolbarHKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS =>PUP.CertifiedToolbarHKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.MelondreaHKLM\SOFTWARE\Microsoft\Tracing\melondrea_RASMANCS =>PUP.MelondreaHKLM\SOFTWARE\Microsoft\Tracing\trolatunt_RASAPI32 =>PUP.TrolatuntHKLM\SOFTWARE\Microsoft\Tracing\trolatunt_RASMANCS =>PUP.TrolatuntHKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.MelondreaHKLM\SOFTWARE\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.MelondreaHKLM\SOFTWARE\Microsoft\Tracing\updatetrolatunt_RASAPI32 =>PUP.TrolatuntHKLM\SOFTWARE\Microsoft\Tracing\updatetrolatunt_RASMANCS =>PUP.TrolatuntHKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.MelondreaHKLM\SOFTWARE\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.MelondreaHKLM\SOFTWARE\Microsoft\Tracing\utiltrolatunt_RASAPI32 =>PUP.TrolatuntHKLM\SOFTWARE\Microsoft\Tracing\utiltrolatunt_RASMANCS =>PUP.Trolatunt~ BTK: 44 Legitimates Filtered in 00mn 00s---\\ Recherche de clés de registre CLSID (O101)[HKCR\CLSID\{22222222-2222-2222-2222-220422892222}] (CrossriderApp0048922.Sandbox) =>PUP.CrossRider[HKCR\CLSID\{62BDF561-544F-0937-7D21-C450F5344E86}] (SaveClicker) =>PUP.SaveClicker[HKCR\CLSID\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}] (FlowSurf) =>PUP.FlowSurf~ BCK: 5438 Legitimates Filtered in 00mn 19s---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)SS - | Auto 13/02/2014 1677016 | (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exeSS - | Demand 13/11/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exeSS - | Disabled 05/08/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exeSS - | Disabled 05/08/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exeSS - | Auto 02/07/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exeSS - | Demand 02/07/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exeSS - | Demand 01/07/2013 637912 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exeSS - | Auto 10/07/1658 0 | (Update melondrea) . (...) - C:\Program Files\melondrea\updatemelondrea.exe =>PUP.MelondreaSS - | Demand 22/08/2013 31552 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exeSR - | Auto 09/09/2013 103224 | (AsHidService) . (.ASUSTek Computer Inc..) - C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exeSR - | Auto 09/09/2013 111416 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exeSR - | Auto 16/08/2013 71680 | (Asus WebStorage Windows Service) . (.ASUS Cloud Corporation.) - C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exeSR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeSR - | Auto 05/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exeSR - | Auto 02/11/2013 75264 | (DptfParticipantProcessorService) . (.Intel Corporation.) - C:\Windows\System32\DptfParticipantProcessorService.exeSR - | Auto 02/11/2013 89088 | (DptfPolicyCriticalService) . (.Intel Corporation.) - C:\Windows\System32\DptfPolicyCriticalService.exeSR - | Auto 02/11/2013 82432 | (DptfPolicyLpmService) . (.Intel Corporation.) - C:\Windows\System32\DptfPolicyLpmService.exeSR - | Auto 01/07/2013 586752 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exeSR - | Demand 21/02/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exeSR - | Auto 25/08/2013 168216 | (jhi_service) . (.Intel Corporation.) - C:\Program Files\Intel\TXE Components\DAL\jhi_service.exeSR - | Auto 05/08/2014 2319728 | (kKdtnwjTR) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\RWLHhxKaAxm\kKdtnwjTR.exeSR - | Auto 13/05/2014 585112 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exeSR - | Demand 24/03/2014 22224 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe~ Services: Scanned in 00mn 20s---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netRun by sebastien at 11/08/2014 14:15:07device: opened successfullyuser: error reading MBR Disk trace:error: Read Descripteur non validekernel: error reading MBR ~ MBR: 28 Legitimates Filtered in 00mn 02s---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)Written by ad13, http://ad13.geekstogRun by sebastien at 11/08/2014 14:15:09********* Dump file Name *********C:\PhysicalDisk0_MBR.bin~ MBR: Scanned in 00mn 04s---\\ Scan Additionnel (O88)Database Version : 13026 - (09/08/2014)Clés trouvées (Keys found) : 58Valeurs trouvées (Values found) : 5Dossiers trouvés (Folders found) : 34Fichiers trouvés (Files found) : 49[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411891122}] =>PUP.CrossRider^[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59BC35CC-F3CB-4E2B-A21D-481D781207AF}] =>PUP.Trolatunt^[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}] =>PUP.FlowSurf^[HKLM\SYSTEM\CurrentControlSet\Services\kKdtnwjTR] =>PUP.MovieMode^[HKLM\SYSTEM\CurrentControlSet\Services\Update melondrea] =>PUP.Melondrea^[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}] =>PUP.Dealio^[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e81f26c8-ad20-4b25-b45e-72eb1d53c655}_is1] =>PUP.CertifiedToolbar^[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MovieMode] =>PUP.MovieMode^[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}] =>PUP.SaveClicker^[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_121_is1] =>Adware.FreeSoftToday^[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster[HKCU\Software\Boxore] =>Adware.Boxore[HKLM\Software\Boxore] =>Adware.Boxore[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit[HKLM\Software\Iminent] =>Adware.IMBooster[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong[HKCU\Software\Softonic] =>Toolbar.Conduit[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive[HKLM\Software\Tutorials] =>Spyware.AgenceExclusive[HKCU\Software\InstallCore] =>Adware.InstallCore[HKLM\Software\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}] =>Adware.PredictAd[HKLM\Software\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}] =>Adware.PredictAd[HKLM\Software\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}] =>Adware.PredictAd[HKLM\Software\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}] =>Adware.PredictAd[HKLM\Software\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}] =>Adware.PredictAd[HKLM\Software\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}] =>Adware.PredictAd[HKLM\Software\Classes\wtb.Band] =>Adware.PredictAd[HKLM\Software\Classes\wtb.Band.1] =>Adware.PredictAd[HKLM\Software\Classes\wtb.NotificationSource] =>Adware.PredictAd[HKLM\Software\Classes\wtb.NotificationSource.1] =>Adware.PredictAd[HKLM\Software\Classes\wtb.SourceSinkImpl] =>Adware.PredictAd[HKLM\Software\Classes\wtb.SourceSinkImpl.1] =>Adware.PredictAd[HKLM\Software\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}] =>Adware.PredictAd[HKLM\Software\Classes\wtb.ToolbarInfo] =>Adware.PredictAd[HKLM\Software\Classes\wtb.ToolbarInfo.1] =>Adware.PredictAd[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro[HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox[HKLM\Software\Classes\CrossriderApp0048922.BHO] =>PUP.CrossRider[HKLM\Software\Classes\CrossriderApp0048922.BHO.1] =>PUP.CrossRider[HKLM\Software\Classes\CrossriderApp0048922.Sandbox] =>PUP.CrossRider[HKLM\Software\Classes\CrossriderApp0048922.Sandbox.1] =>PUP.CrossRider[HKLM\Software\Classes\Iminent] =>Adware.IMBooster[HKLM\Software\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch[HKLM\Software\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch[HKLM\Software\Classes\Toolbar.CT2504091] =>Toolbar.Conduit[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422892222}] =>PUP.CrossRider[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_121 =>Adware.FreeSoftToday^[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:LiveSupport =>PUP.LiveSupport^C:\Program Files\Flowsurf =>PUP.FlowSurf^C:\Program Files\fst_fr_121 =>Adware.FreeSoftToday^C:\Program Files\HomeTab =>PUP.CertifiedToolbar^C:\Program Files\IminentToolbar =>Adware.IMBooster^C:\Program Files\melondrea =>PUP.Melondrea^C:\Program Files\SaveClicker =>PUP.SaveClicker^C:\Program Files\SmartSaver+ 3 =>PUP.CrossRider^C:\Program Files\Supporter =>PUP.SaveClicker^C:\Program Files\SupTab =>PUP.SupTab^C:\ProgramData\IePluginService =>PUP.IePluginService^C:\ProgramData\MovieMode =>PUP.MovieMode^C:\ProgramData\SaveClicker =>PUP.SaveClicker^C:\ProgramData\SaveSenseLive =>PUP.SaveSense^C:\ProgramData\WPM =>PUP.WpManager^C:\Users\sebastien\AppData\Roaming\qone8 =>Hijacker.Qone8^C:\Users\sebastien\AppData\Roaming\SaveSense =>PUP.SaveSense^C:\Users\sebastien\AppData\Roaming\SupTab =>PUP.SupTab^C:\Users\sebastien\AppData\Roaming\wp_update =>PUP.WpManager^C:\Users\sebastien\AppData\Local\fst_fr_121 =>Adware.FreeSoftToday^C:\Users\sebastien\AppData\Local\MovieMode =>PUP.MovieMode^C:\Users\sebastien\AppData\Local\SaveSense =>PUP.SaveSense^C:\Users\sebastien\AppData\Local\SaveSenseLive =>PUP.SaveSense^C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.SaveSense^C:\Program Files\Conduit =>Toolbar.ConduitC:\Program Files\SearchProtect =>Toolbar.ConduitC:\Program Files\Software =>Adware.BoxoreC:\ProgramData\Conduit =>Toolbar.ConduitC:\Users\sebastien\AppData\Local\Conduit =>Toolbar.ConduitC:\Users\sebastien\AppData\Local\SearchProtect =>Toolbar.ConduitC:\Users\sebastien\AppData\Local\Software =>Adware.BoxoreC:\Users\sebastien\AppData\LocalLow\Conduit =>Toolbar.ConduitC:\Users\sebastien\AppData\LocalLow\PriceGong =>Adware.PriceGongC:\Users\sebastien\AppData\LocalLow\HomeTab =>PUP.CertifiedToolbarC:\Users\sebastien\AppData\Local\Temp\Spigot =>PUP.DealioC:\Program Files\HomeTab\WBrowserDirect.exe =>PUP.CertifiedToolbar^C:\Program Files\fst_fr_121\fst_fr_121.exe =>Adware.FreeSoftToday^C:\ProgramData\RWLHhxKaAxm\kKdtnwjTR.exe =>PUP.MovieMode^C:\Program Files\SmartSaver+ 3\SmartSaver+ 3-codedownloader.exe =>PUP.CrossRider^C:\Program Files\SmartSaver+ 3\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-11.exe =>PUP.CrossRider^C:\Program Files\SmartSaver+ 3\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-2.exe =>PUP.CrossRider^C:\Program Files\SmartSaver+ 3\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-3.exe =>PUP.CrossRider^C:\Program Files\SmartSaver+ 3\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-4.exe =>PUP.CrossRider^C:\Program Files\SmartSaver+ 3\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5.exe =>PUP.CrossRider^C:\Program Files\Flowsurf\fsupd.exe =>PUP.FlowSurf^C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-1.job =>PUP.CrossRider^C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-1 =>PUP.CrossRider^C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-11.job =>PUP.CrossRider^C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-11 =>PUP.CrossRider^C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-2.job =>PUP.CrossRider^C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-2 =>PUP.CrossRider^C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-3.job =>PUP.CrossRider^C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-3 =>PUP.CrossRider^C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-4.job =>PUP.CrossRider^C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-4 =>PUP.CrossRider^C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5.job =>PUP.CrossRider^C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5 =>PUP.CrossRider^C:\Windows\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5_user.job =>PUP.CrossRider^C:\Windows\System32\Tasks\0d5e438e-eb9f-4ae3-b34b-343a750e00ef-5_user =>PUP.CrossRider^[HKCU\Software\Conduit] =>Toolbar.Conduit^[HKCU\Software\Deeal] =>PUP.DeealFr^[HKCU\Software\Flowsurf] =>PUP.FlowSurf^[HKCU\Software\SaveSenseLive] =>PUP.SaveSense^[HKCU\Software\SaveSense] =>PUP.SaveSense^[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^[HKCU\Software\Vittalia] =>PUP.Vittalia^[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^[HKCU\Software\trolatunt] =>PUP.Trolatunt^[HKLM\Software\Conduit] =>Toolbar.Conduit^[HKLM\Software\SmartSaver+ 3] =>PUP.CrossRider^[HKLM\Software\Wpm] =>PUP.WpManager^[HKLM\Software\free_soft_to_day] =>Adware.FreeSoftToday^[HKLM\Software\supTab] =>PUP.SupTab^[HKLM\Software\supWPM] =>PUP.WpManager^[HKLM\Software\trolatunt] =>PUP.Trolatunt^[HKCR\CLSID\{22222222-2222-2222-2222-220422892222}] (CrossriderApp0048922.Sandbox) =>PUP.CrossRider^[HKCR\CLSID\{62BDF561-544F-0937-7D21-C450F5344E86}] (SaveClicker) =>PUP.SaveClicker^[HKCR\CLSID\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}] (FlowSurf) =>PUP.FlowSurf^C:\Users\sebastien\AppData\Local\TempskF766.exe =>Toolbar.ConduitC:\Users\sebastien\AppData\Local\Temp\Umbrella.exe9efbbcd =>Adware.IMBoosterC:\Users\sebastien\AppData\Local\Temp\~sp16C3.tmp =>Adware.IMBooster~ Additionnel Scan: 264448 Items scanned in 00mn 50s---\\ Informations complémentaires sur les modules~ http://nicolascoolman.fr/r5-internet-ex ... ment-iepm/ =>.Internet Explorer, Proxy Management (R5)~ http://nicolascoolman.fr/o2-browser-hel ... avigateur/ =>.Browser Helper Objects de navigateur (O2)~ http://nicolascoolman.fr/o4-application ... -registre/ =>.Applications lancées au démarrage du système (O4)~ AMI: 3 Legitimates Filtered in 00mn 00s---\\ Récapitulatif des détections trouvées sur votre stationhttp://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbarhttp://nicolascoolman.fr/adware-freesofttoday =>Adware.FreeSoftTodayhttp://nicolascoolman.fr/pup-crossrider =>PUP.CrossRiderhttp://nicolascoolman.fr/pup-suptab =>PUP.SupTabhttp://nicolascoolman.fr/pup-melondrea =>PUP.Melondreahttp://nicolascoolman.fr/pup-wpmanager =>PUP.WpManagerhttp://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoohttp://nicolascoolman.fr/pup-dealio =>PUP.Dealiohttp://nicolascoolman.fr/pup-saveclicker =>PUP.SaveClickerhttp://nicolascoolman.fr/adware-boxore =>Adware.Boxorehttp://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduithttp://nicolascoolman.fr/adware-installcore =>Adware.InstallCorehttp://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaverhttp://nicolascoolman.fr/pup-savesense =>PUP.SaveSensehttp://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusivehttp://nicolascoolman.fr/pup-vittalia =>PUP.Vittaliahttp://nicolascoolman.fr/adware-imbooster =>Adware.IMBoosterhttp://nicolascoolman.fr/hijacker-qone8 =>Hijacker.Qone8http://nicolascoolman.fr/pup-bubbledock =>PUP.BubbleDockhttp://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtecthttp://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtectorhttp://nicolascoolman.fr/pup-v9software =>PUP.V9Softwarehttp://nicolascoolman.fr/adware-iwinarcade =>Adware.iWinArcadehttp://nicolascoolman.fr/adware-pricegong =>Adware.PriceGonghttp://nicolascoolman.fr/adware-predictad =>Adware.PredictAdhttp://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerProhttp://nicolascoolman.fr/adware-browsefox =>Adware.BrowseFoxhttp://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch~ MSI: 28 link(s) detected in 00mn 00s~ 840 Legitimates filtered by white listEnd of the scan (792 lines in 02mn 41s)(0)

[V-X]

Bonjour et Bienvenue sur forum.nicolascoolman.fr,Je suis AidenPierce et je vais te prendre en charge pour la désinfection de ton PC, prend connaissance de ce qui est indiqué ci-dessous:

1. Ne suis pas plusieurs procédures de désinfection sur différents forums, au risque d'endommager ton système d'exploitation.
2. Ne fais rien de ta propre initiative.
3. Marque cette page, afin que tu puisses répondre et voir mes réponses plus facilement,
4. Les outils que je te demanderai de télécharger devront être enregistrés sur ton bureau : aide en images(merci à  H.A.W.X).
5. Post tout les rapports en utilisant SOS-Upload Voir ici => Comment héberger un fichier sur SOSUpload ?Note: Clique sur "Comment héberger un fichier sur SOSUpload ?"

Si tu es d'accord avec ses quelques règles, fais ce qui suit:

• Clique droit sur le bouton "Démarrer"
• Dans le menu, clique sur "Programmes et fonctionnalités" (le premier en partant du haut)
• Désinstalle les programmes suivants:
  • Boxore
  • Toolbar.Conduit
  • Advanced System Protector
  • Optimizer Pro
• Clique sur Désinstaller pour chacun des programmes.

[hr]

• Désactive ton antivirus sinon l'outil ne pourra pas travailler convenablement.
• Télécharge AdsFix sur ton bureau.Note : Enregistrer votre travail avant de continuer !
• Lance AdsFix,
• Inscrit ton pays,
• Clique sur NettoyerNote : Patiente le temps du scan
• Laisse travailler l'outil même s'il te parait bloqué
• Si l'outil détecte un proxy que tu ne connais pas clic sur : "Supprimer le proxy"
• Héberge le rapport C:\AdsFix_date_heure.txt sur SOSUpload puis donne le lien obtenu.

Aide:

• Tutoriel AdsFix - Option "Nettoyage"
• Désactiver temporairement sa protection résidentielle

++

[sangochipsyaya]

salut et merci pour ton aide ,juste quelque précision , j ai effectuer les ZHCfix ainsi que le ZHCcleaner, donc veux tu que je refasse un ZHCdiag pour être plus précis ou alors que je te fournisse les rapport.il m est aussi impossible de télécharger ads fix il me signale un Pb di Windows qui le retrouve pas dans user sebastien destkoc...autrement pour le reste c 'est tout désinstaller .merci

[V-X]

Re,Pas besoin d'autres rapport ZHPDiag ou autres, ton PC est très infectés.Désactive ton antivirus avant le téléchargement.essaie de nouveau AdsFix. Comme tu es sous Windows 8, il ce peut très certainement que le Smartscreen te dise de ne pas utiliser ce logiciel, enfin tu connais la musique du fait de l'utilisation de ZHPDiag, donc fais cela et reviens me poster le rapport d'AdsFix.++

[sangochipsyaya]

et voila ci joint le rapport :http://upload.sosvirus.net/www/?a=d&i=7SyF9Wwbon

[V-X]

Re,

• Clique droit sur le bouton "Démarrer"
• Dans le menu, clique sur "Programmes et fonctionnalités" (le premier en partant du haut)
• Désinstalle les programmes suivants:
  • Spyware Terminator => Sert à  rien.
• Clique sur Désinstaller pour chacun des programmes.

[hr]

• Télécharge Adwcleaner (de Xplode) sur ton Bureau !

Info : Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

1. Choisis l'option Scanner
2. Accepte l'avertissement en cliquant sur OK
3. Accepte les avertissements/informations en cliquant sur OK
4. Héberge le rapport C:\AdwCleaner\AdwCleaner[R0].txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

• Aide : Tutoriel ADWCleaner

+

[sangochipsyaya]

bonjour,les opérations son effectuées , ci joint le rapport :http://upload.sosvirus.net/www/?a=d&i=vpyKsE3baJ

[V-X]

Re,

• Clique sur l'icône d'ADWCleaner présent sur ton Bureau !
• /!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  1. Choisis l'option Scanner
  2. Choisis l'option Nettoyer
• Accepte l'avertissement en cliquant sur OK
• Accepte les avertissements/informations en cliquant sur OK
• Le programme va redémarrer ton PC,
• Héberge le rapport C:\AdwCleaner\AdwCleaner[S0].txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

• Aide : Tutoriel ADWCleaner

++

[sangochipsyaya]

voici le rapport apres nettoyage :http://upload.sosvirus.net/www/?a=d&i=SmHEHyXqJD

[V-X]

Re,

• Télécharge MalwareBytes
• Procède à  l'installation de celui à§i Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware Premium"
• Sur la fenêtre principal de malwarebytes, dans la partie "Database Version"
• Clique sur Update Now (la mise à  jour ce fait)
• Clique sur Setting
• Choisis la langue "Franà§ais"
• Dans le menu à  gauche, clique sur "Détection et Protection"
• Dans la partie "options de détection" coche la case "Recherche de Rootkits"
• Clique sur Examen (en haut)
• Sélectionne Examen "Menaces"
• Clique sur Examiner maintenant
• Si une mise à  jour est signalée clique sur Mettre à  jour maintenant puis patiente durant l'examen
• Une fois l'examen terminé, veille à  ce que l'action Quarantaine soit sélectionnée pour tous les éléments détectés.
• Clique sur "Appliquer les actions". S'il tes demandés de redémarrer le PC, fais-le.
• Dans l'onglet Examen, clique sur Exporter le journal => Fichier texte (txt). Sinon, va dans l'onglet Historique puis Journaux de l'application => coche la case a côté de "Journal d'examen" => "Afficher" => en bas de la fenêtre clique sur "Exporter" et choisis le format Texte (.txt).
• Héberge le rapport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

• Aide : Tutoriel Malwarebytes Anti-Malware

+