coupon drop down

bronx07 · par **bronx07** » 11 août 2013 08:54

Bonjour,

merci a vous d'aider les noobs come moi.
Voici les rapports (adw, zhp,mbr)

# AdwCleaner v2.306 - Rapport créé le 11/08/2013 à 07:50:59
# Mis à jour le 19/07/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : raphael - RAPHAEL-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\raphael\Downloads\adwcleaner.exe
# Option [Suppression]

***** [Services] *****

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\ProgramData\eSafe
Dossier Supprimé : C:\Users\raphael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Dossier Supprimé : C:\Users\raphael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Dossier Supprimé : C:\Users\raphael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Dossier Supprimé : C:\Users\raphael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Dossier Supprimé : C:\Users\raphael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Dossier Supprimé : C:\Users\raphael\AppData\Roaming\eIntaller
Dossier Supprimé : C:\Users\raphael\AppData\Roaming\Mozilla\Firefox\Profiles\xxrd5wzy.default\jetpack
Fichier Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Fichier Désinfecté : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Fichier Désinfecté : C:\Users\raphael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Fichier Désinfecté : C:\Users\raphael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
Fichier Désinfecté : C:\Users\raphael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Fichier Désinfecté : C:\Users\raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Fichier Désinfecté : C:\Users\raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Fichier Supprimé : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml

***** [Registre] *****

Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}
Clé Supprimée : HKCU\Software\Tutorials
Clé Supprimée : HKCU\Software\TutoTag
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : HKLM\Software\eSafeSecControl
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Clé Supprimée : HKLM\Software\qvo6Software
Clé Supprimée : HKLM\Software\Tutorials
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : HKLM\SOFTWARE\Tarma Installer
Donnée Supprimée : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=c ... 1376169641
Donnée Supprimée : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=c ... 1376169641
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [tuto4pc_fr_53]

***** [Navigateurs] *****

-\\ Internet Explorer v10.0.9200.16635

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=c ... 1376169641 --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=c ... 1376169641 --> hxxp://www.google.com
Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=c ... 1376169641 --> hxxp://www.google.com
Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=c ... 1376169641 --> hxxp://www.google.com
Remplacé : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=c ... 1376169641 --> hxxp://www.google.com
Remplacé : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=c ... 1376169641 --> hxxp://www.google.com

-\\ Mozilla Firefox v23.0 (en-US)

Fichier : C:\Users\raphael\AppData\Roaming\Mozilla\Firefox\Profiles\xxrd5wzy.default\prefs.js

C:\Users\raphael\AppData\Roaming\Mozilla\Firefox\Profiles\xxrd5wzy.default\user.js ... Supprimé !

Supprimée : user_pref("browser.search.defaultenginename", "qvo6");
Supprimée : user_pref("browser.search.order.1", "qvo6");
Supprimée : user_pref("browser.search.selectedEngine", "qvo6");

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\raphael\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [35881 octets] - [09/08/2013 23:21:09]
AdwCleaner[S1].txt - [36243 octets] - [09/08/2013 23:24:24]
AdwCleaner[S2].txt - [366 octets] - [11/08/2013 07:47:03]
AdwCleaner[S3].txt - [6171 octets] - [11/08/2013 07:50:59]

########## EOF - C:\AdwCleaner[S3].txt - [6231 octets] ##########

Rapport de ZHPDiag v2013.8.10.15 par Nicolas Coolman, Update du 10/08/2013
Run by raphael at 11/08/2013 07:44:19
WebSite: http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program

---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16635
MFIE: Mozilla Firefox 23.0 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0
Windows Defender W7

---\\ System Optimizer

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25

---\\ System Information
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3958 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 154 GB (54%) free of 285 GB

---\\ Logged in mode
~ Computer Name: RAPHAEL-PC
~ User Name: raphael
~ All Users Names: raphael, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\raphael\AppData\Roaming\
~ %Desktop% : C:\Users\raphael\Desktop\
~ %Favorites% : C:\Users\raphael\Favorites\
~ %LocalAppData% : C:\Users\raphael\AppData\Local\
~ %StartMenu% : C:\Users\raphael\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 154 Go of 285 Go)
D:\ CD-ROM drive (Not Inserted)

---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 29 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/06/2013 - 00:26:20.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/38
~ Mes musiques (My Musics) : 1/28
~ Mes Favoris (My Favorites) : 1/51
~ Mes Documents (My Documents) : 2/283
~ Mon Bureau (My Desktop) : 1/50719
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 01mn 02s

---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2960]
[MD5.17C5E2A94AA1B42D499A5396D67E0B61] - (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe [206208] [PID.3228]
[MD5.AB8420D9EFF346DDD72E9C985BE2FC5B] - (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248] [PID.3828]
[MD5.254E0CCB24D8E48479A8A387C77CA356] - (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072] [PID.2812]
[MD5.2240A1A5973B31F9D050C137BD5794EA] - (.Matsushita Electric Industrial Co., Ltd. - PHOTOfunSTUDIO.) -- C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [40960] [PID.3488]
[MD5.14AB31B4F673A3AF348A40B20BB2F587] - (...) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe [70832] [PID.3660]
[MD5.2782D83D9B1071E28E2A4D9C6F5307C6] - (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608] [PID.2144]
[MD5.B283F9A1DEABD43ACC7481F893CF21E9] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [908368] [PID.3920]
[MD5.9ECF375A6E4E74D056F4B54E76D58721] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.3756]
[MD5.1568FF282E268082C67CF0C3EBCC9179] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320] [PID.3212]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.3592]
[MD5.5AAA9F136A6DEC2992529F5258AE4F54] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [298064] [PID.3924]
[MD5.A60BCC497F3AED8F9D86FD80B749B34A] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe [2727936] [PID.5248]
[MD5.A6FE3BD4E3FC9C5583C92DF311A9C258] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [276376] [PID.6040]
[MD5.254F08C0E70104FDFD72E58437CB4690] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.4172]
[MD5.60B241EFB669D286C9BF636A0334B3BA] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe [1855880] [PID.5968]
[MD5.D8DBE084F97536D7FDE2EE9B4574FB23] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7691264] [PID.5340]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1744]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1868]
[MD5.E2B2853A0210D6EDAB2261870BD80C1A] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [312400] [PID.1912]
[MD5.2973B4EB7BE10A0D491B2037DCAAE88F] - (.Garmin Ltd or its subsidiaries - Garmin Core Update Service.) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688] [PID.2028]
[MD5.0191DEE9B9EB7902AF2CF4F67301095D] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584] [PID.360]
[MD5.DBC1136A62BD4DECC3632DF650284C2E] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.1888]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1220]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1164]
[MD5.5B3CE960C62DBE864BE9A0BD043A3E30] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368] [PID.1312]
[MD5.B5071E15D4C3F5EF5018AFF7E85A85E5] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 SchedulerSvc NT Service.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640] [PID.1452]
[MD5.57DDE1395F86EE048AB25717EEB8CAEB] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [4150112] [PID.2124]
[MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232] [PID.2216]
[MD5.6B24D1C3096DE796D15571079EA5E98C] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.3272]
[MD5.7466809E6DA561D60C2F1CE8EDE3C73F] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.2356]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\raphael\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [okkbcpjgdooahcefofhjdpacngfecaaa] Lyrics-Fan v.1.126 (Activé) =>Adware.AddLyrics
~ Google Browser: 1 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\raphael\AppData\Roaming\Mozilla\Firefox\Profiles\xxrd5wzy.default\prefs.js
C:\Users\raphael\AppData\Roaming\Mozilla\Firefox\Profiles\xxrd5wzy.default\user.js
M3 - MFPP: Plugins - [raphael] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml =>Hijacker.Qvo6
M2 - MFEP: prefs.js [raphael - xxrd5wzy.default\[email protected]] [] HolaSearch v1.6.0 (..) =>Hijacker.HolaSearch
P2 - FPN: [HKCU] [mychic.com/VimGlasses] - (.Mychic - VimGlasses.) -- C:\Windows\system32\npVimGlasses.dll (.not file.)
~ Firefox Browser: 27 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com =>Hijacker.Qvo6
R3 - URLSearchHook: (no name) [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
~ IE Browser: 19 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: ToolbarOrange.InitToolbarBHO [64Bits] - {1d970ed5-3eda-438d-bffd-715931e2775b} . (...) -- mscoree.dll (.not file.)
O2 - BHO: (no name) [64Bits] - {887cdc33-0de3-4fd5-a5d3-eccd4b4b396c} Clé orpheline
O2 - BHO: (no name) [64Bits] - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} Clé orpheline
~ BHO: 7 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} Clé orpheline
O3 - Toolbar: (no name) [64Bits] - [HKLM]{735abc4c-9266-4008-9ef6-bc60be8de31f} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (.not file.)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [PLFSetI] . (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
O4 - HKCU\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\raphael\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [NPSStartup] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [tuto4pc_fr_53] Clé orpheline =>PUP.Eorezo
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3380921242-2967815541-1606580346-1000\..\Run: [AdobeBridge] Clé orpheline
O4 - HKUS\S-1-5-21-3380921242-2967815541-1606580346-1000\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKUS\S-1-5-21-3380921242-2967815541-1606580346-1000\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKUS\S-1-5-21-3380921242-2967815541-1606580346-1000\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
O4 - HKUS\S-1-5-21-3380921242-2967815541-1606580346-1000\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\raphael\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
~ Application: Scanned in 00mn 00s

---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\TaskBar: Welcome Center.lnk . (.Acer Incorporated - Welcome Center.) -- C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
O4 - GS\QuickLaunch: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
O4 - GS\QuickLaunch: QuickTime Player.lnk . (...) -- C:\Windows\Installer\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}\QTPlayer.ico
O4 - GS\QuickLaunch: tooxmessenger.lnk . (...) -- C:\Users\raphael\Desktop\Toox\tooxmessenger\tooxmessenger.exe (.not file.)
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\Desktop: Téléchargements - Raccourci.lnk . (...) -- C:\Users\raphael\Downloads
~ Global Startup: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D705E5A0-537C-474E-854B-951836D5CD94}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D705E5A0-537C-474E-854B-951836D5CD94}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CD032D1D-4C9C-4791-AB69-47E00DE31E9C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D705E5A0-537C-474E-854B-951836D5CD94}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [{33A6BDC7-CAA8-48F2-A827-9C6C0E0A4735}] (...) -- C:\Users\raphael\Desktop\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7D742185-37B1-461D-9BC6-98024D70B5ED}] (...) -- C:\Users\raphael\Downloads\okconcours.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{813F9E8B-B562-44E8-AFB9-6D5986E3A2ED}] (...) -- C:\Users\raphael\Desktop\Downloads\PDNInstallTrial500260.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FBE12C12-3397-4F51-AE8E-BC46DC435BA1}] (...) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\GUninstaller.exe (.not file.) [0] =>Toolbar.Babylon
~ Scheduled Task: 15 Legitimates Filtered in 00mn 03s

---\\ Logiciels installés (O42)
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr
~ Logic: 132 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Lyrics_Fan] =>Adware.AddLyrics
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Qtrax]
[HKCU\Software\SHFPKAUHGB]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\TutoTag] =>Spyware.AgenceExcusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExcusive
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\TUTO_4PC]
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExcusive
[HKLM\Software\Wow6432Node\eSafeSecControl] =>PUP.eSafeSecurity
~ Key Software: 229 Legitimates Filtered in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/12/2012 - 01:39:17 - [115,447] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 10/08/2013 - 23:37:42 - [0,001] ----D C:\ProgramData\eSafe
O43 - CFD: 10/08/2013 - 23:19:48 - [0,764] ----D C:\Users\raphael\AppData\Roaming\eIntaller
O43 - CFD: 17/01/2013 - 14:09:55 - [0,108] ----D C:\Users\raphael\AppData\Roaming\Shareaza
O43 - CFD: 25/02/2013 - 22:37:29 - [6,872] ----D C:\Users\raphael\AppData\Local\PokerStars.FR
O43 - CFD: 07/05/2011 - 09:20:52 - [826,602] ----D C:\Users\raphael\AppData\Local\Shareaza
O43 - CFD: 21/10/2012 - 00:44:22 - [0,004] ----D C:\Users\raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TooX messenger
~ Program Folder: 197 Legitimates Filtered in 01mn 01s

---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{33fcfd7b-5903-11e2-8d38-88ae1d00d2d2}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.0D0E5281784C2C526BA43C2ECD374288] - 18/09/2006 - 08:50:10 ---A- . (.Arcsoft, Inc. - Arcsoft(R) ASPI Shell.) -- C:\Windows\SysWOW64\drivers\afc.sys [22784]
O58 - SDL:[MD5.354585D8E53F2FF9B8AD5E1E2EF68CEF] - 07/03/2005 - 19:44:16 ---A- . (.Matsushita Electric Industrial Co., Ltd. - Phoebe Photo Distribution Manager.) -- C:\Windows\SysWOW64\PhDi2.sys [45056]
~ Drivers: Scanned in 00mn 00s

---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s

---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.qvo6.com =>Hijacker.Qvo6
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
~ Keys: Scanned in 00mn 00s

---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (qvo6) - http://search.qvo6.com =>Hijacker.Qvo6
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s

---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.6ACBD475647D7A160657CB3E460F0F35] [SPRF][27/01/2010] (...) -- C:\ProgramData\FullRemove.exe [131472]
[MD5.B12A1BD0D64DDFFD0F437BEF6A75873D] [SPRF][29/11/2012] (...) -- C:\Users\raphael\AppData\Local\Temp\37909-666607-adobe-indesign.exe [2500792]
[MD5.EB8A9ABDFF6422B9B65750AC05CC3C67] [SPRF][20/10/2012] (.Setup © - Setup.) -- C:\Users\raphael\AppData\Local\Temp\75470uninstall.exe [397312]
[MD5.885E9EB42889CA547F4E3515DCDE5D3D] [SPRF][14/05/2006] (...) -- C:\Users\raphael\AppData\Local\Temp\7za.exe [476672]
[MD5.F608E124FDC5E74A433F0B9675E5E9B5] [SPRF][01/07/2013] (.McAfee, Inc. - McAfee Scanner Content Installer.) -- C:\Users\raphael\AppData\Local\Temp\contentDATs.exe [1152168]
[MD5.2CE6EEF84B7F306858C23000F017E2A0] [SPRF][19/03/2012] (...) -- C:\Users\raphael\AppData\Local\Temp\Extract.bat [80]
[MD5.96FADF615E90F369FD4D0799B7453A16] [SPRF][20/04/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.2 r159.) -- C:\Users\raphael\AppData\Local\Temp\FlashPlayerUpdate.exe [2871968]
[MD5.2DA5A2636395C8CD35227C4C8F86B61E] [SPRF][30/09/2010] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.1 r85.) -- C:\Users\raphael\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe [2788816]
[MD5.0DCB060AEA810DFC8A2DBFC84714F0BE] [SPRF][15/02/2013] (.Nosibay - Bubble Dock installer.) -- C:\Users\raphael\AppData\Local\Temp\Install_BubbleDock.exe [365152] =>Toolbar.BubbleDock
[MD5.1F6696D7A092D1F985202A9C9B1D8FBE] [SPRF][29/11/2012] (...) -- C:\Users\raphael\AppData\Local\Temp\instloffer.exe [69328]
[MD5.676A86173A1FE2698C6F049D74DC6EB2] [SPRF][16/09/2010] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe [875296]
[MD5.34908E446D09432BD17830458D242BD2] [SPRF][24/11/2010] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe [884512]
[MD5.A8D666FCE8EFD0788FA0DF14FB3491B4] [SPRF][10/02/2011] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe [885536]
[MD5.67DC0277321064080BAD0E9E3BC3CBAB] [SPRF][05/05/2011] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe [901408]
[MD5.822AD0D91D012B82E26D1F1BFA286AC6] [SPRF][14/11/2011] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe [909088]
[MD5.EE622B2CD2D3C5CD950D49BD1708A9D4] [SPRF][20/02/2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe [909600]
[MD5.107167F15D30AA71D7CAFC0326AFB315] [SPRF][08/06/2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe [909104]
[MD5.8E51D3D38A26EEAC819974C9295AF35F] [SPRF][29/08/2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe [908272]
[MD5.A85E2E0AF857692F2811073311695A8B] [SPRF][26/10/2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe [912368]
[MD5.C6AA274F69EBDD86F75B7E3E4FA58AF4] [SPRF][31/01/2013] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe [915376]
[MD5.6C137D2BEF3CDD43F3AE2FD6705B9FED] [SPRF][05/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe [904104]
[MD5.B1957B038895642DF9F662326E7D4DDC] [SPRF][22/06/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\raphael\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe [903080]
[MD5.64AA04695E70BA743150B36C98C61181] [SPRF][12/11/2012] (...) -- C:\Users\raphael\AppData\Local\Temp\MyClaroTB.exe [887960]
[MD5.8B09F643B2225E59CBD0CCF6E220B6DD] [SPRF][01/11/2011] (.Macrovision Corporation - Setup.exe.) -- C:\Users\raphael\AppData\Local\Temp\PDNISInstall.exe [15417600]
[MD5.514B4609AD18D73CC06AF6F00E08E9C8] [SPRF][10/05/2012] (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r52.) -- C:\Users\raphael\AppData\Local\Temp\push.exe [5203150]
[MD5.D3E007FBC92173642415D33A0CD83D18] [SPRF][29/09/2010] (.Google Inc. - GoogleToolbarNotifier.) -- C:\Users\raphael\AppData\Local\Temp\SearchWithGoogleUpdate.exe [426552]
[MD5.08F0A96A9E4C5218E384F51BBB698DF4] [SPRF][01/07/2013] (.McAfee, Inc. - McAfee Security Scan Plus Installer.) -- C:\Users\raphael\AppData\Local\Temp\SecurityScan_Release.exe [3793216]
[MD5.30121ED367FD3BB10B83D764523DCDA9] [SPRF][15/05/2012] (...) -- C:\Users\raphael\AppData\Local\Temp\Setup.exe [816584]
[MD5.73406FA9287B36CA4163797C73A2CD04] [SPRF][16/07/2012] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\raphael\AppData\Local\Temp\tbuTo0.dll [4451144] =>Toolbar.Conduit
[MD5.2D2894581D355D5F44EAE38898A66846] [SPRF][01/01/2012] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\raphael\AppData\Local\Temp\tbuTor.dll [4398888] =>Toolbar.Conduit
[MD5.AE5BD330CCA60544A36A65944A14269F] [SPRF][05/05/2013] (.Garmin Ltd or its subsidiaries - Garmin Express.) -- C:\Users\raphael\AppData\Local\Temp\tmp903D.exe [12871152]
[MD5.B0F6507F8666E89DD9F192313D88EB98] [SPRF][16/06/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\raphael\AppData\Local\Temp\uninst1.exe [389632] =>Toolbar.Babylon
[MD5.01972DBF0D30352937648788576A18C5] [SPRF][24/05/2013] (.WebToGo Mobiles Internet GmbH - RIM Uninstaller.) -- C:\Users\raphael\AppData\Local\Temp\Uninstaller.exe [437192]
[MD5.5AF4E2BF82DE78CCA0C465960DE345AE] [SPRF][16/01/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\raphael\AppData\Local\Temp\UpdateCheckerSetup.exe [295360] =>Adware.MegaSearch
[MD5.CBF9C44A4C35599989CA8BDA97DDC586] [SPRF][11/06/2013] (...) -- C:\Users\raphael\AppData\Local\Temp\utt2465.tmp.bat [77]
[MD5.E6B7F4AF3195C279C36096997BCC705D] [SPRF][09/05/2013] (...) -- C:\Users\raphael\AppData\Local\Temp\utt29B2.tmp.bat [97]
[MD5.E6B7F4AF3195C279C36096997BCC705D] [SPRF][09/05/2013] (...) -- C:\Users\raphael\AppData\Local\Temp\utt2A10.tmp.bat [97]
[MD5.72614747124808E7973C3D83E1D23F3F] [SPRF][06/04/2012] (...) -- C:\Users\raphael\AppData\Local\Temp\utt85C2.tmp.exe [5175808]
[MD5.F4816968BCC814BD437163CE674B5F11] [SPRF][08/05/2012] (...) -- C:\Users\raphael\AppData\Local\Temp\uttD21D.tmp.bat [73]
[MD5.C4E0BE3BC31C516BFF9FB1C205C8F3D4] [SPRF][13/05/2012] (...) -- C:\Users\raphael\AppData\Local\Temp\uttEEC7.tmp.bat [73]
[MD5.C4E0BE3BC31C516BFF9FB1C205C8F3D4] [SPRF][13/05/2012] (...) -- C:\Users\raphael\AppData\Local\Temp\uttEEF6.tmp.bat [73]
[MD5.B936F0F378B9A35489353E878154E899] [SPRF][26/01/2012] (.Microsoft Corporation - Microsoft Visual C++ 2008 Redistributable Setup.) -- C:\Users\raphael\AppData\Local\Temp\vcredist_x86.exe [1821192]
[MD5.69D2894206516657B7A06EEEA5B917E5] [SPRF][16/01/2013] (...) -- C:\Users\raphael\AppData\Local\Temp\vlc-2.0.2-win32.exe [22630361]
[MD5.E563A65BAEA25CEF8F49FB0228CB8555] [SPRF][16/01/2013] (...) -- C:\Users\raphael\AppData\Local\Temp\vlc-2.0.5-win32.exe [22916830]
[MD5.00708D6A11075589040C4AEEE65A4184] [SPRF][19/05/2012] (.Webplayer Toolbar - Webplayer Toolbar Setup.) -- C:\Users\raphael\AppData\Local\Temp\WebplayerToolbar.exe [1385136] =>Adware.SocialSkinz
[MD5.48A2AFEB63131A434BCC00335E656A0F] [SPRF][04/09/2012] (.Yahoo! Inc. - Yahoo! Toolbar Detecter Setup.) -- C:\Users\raphael\AppData\Local\Temp\ydetect.exe [79024] =>Toolbar.Yahoo
[MD5.FBAB280D0CAC5E21C72F0A1A7B5B9608] [SPRF][22/06/2007] (.Macrovision Corporation - Setup.exe.) -- C:\Users\raphael\AppData\Local\Temp\_is9830.exe [455600]
[MD5.A205551E7BA8580D2C0FF896A4D79FA9] [SPRF][31/08/2007] (.Macrovision Corporation - Setup.exe.) -- C:\Users\raphael\AppData\Local\Temp\_is9B46.exe [460248]
[MD5.1108B166160D6023AF76435B074052B6] [SPRF][05/04/2007] (.Macrovision Corporation - Setup.exe.) -- C:\Users\raphael\AppData\Local\Temp\_isA5A8.exe [455600]
~ Files: Scanned in 00mn 30s

---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{F00DE50B-D118-4F31-B20A-4AFD4A71BF43}C:\program files (x86)\shareaza\shareaza.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\shareaza\shareaza.exe (.not file.)
O87 - FAEL: "UDP Query User{53E992ED-6D54-422F-B4DF-F52853771DB1}C:\program files (x86)\shareaza\shareaza.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\shareaza\shareaza.exe (.not file.)
O87 - FAEL: "TCP Query User{28CA5E46-8CE6-4879-AFA4-509C1F223222}C:\program files (x86)\3m\pdnotes\pdnotes.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\3m\pdnotes\pdnotes.exe (.not file.)
O87 - FAEL: "UDP Query User{E3FD0F00-F557-40F0-BDE4-528D2EF56F57}C:\program files (x86)\3m\pdnotes\pdnotes.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\3m\pdnotes\pdnotes.exe (.not file.)
~ Firewall: 233 Legitimates Filtered in 00mn 01s

---\\ Windows Installer Scan (O93) (NTFS)
[MD5.AD9193D6E6486500DE761B70356FB56A] [WIS][12/07/2013] (.Google - Google Earth.) -- C:\Windows\Installer\125eb9c.msi [1319936]
[MD5.F978A143AAEB737FB867DC6D9F9F7060] [WIS][24/06/2010] (.Intel - Intel(R) Turbo Boost Technology Monitor.) -- C:\Windows\Installer\2c98a.msi [9069056]
[MD5.29D99CBFBB1AFC647AE7ED492BF84CEC] [WIS][28/01/2010] (.ATI Technologies, Inc. - ATI Catalyst Install Manager Installer (64 bit).) -- C:\Windows\Installer\30665.msi [6667264]
[MD5.F02CEB0F4B11AE653D77F610A637C9F3] [WIS][07/01/2010] (.ATI - Branding.) -- C:\Windows\Installer\3066a.msi [392192]
[MD5.C8786B9B24AF5D759FB6032256663BB3] [WIS][17/12/2009] (.SEIKO EPSON CORPORATION - Epson Event Manager.) -- C:\Windows\Installer\5499e9.msi [24360960]
~ WIS: 126 Legitimates Filtered in 00mn 21s

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 11/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 22/01/2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 08/04/2010 312400 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 23/04/2010 867360 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 14/09/2009 166400 | (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.exe
SR - | Auto 14/09/2009 128512 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.exe
SR - | Auto 27/03/2013 185688 | (Garmin Core Update Service) . (.Garmin Ltd or its subsidiaries.) - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
SR - | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SS - | Auto 29/09/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/09/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 13/04/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 18/03/2010 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 07/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 09/03/2010 250368 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
SS - | Demand 06/11/2009 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
SR - | Auto 06/11/2009 144640 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SR - | Auto 13/06/2013 4150112 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SS - | Demand 02/11/2009 126352 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Auto 18/03/2010 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 23s

---\\ Scan Additionnel (O88)
Database Version : v2.12849 - (10/08/2013)
Clés trouvées (Keys found) : 21
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 7
Fichiers trouvés (Files found) : 22

[HKLM\Software\Google\Chrome\Extensions\okkbcpjgdooahcefofhjdpacngfecaaa] =>Adware.AddLyrics^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\qvo6Software] =>Hijacker.Qvo6
[HKLM\Software\Wow6432Node\eSafeSecControl] =>PUP.eSafeSecurity
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32] =>Adware.WebCake
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS] =>Adware.WebCake
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:tuto4pc_fr_53 =>PUP.Eorezo^
C:\Users\raphael\AppData\Roaming\Mozilla\Firefox\Profiles\xxrd5wzy.default\[email protected] =>Hijacker.HolaSearch^
C:\ProgramData\Software =>Adware.Boxore
C:\Users\raphael\AppData\Roaming\eIntaller =>PUP.eSafeSecurity
C:\Users\raphael\AppData\Local\Software =>Adware.Boxore
C:\Users\raphael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch
C:\Users\raphael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp =>Toolbar.Wajam
C:\Users\raphael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla =>Hijacker.HolaSearch
C:\Users\raphael\AppData\Local\Google\Chrome\User Data\Default\Extensions\okkbcpjgdooahcefofhjdpacngfecaaa =>Adware.AddLyrics^
C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml =>Hijacker.Qvo6^
[HKCU\Software\AppDataLow\Software\Lyrics_Fan] =>Adware.AddLyrics^
[HKCU\Software\TutoTag] =>Spyware.AgenceExcusive^
C:\Users\raphael\AppData\Local\Temp\Install_BubbleDock.exe =>Toolbar.BubbleDock^
C:\Users\raphael\AppData\Local\Temp\tbuTo0.dll =>Toolbar.Conduit^
C:\Users\raphael\AppData\Local\Temp\tbuTor.dll =>Toolbar.Conduit^
C:\Users\raphael\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
C:\Users\raphael\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch^
C:\Users\raphael\AppData\Local\Temp\WebplayerToolbar.exe =>Adware.SocialSkinz^
C:\Users\raphael\AppData\Local\Temp\ydetect.exe =>Toolbar.Yahoo^
C:\Users\raphael\AppData\Local\Temp\instloffer.exe =>PUP.OfferBox
C:\Users\raphael\AppData\Local\Temp\square_babylon.bmp =>PUP.SweetIM
C:\Users\raphael\AppData\Local\Temp\square_babylonv2.bmp =>PUP.SweetIM
C:\Users\raphael\AppData\Local\Temp\square_babylonv3.bmp =>PUP.SweetIM
C:\Users\raphael\AppData\Local\Temp\MyClaroTB.exe =>PUP.ClaroSearch
C:\Users\raphael\AppData\Local\Temp\square_lollipop.bmp =>Adware.Lollipop
C:\Users\raphael\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
~ Additionnel Scan: 339951 Items scanned in 00mn 43s

---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... -addlyrics =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blo ... acker-qvo6 =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blo ... holasearch =>Hijacker.HolaSearch
~ http://nicolascoolman.webs.com/apps/blo ... pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blo ... up-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blo ... ar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blo ... nstallcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blo ... up-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blo ... lbar-tarma =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blo ... fesecurity =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blo ... bubbledock =>Toolbar.BubbleDock
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... megasearch =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blo ... ocialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blo ... lbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blo ... v9software =>PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blo ... eexclusive =>Spyware.AgenceExclusive
~ http://nicolascoolman.webs.com/apps/blo ... re-webcake =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blo ... are-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blo ... eltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blo ... lbar-wajam =>Toolbar.Wajam
~ http://nicolascoolman.webs.com/apps/blo ... p-offerbox =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blo ... larosearch =>PUP.ClaroSearch
~ http://nicolascoolman.webs.com/apps/blo ... e-lollipop =>Adware.Lollipop
~ MSI: 24 link(s) detected in 00mn 43s

~ 1193 Legitimates filtered by white list
End of the scan (584 lines in 04mn 22s)(0)

Revenir à l'édition

par **Malekal_morte** » 11 août 2013 10:45

Salut,

Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/2010/11/12/tutorial-otl/

* Télécharge http://oldtimer.geekstogo.com/OTL.exe sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%windir%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
services.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
CREATERESTOREPOINT
nslookup http://www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

* Clique sur le bouton Analyse.

* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
Je répète : donne le lien du rapport pjjoint ici dans un nouveau message.

<gras>NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE</gras>

Malekal.com forum

coupon drop down

coupon drop down

Re: coupon drop down