Possible infection - Portable HP G72 Windows 7 64 Familiale

[bouna]

Bonjour,
Je viens d’hériter d’un nouvel ordi Portable HP G72 avec Win 7 64 Edition familiale et 3 Go de Ram..mais très très lent comme un très très vieux limaçon très très fatigué !

Et pour cause...le rapport d’Awcleaner ci-joint est long...comme au moins deux bras !!


J’ai tout supprimé mais il est presque toujours aussi lent . Je fais quoi ? J'attends les consignes...

Merci


http://pjjoint.malekal.com/files.php?id ... 4p5h7h9n13

[Malekal_morte]

Salut,

Fais nettoyer sur AdwCleaner.


puis :

Suis le tutoriel FRST.
(et bien prendre le temps de lire afin d'appliquer correctement - tout y est expliqué).
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie, comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et en retour donne les trois liens pjjoint qui mènent à  ses rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.

[bouna]

Bonjour,

Voici comme demandé
Rapport FRST Lea http://pjjoint.malekal.com/files.php?id ... 10l11t7h10
Rapport Addition Lea http://pjjoint.malekal.com/files.php?id ... y6d6j10j14
Rapport Shortcut Lea http://pjjoint.malekal.com/files.php?id ... e7v7h9q9w8

Merci

[Malekal_morte]

Deux antivirus, Un est en trop.
Désinstalle Microsoft Security Essentials
Je te conseille aussi de désinstaller Spybot.

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

Voici la correction à  effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutorial-farbar ... -frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

S2 ClassKernelRecycle.exe; C:\Users\Léa\AppData\Local\ClassKernelRecycle\ClassKernelRecycle.exe [X]
S2 finderword_86.exe; C:\Users\Léa\AppData\Local\finderword_86\finderword_86.exe [X]
S2 GammaMethodRecycle.exe; C:\Users\Léa\AppData\Local\GammaMethodRecycle\GammaMethodRecycle.exe [X]
S2 scrollingplaysndsrvProvider.exe; C:\Users\Léa\AppData\Local\scrollingplaysndsrvProvider\scrollingplaysndsrvProvider.exe [X]
S2 Update Krab Web; C:\Program Files (x86)\Krab Web\updateKrabWeb.exe [X]
S2 Update ToggleMark; C:\Program Files (x86)\ToggleMark\updateToggleMark.exe [X]
S2 Util ToggleMark; C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe [X]
2015-07-28 14:53 - 2015-01-14 21:10 - 00000112 _____ C:\ProgramData\EYaodqR.dat
2015-07-28 17:05 - 2015-01-08 21:22 - 00000000 ____D C:\Users\Léa\AppData\Roaming\Compatibility Verifier
2015-07-28 17:01 - 2011-01-16 21:53 - 00000000 ____D C:\Users\Léa
2015-07-28 16:56 - 2015-01-09 21:55 - 00000000 ____D C:\Program Files (x86)\Flwsrf
2015-01-06 19:50 - 2015-01-06 19:50 - 0022528 _____ () C:\Users\Léa\AppData\Local\dsisetup26971942.exe
2012-02-22 01:38 - 2012-02-22 01:38 - 0005325 _____ () C:\Users\Léa\AppData\Local\JunkAtx18.bin
2012-02-21 14:01 - 2012-02-21 14:01 - 0000051 _____ () C:\Users\Léa\AppData\Local\Kosong.Bron.Tok.txt
2015-01-08 15:50 - 2015-01-08 15:50 - 0498688 _____ () C:\Users\Léa\AppData\Local\upd3640376.exe


Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur


puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
* Internet Explorer et modules complémentaires / moteurs de recherche : http://forum.malekal.com/
* Firefox : http://forum.malekal.com/firefox-extens ... 36057.html
* Google Chrome : http://forum.malekal.com/google-chrome- ... 35837.html

[bouna]

Bonjour, Malekal

Hier après midi, en attendant ta réponse, j’avais vu pour Spyboot et Microsoft essentiels et supprimé les deux.

Et j’ai eu un message d’Avast Internet Security que j’avais installé et qui avait detecté 2 Rookit : Krab et Tooglemark ; j’avais donc aussi supprimé ces deux bestioles...et aussi un certain nombres d’utilitaires HP inutiles...pour faire de la place...et aussi Ccleaner qui m’a libéré 3 Go ( !!!)...et supprimé Java...et mis à jour Flash Player...et installé 5 maj securité sur Win update... etc...

Concernant le Fix de FRST, il est donc normal qu’il indique « not found » pour Krab et Tooglemark.
En revanche, il n’a pas trouvé ClassKerne, Finderword, GammamethodeRecycle et ScrollingplaysndsrvProvider.exe. C’est embêtant ? Autre chose à faire ?

Voici le rapport Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Léa (2015-07-30 10:42:55) Run:1
Running from C:\Users\Léa\Desktop
Loaded Profiles: Léa (Available Profiles: Léa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
S2 ClassKernelRecycle.exe; C:\Users\Léa\AppData\Local\ClassKernelRecycle\ClassKernelRecycle.exe [X]
S2 finderword_86.exe; C:\Users\Léa\AppData\Local\finderword_86\finderword_86.exe [X]
S2 GammaMethodRecycle.exe; C:\Users\Léa\AppData\Local\GammaMethodRecycle\GammaMethodRecycle.exe [X]
S2 scrollingplaysndsrvProvider.exe; C:\Users\Léa\AppData\Local\scrollingplaysndsrvProvider\scrollingplaysndsrvProvider.exe [X]
S2 Update Krab Web; C:\Program Files (x86)\Krab Web\updateKrabWeb.exe [X]
S2 Update ToggleMark; C:\Program Files (x86)\ToggleMark\updateToggleMark.exe [X]
S2 Util ToggleMark; C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe [X]
2015-07-28 14:53 - 2015-01-14 21:10 - 00000112 _____ C:\ProgramData\EYaodqR.dat
2015-07-28 17:05 - 2015-01-08 21:22 - 00000000 ____D C:\Users\Léa\AppData\Roaming\Compatibility Verifier
2015-07-28 17:01 - 2011-01-16 21:53 - 00000000 ____D C:\Users\Léa
2015-07-28 16:56 - 2015-01-09 21:55 - 00000000 ____D C:\Program Files (x86)\Flwsrf
2015-01-06 19:50 - 2015-01-06 19:50 - 0022528 _____ () C:\Users\Léa\AppData\Local\dsisetup26971942.exe
2012-02-22 01:38 - 2012-02-22 01:38 - 0005325 _____ () C:\Users\Léa\AppData\Local\JunkAtx18.bin
2012-02-21 14:01 - 2012-02-21 14:01 - 0000051 _____ () C:\Users\Léa\AppData\Local\Kosong.Bron.Tok.txt
2015-01-08 15:50 - 2015-01-08 15:50 - 0498688 _____ () C:\Users\Léa\AppData\Local\upd3640376.exe

*****************

ClassKernelRecycle.exe => service not found.
finderword_86.exe => service not found.
GammaMethodRecycle.exe => service not found.
scrollingplaysndsrvProvider.exe => service not found.
Update Krab Web => service not found.
Update ToggleMark => service not found.
Util ToggleMark => service not found.
C:\ProgramData\EYaodqR.dat => moved successfully.
C:\Users\Léa\AppData\Roaming\Compatibility Verifier => moved successfully.
"C:\Users\Léa" => Warning: FRST is scripted not to move this directory.
C:\Program Files (x86)\Flwsrf => moved successfully.
C:\Users\Léa\AppData\Local\dsisetup26971942.exe => moved successfully.
C:\Users\Léa\AppData\Local\JunkAtx18.bin => moved successfully.
C:\Users\Léa\AppData\Local\Kosong.Bron.Tok.txt => moved successfully.
C:\Users\Léa\AppData\Local\upd3640376.exe => moved successfully.

==== End of Fixlog 10:42:56 ====

[Malekal_morte]

Pour voir si tu n'as pas le problème des fichiers sys corrompus :


Passe un coup de SFC (System File Check) :
=> http://forum.malekal.com/sfc-outils-ver ... 50094.html
Fais passer le rapport CBS.log via http://pjjoint.malekal.com

[bouna]

Oups... je viens de faire un scan MBAM qui trouve 96 bestioles, la plupart pas bien méchantes, mais à priori, 2 vilaines bêtes qui apparaissent en rouge : Trozan.ZBAgent.NS et Rogue Multiple.

Rapport mbam ci joint

Je fais un SFC comme demandé

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Date de l'analyse: 30/07/2015
Heure de l'analyse: 12:21
Fichier journal: Rapport MBAM Lea.txt
Administrateur: Oui

Version: 2.1.8.1057
Base de données de programmes malveillants: v2015.07.30.02
Base de données de rootkits: v2015.07.29.02
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Léa

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 375832
Temps écoulé: 27 min, 12 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du registre: 43
PUP.Optional.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34BE6615-ADA0-46D1-9457-ABE77C82B0AD}, , [03e76c7b4743c96d1df795f859a954ac],
PUP.Optional.Agent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{34BE6615-ADA0-46D1-9457-ABE77C82B0AD}, , [03e76c7b4743c96d1df795f859a954ac],
PUP.Optional.Amonetize.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000_Classes\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, , [55957f6826645ed88832ae1c13ef54ac],
PUP.Optional.Amonetize.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000_Classes\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, , [55957f6826645ed88832ae1c13ef54ac],
PUP.Optional.Snapdo.T, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [8664687fbbcf181e4ace9534be44c13f],
PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.6, , [b8329e49791154e23fec65c644bf21df],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, , [8c5e25c2b1d96dc946813ad6db287f81],
PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6818F6FB-6270-4DE8-9827-40E852111F2A}, , [905a4d9af298fa3c0671db5c2fd43fc1],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [c2287b6c4a4066d0f51cd1cdce36629e],
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\CinemaHd For Pro 2.4cV21.12, , [fceede09b5d5181e7cbc9982b84bdd23],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [25c500e73b4f1f17e8f3a1f5f80c9c64],
PUP.Optional.ICinema.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\I - Cinema-nv-ie, , [af3b24c3c8c271c52f2260d50ff4857b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{12902796-653A-4479-BB34-94BFA471FC34}, , [d317dd0ac4c6ce68d5671e7b54b050b0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B822BF1-D5A5-4B7C-83C4-305D509BB25A}, , [09e17473e2a8e650162621787e8658a8],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{224F2571-25CE-4242-B727-ED79EEEB8C7E}, , [d01a984fb9d1fa3ca695b7e257adec14],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22DD0233-C7A9-4F5B-8AE1-D576B1BB1E6B}, , [ebff4e992e5ce551b18b56437a8a7d83],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23379515-5EB4-4614-B783-1DEF5F736A53}, , [bf2b46a12a60f14559e2cbce0ef616ea],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{296FD2B5-A461-4615-B8C9-B9ABEAB174F0}, , [36b47a6d216959dd340845549a6ae719],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A664825-D552-45D0-B588-9743EEF8F615}, , [4d9dcc1bf59539fd64d7f6a33bc922de],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4313E831-96B5-44AD-8151-1CF452E946FB}, , [4b9fecfb0e7cad89d269fe9bcf354eb2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4735C14E-AECA-4D69-9A42-BB4B4B669B6C}, , [03e76a7d8604e353d16baeebf2128779],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4847D636-B09B-4663-A929-A3B86BAD92DE}, , [866434b32862de58211a1980d2322bd5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4AF323A4-6B8C-47ED-B1D5-4EDDC3C2C2D8}, , [7476509789019b9b4cf0c7d2ff059d63],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4AFB42AD-FFEB-43D4-B546-77E2AD7278BF}, , [a7433aad81090c2a59e29ffa20e4ed13],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{566839A0-3491-4273-90AE-BA1AB66825D8}, , [e00a9b4ce1a9072f24179801d133758b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{607D6F1E-1D7C-438E-822C-6BDE32CBA0D3}, , [8c5e5b8cd3b7ce6873c9a2f764a0d32d],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{69D962BF-3F18-4957-8FAC-18A946F5D6DD}, , [33b75b8c4a4081b50735cdcc7193857b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6F835086-6F85-4165-9F39-BC23D7456F30}, , [d9118c5bf8924aec12290891d52f35cb],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7E0ECDF4-4A02-4BD4-8A55-F053B8EA4536}, , [f7f3eafde0aa76c086b50f8a3dc7e917],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A918ED54-A88E-49EB-97D5-834C9D926E9E}, , [98524f98e5a58da91427e3b648bc59a7],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AACE3623-BC9F-42C9-9A25-78D671196A13}, , [cb1f2fb87a103cfacc7098019b696799],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE65839C-A521-4C89-8F3C-F73961DF8B6D}, , [c624588ff99175c1b7847623a163f709],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B13041B1-F273-4168-ACB4-2C77578C6182}, , [13d754932c5ec175e15a15844eb6ff01],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B26B2F9F-678F-4528-866A-DF7BCE3FD987}, , [26c4faed82089f9788b34d4ccc38c33d],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B9430C01-910B-408D-A4A1-113177138719}, , [f8f2f0f72a60e1551b214356d2329a66],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB2F7EB3-CA24-45D0-85D1-7E1238508267}, , [b33777708cfecb6b63d87c1d3ec6f20e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D275277A-252C-424C-B79A-F29ACFA04BCC}, , [06e464835d2d38fe9d9e7524e61e8d73],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E612C963-A348-4171-B535-555A5C5DED6E}, , [da1034b3ff8b2115fc408316798beb15],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E7ABD75F-962B-4756-BCE9-B9965F223D59}, , [9c4ed01766242e088fad16838e76639d],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F70C2055-ABE0-4D92-AA5D-E27853E965BA}, , [608a1fc897f3e353fb412970689c1ce4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FB50381C-4D3E-48D0-BE98-174961DEB386}, , [03e7f9ee3852d95d09336b2e2bd9718f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FE3E0FB8-9BA4-4AF9-9325-C88A7C3828A2}, , [aa4025c28efce94d122a7f1af1130df3],
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\SMARTBAR, , [a04a8a5da6e4c571751daadcf31105fb],

Valeurs du registre: 35
PUP.Optional.Groovorio.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Groovorio\\, , [d317747382084ceadee4e42c44bf6a96]
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_fr_341, , [ac3ed2157a10f3434b3d44049172c23e],
PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6818F6FB-6270-4DE8-9827-40E852111F2A}|Publisher, Linkury Inc., , [757538af92f8eb4b6346faaa7292e818]
PUP.Optional.SnapDo.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... earchTerms}, , [6b7fc2255f2bac8adfdc088cb64e7d83]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{12902796-653A-4479-BB34-94BFA471FC34}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [d317dd0ac4c6ce68d5671e7b54b050b0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B822BF1-D5A5-4B7C-83C4-305D509BB25A}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [09e17473e2a8e650162621787e8658a8]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{224F2571-25CE-4242-B727-ED79EEEB8C7E}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [d01a984fb9d1fa3ca695b7e257adec14]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22DD0233-C7A9-4F5B-8AE1-D576B1BB1E6B}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [ebff4e992e5ce551b18b56437a8a7d83]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23379515-5EB4-4614-B783-1DEF5F736A53}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [bf2b46a12a60f14559e2cbce0ef616ea]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{296FD2B5-A461-4615-B8C9-B9ABEAB174F0}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [36b47a6d216959dd340845549a6ae719]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A664825-D552-45D0-B588-9743EEF8F615}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [4d9dcc1bf59539fd64d7f6a33bc922de]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4313E831-96B5-44AD-8151-1CF452E946FB}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [4b9fecfb0e7cad89d269fe9bcf354eb2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4735C14E-AECA-4D69-9A42-BB4B4B669B6C}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [03e76a7d8604e353d16baeebf2128779]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4847D636-B09B-4663-A929-A3B86BAD92DE}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [866434b32862de58211a1980d2322bd5]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4AF323A4-6B8C-47ED-B1D5-4EDDC3C2C2D8}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [7476509789019b9b4cf0c7d2ff059d63]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4AFB42AD-FFEB-43D4-B546-77E2AD7278BF}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [a7433aad81090c2a59e29ffa20e4ed13]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{566839A0-3491-4273-90AE-BA1AB66825D8}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [e00a9b4ce1a9072f24179801d133758b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{607D6F1E-1D7C-438E-822C-6BDE32CBA0D3}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [8c5e5b8cd3b7ce6873c9a2f764a0d32d]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{69D962BF-3F18-4957-8FAC-18A946F5D6DD}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [33b75b8c4a4081b50735cdcc7193857b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6F835086-6F85-4165-9F39-BC23D7456F30}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [d9118c5bf8924aec12290891d52f35cb]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7E0ECDF4-4A02-4BD4-8A55-F053B8EA4536}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [f7f3eafde0aa76c086b50f8a3dc7e917]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A918ED54-A88E-49EB-97D5-834C9D926E9E}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [98524f98e5a58da91427e3b648bc59a7]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AACE3623-BC9F-42C9-9A25-78D671196A13}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [cb1f2fb87a103cfacc7098019b696799]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE65839C-A521-4C89-8F3C-F73961DF8B6D}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [c624588ff99175c1b7847623a163f709]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B13041B1-F273-4168-ACB4-2C77578C6182}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [13d754932c5ec175e15a15844eb6ff01]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B26B2F9F-678F-4528-866A-DF7BCE3FD987}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [26c4faed82089f9788b34d4ccc38c33d]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B9430C01-910B-408D-A4A1-113177138719}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [f8f2f0f72a60e1551b214356d2329a66]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB2F7EB3-CA24-45D0-85D1-7E1238508267}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [b33777708cfecb6b63d87c1d3ec6f20e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D275277A-252C-424C-B79A-F29ACFA04BCC}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-buttonutil.exe, , [06e464835d2d38fe9d9e7524e61e8d73]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E612C963-A348-4171-B535-555A5C5DED6E}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [da1034b3ff8b2115fc408316798beb15]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E7ABD75F-962B-4756-BCE9-B9965F223D59}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [9c4ed01766242e088fad16838e76639d]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F70C2055-ABE0-4D92-AA5D-E27853E965BA}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [608a1fc897f3e353fb412970689c1ce4]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FB50381C-4D3E-48D0-BE98-174961DEB386}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [03e7f9ee3852d95d09336b2e2bd9718f]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FE3E0FB8-9BA4-4AF9-9325-C88A7C3828A2}|AppName, 42e9de57-02c1-480e-8061-84a91ff23dff-2.exe-codedownloader.exe, , [aa4025c28efce94d122a7f1af1130df3]
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-3780714422-1700843158-1565743124-1000\SOFTWARE\SMARTBAR|publisher, ShoppingHelper, , [a04a8a5da6e4c571751daadcf31105fb]

Données du registre: 1
PUP.Optional.SnapDo.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... earchTerms}, Bon : (http://www.google.com), Mauvais : (http://feed.snapdo.com/?p=mKO_AwFzXIpYR ... earchTerms}),,[bc2eac3b6d1dc76f52ec36ff8283d030]

Dossiers: 1
Rogue.Multiple, C:\ProgramData\374311380, , [9555f6f19eec072f5a0b08c39d65c33d],

Fichiers: 16
PUP.Optional.BubbleDock.A, C:\Users\Public\4B364BB14BA34890ABBB3A4311612C53\Install_BubbleDock.exe, , [f8f2b5324545de5814407b8e679a52ae],
Trojan.ZBAgent.NS, C:\Users\Public\4DB908B87B7F4D03B1B481546E1D8D67\plugin_0.0.8.exe, , [0bdf915673178ea82024182e32cfa25e],
PUP.Optional.OutBrowse, C:\Users\Public\C6A2A4FA84F245FD8D78C899725271DE\setup.exe, , [a743a740c0cac6707d515be6a9581ae6],
PUP.Optional.Amonetize, C:\Users\Léa\AppData\Local\17963\a13525.exe, , [9753a93e2466d363735f59db22df26da],
PUP.Optional.SnapDo.A, C:\Windows\Installer\128e654.msi, , [f7f3f8ef375356e09aebbf6cac55857b],
PUP.Optional.SmartBar.A, C:\Windows\Installer\b85e4.msi, , [d317f1f68ffb78be2d3ea6701de8738d],
PUP.Optional.SweetIM, C:\Windows\Installer\b9caf6.msi, , [23c7b6316e1c6acc8a3a3d28de2746ba],
PUP.Optional.SweetIM, C:\Windows\Installer\b9cafd.msi, , [f2f8cb1c2f5b2f07c103560f41c43fc1],
PUP.Optional.SweetIM, C:\Windows\Installer\b9cb04.msi, , [2dbd6780dab04aec279d3b2a10f5c23e],
PUP.Optional.SweetIM, C:\Windows\Installer\b9cb0b.msi, , [8f5b786fbbcf87af398b234233d29d63],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI411E.tmp-\Smartbar.Installer.CustomActions.dll, , [5e8c5a8d2c5e2d09ee22d45cb24e5aa6],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI60F6.tmp-\Smartbar.Installer.CustomActions.dll, , [98528d5aa1e9270fa86871bf9b655fa1],
PUP.Optional.SmartBar, C:\Windows\Installer\MSIC95B.tmp-\Smartbar.Installer.CustomActions.dll, , [3dad5f8895f5c1750f01ed43e41c21df],
PUP.Optional.SmartBar, C:\Windows\Installer\MSIE9AD.tmp-\Smartbar.Installer.CustomActions.dll, , [24c65295127801359977939d7789916f],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\temp_272f7b2b-7f2b-4f5f-bd15-0db33c94182c.job, , [2ebcd017662492a4890c04899e66d42c],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\temp_272f7b2b-7f2b-4f5f-bd15-0db33c94182c, , [06e41bcc602aef4732644449699b4bb5],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

[bouna]

Comme demandé, voici le lien du Rapport CBS

http://pjjoint.malekal.com/files.php?id ... 13b6x11k12

[Malekal_morte]

SFC correcte, reste quoi comme problème ?

[bouna]

Plus de problème, Malekal, NI-KEL, tout roule !
Ca vaut bien un petit don...

[Malekal_morte]

Voila, c'est terminé, tu peux supprimer les programmes utilisés.

Quelques conseils :


Pour prévenir les sites malicieux, tu peux installer Blockulicious : http://forum.malekal.com/blockulicious- ... 46656.html


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/
(Surtout active les détections LPIs pour détecter les programmes parasites et publicitaires)


Le reste de la sécurité : http://forum.malekal.com/comment-securi ... ateur.html