FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique

Aide à la désinfection (pages publicitaires, moteur de recherche remplacé, redirections, virus...).
Règles du forum : Entraide concernant la désinfection et la sécurité informatique : en cas de publicités intempestives, pop-up, redirections, logiciels indésirables, ralentissements suspects, virus, etc.
Une désinfection complète vous sera assurée : désinfection, sécurisation, puis prévention.
Seuls les helpers (personnes qualifiées et formées à la désinfection) ainsi que le staff sont autorisés à apporter leur aide dans cette section.
Merci également de prendre connaissance de la charte générale du forum.
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par jcdesrochers
#78122
mon ordi est infesté par do-search. Analysé avec Malwarebytes Anti Malware Pro aucun résultat. analysé avec AdwCleaner do-search me nargue encore. J'ai besoin d'aide Merci à l'avance
Avatar du membre
par 2011N2
#78145
Bonjour,

Aurais-tu les rapports MBAM (présent dans l'onglet Rapports/Logs du logiciel) et AdwCleaner (sous C:\AdwCleaner[S0].txt) STP ?

Merci.

Gabriel.
Avatar du membre
par jcdesrochers
#78267
Oui j'ai ces Rapports
# AdwCleaner v3.012 - Rapport créé le 21/11/2013 à 14:17:19
# Mis à jour le 11/11/2013 par Xplode
# Système d'exploitation : Windows 8.1 (64 bits)
# Nom d'utilisateur : jean-claude - JC
# Exécuté depuis : C:\Users\jean-claude\Downloads\adwcleaner.exe
# Option : Scanner

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Présent : C:\Users\jean-claude\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Dossier Présent : C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\Extensions\{1ae0e3eb-2207-4ee4-90df-892b99ba4b9c}
Dossier Présent : C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\Extensions\{8e2479de-6096-41f3-90ab-83be9946aa2d}
Dossier Présent C:\Program Files (x86)\Common Files\337
Dossier Présent C:\Program Files (x86)\Conduit
Dossier Présent C:\Program Files (x86)\InternetHelper3.7
Dossier Présent C:\Program Files (x86)\MyPC Backup
Dossier Présent C:\Program Files (x86)\Searchprotect
Dossier Présent C:\Program Files (x86)\WinZipper
Dossier Présent C:\ProgramData\boost_interprocess
Dossier Présent C:\ProgramData\Conduit
Dossier Présent C:\Searchprotect
Dossier Présent C:\Users\JEAN-C~1\AppData\Local\Temp\AirInstaller
Dossier Présent C:\Users\JEAN-C~1\AppData\Local\Temp\Desk365
Dossier Présent C:\Users\jean-claude\AppData\Local\Conduit
Dossier Présent C:\Users\jean-claude\AppData\Local\Searchprotect
Dossier Présent C:\Users\jean-claude\AppData\LocalLow\Conduit
Dossier Présent C:\Users\jean-claude\AppData\LocalLow\InternetHelper3.7
Dossier Présent C:\Users\jean-claude\AppData\LocalLow\PriceGong
Dossier Présent C:\Users\jean-claude\AppData\Roaming\iSafe
Dossier Présent C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\CT3315828
Dossier Présent C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\CT3316660
Dossier Présent C:\Users\jean-claude\AppData\Roaming\Searchprotect
Fichier Présent : C:\END
Fichier Présent : C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\searchplugins\Conduit.xml
Fichier Présent : C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\user.js
Fichier Présent : C:\Users\Public\Desktop\eBay.lnk
Fichier Présent : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
Fichier Présent : C:\WINDOWS\System32\Tasks\Desk 365 RunAsStdUser
Fichier Présent : C:\WINDOWS\System32\Tasks\LaunchApp

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Présente : HKCU\Software\AppDataLow\Software\Conduit
Clé Présente : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Clé Présente : HKCU\Software\AppDataLow\Software\Crossrider
Clé Présente : HKCU\Software\AppDataLow\Software\InternetHelper3.7
Clé Présente : HKCU\Software\AppDataLow\Software\PriceGong
Clé Présente : HKCU\Software\AppDataLow\Software\smartbar
Clé Présente : HKCU\Software\AppDataLow\Toolbar
Clé Présente : HKCU\Software\Conduit
Clé Présente : HKCU\Software\InstalledThirdPartyPrograms
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Clé Présente : [x64] HKCU\Software\Conduit
Clé Présente : [x64] HKCU\Software\InstalledThirdPartyPrograms
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{B052E68E-A114-4480-B416-C8E617D346A9}
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT3298581
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT3315828
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT3316660
Clé Présente : HKLM\Software\Conduit
Clé Présente : HKLM\Software\Desksvc
Clé Présente : HKLM\Software\hdcode
Clé Présente : HKLM\Software\InternetHelper3.7
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72627B5C-D018-450D-B8D8-EA14EA31CD90}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CEC04CA-41B5-454A-B133-F29A613A1710}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B052E68E-A114-4480-B416-C8E617D346A9}
Clé Présente : HKLM\Software\V9
Clé Présente : HKLM\Software\winzipersvc
Clé Présente : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Clé Présente : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8E2479DE-6096-41F3-90AB-83BE9946AA2D}]
Valeur Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8E2479DE-6096-41F3-90AB-83BE9946AA2D}]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8E2479DE-6096-41F3-90AB-83BE9946AA2D}]

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v25.0.1 (fr)

[ Fichier : C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\prefs.js ]

Ligne Trouvée : user_pref("CT3315828.FF19Solved", "true");
Ligne Trouvée : user_pref("CT3315828.UserID", "UN26142758201061474");
Ligne Trouvée : user_pref("CT3315828.browser.search.defaultthis.engineName", "true");
Ligne Trouvée : user_pref("CT3315828.fullUserID", "UN26142758201061474.IN.20131115185618");
Ligne Trouvée : user_pref("CT3315828.installDate", "15/11/2013 18:56:21");
Ligne Trouvée : user_pref("CT3315828.installSessionId", "{21456E3B-5553-46D6-827D-F10994571B23}");
Ligne Trouvée : user_pref("CT3315828.installSp", "TRUE");
Ligne Trouvée : user_pref("CT3315828.installerVersion", "1.8.1.4");
Ligne Trouvée : user_pref("CT3315828.keyword", "true");
Ligne Trouvée : user_pref("CT3315828.originalHomepage", "hxxp://do-search.com/?type=hpts=1384553232from=airuid=TOSHIBAXMQ01ABD075_13TCFCXASXX13TCFCXAS");
Ligne Trouvée : user_pref("CT3315828.originalSearchAddressUrl", "");
Ligne Trouvée : user_pref("CT3315828.originalSearchEngine", "do-search");
Ligne Trouvée : user_pref("CT3315828.originalSearchEngineName", "do-search");
Ligne Trouvée : user_pref("CT3315828.searchRevert", "false");
Ligne Trouvée : user_pref("CT3315828.searchUninstallUserMode", "2");
Ligne Trouvée : user_pref("CT3315828.searchUserMode", "2");
Ligne Trouvée : user_pref("CT3315828.smartbar.homepage", "true");
Ligne Trouvée : user_pref("CT3315828.toolbarInstallDate", "15-11-2013 18:56:18");
Ligne Trouvée : user_pref("CT3315828.versionFromInstaller", "10.22.3.18");
Ligne Trouvée : user_pref("CT3315828.xpeMode", "0");
Ligne Trouvée : user_pref("CT3316660.FF19Solved", "true");
Ligne Trouvée : user_pref("CT3316660.UserID", "UN29930082081054615");
Ligne Trouvée : user_pref("CT3316660.browser.search.defaultthis.engineName", "true");
Ligne Trouvée : user_pref("CT3316660.fullUserID", "UN29930082081054615.IN.20131025212423");
Ligne Trouvée : user_pref("CT3316660.installDate", "25/10/2013 21:24:31");
Ligne Trouvée : user_pref("CT3316660.installSessionId", "{761D42B8-6DA1-4311-9790-141E02EE9E90}");
Ligne Trouvée : user_pref("CT3316660.installSp", "FALSE");
Ligne Trouvée : user_pref("CT3316660.installerVersion", "1.8.0.14");
Ligne Trouvée : user_pref("CT3316660.keyword", "true");
Ligne Trouvée : user_pref("CT3316660.originalHomepage", "abouthome");
Ligne Trouvée : user_pref("CT3316660.originalSearchAddressUrl", "");
Ligne Trouvée : user_pref("CT3316660.originalSearchEngine", "Bing");
Ligne Trouvée : user_pref("CT3316660.originalSearchEngineName", "Bing");
Ligne Trouvée : user_pref("CT3316660.searchRevert", "false");
Ligne Trouvée : user_pref("CT3316660.searchUserMode", "2");
Ligne Trouvée : user_pref("CT3316660.smartbar.homepage", "true");
Ligne Trouvée : user_pref("CT3316660.toolbarInstallDate", "25-10-2013 21:24:24");
Ligne Trouvée : user_pref("CT3316660.versionFromInstaller", "10.21.1.7");
Ligne Trouvée : user_pref("CT3316660.xpeMode", "0");
Ligne Trouvée : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3316660octid=CT3316660SearchSource=61CUI=UN29930082081054615UM=2UP=SP714411F3-39D6-4306-A81E-B915C40DA890");
Ligne Trouvée : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Ligne Trouvée : user_pref("browser.search.defaultenginename", "InternetHelper3.7 Customized Web Search");
Ligne Trouvée : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.7 Customized Web Search");
Ligne Trouvée : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315828CUI=UN26142758201061474UM=2SearchSource=3q={searchTerms}");
Ligne Trouvée : user_pref("browser.search.selectedEngine", "InternetHelper3.7 Customized Web Search");
Ligne Trouvée : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315828SearchSource=2CUI=UN26142758201061474UM=2q=");
Ligne Trouvée : user_pref("smartbar.addressBarOwnerCTID", "CT3315828");
Ligne Trouvée : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3316660CUI=UN29930082081054615UM=2SearchSource=13,hxxp://search.conduit.com/?ctid=CT3316660CUI=UN29930082081054615UM=2[...]
Ligne Trouvée : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316660SearchSource=2CUI=UN29930082081054615UM=2q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Ligne Trouvée : user_pref("smartbar.defaultSearchOwnerCTID", "CT3315828");
Ligne Trouvée : user_pref("smartbar.homePageOwnerCTID", "CT3315828");
Ligne Trouvée : user_pref("smartbar.machineId", "IQIIJKHHC56T/5ZSITP9WBOCZUYR+A3SSK6L901RAP9CXUTTSLUVQ3TIZRCZ7I+NM8YNBRQC+7BLRM72ZG66QA");
Ligne Trouvée : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3316660CUI=UN29930082081054615UM=2SearchSource=13UP=SP714411F3-39D6-4306-A81E-B915C40DA890");

-\\ Google Chrome v

[ Fichier : C:\Users\jean-claude\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10780 octets] - [21/11/2013 14:17:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10841 octets] ##########
Avatar du membre
par jcdesrochers
#78268
Oui j'ai ces Rapports
# AdwCleaner v3.012 - Rapport créé le 21/11/2013 à 14:17:19
# Mis à jour le 11/11/2013 par Xplode
# Système d'exploitation : Windows 8.1 (64 bits)
# Nom d'utilisateur : jean-claude - JC
# Exécuté depuis : C:\Users\jean-claude\Downloads\adwcleaner.exe
# Option : Scanner

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Présent : C:\Users\jean-claude\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Dossier Présent : C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\Extensions\{1ae0e3eb-2207-4ee4-90df-892b99ba4b9c}
Dossier Présent : C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\Extensions\{8e2479de-6096-41f3-90ab-83be9946aa2d}
Dossier Présent C:\Program Files (x86)\Common Files\337
Dossier Présent C:\Program Files (x86)\Conduit
Dossier Présent C:\Program Files (x86)\InternetHelper3.7
Dossier Présent C:\Program Files (x86)\MyPC Backup
Dossier Présent C:\Program Files (x86)\Searchprotect
Dossier Présent C:\Program Files (x86)\WinZipper
Dossier Présent C:\ProgramData\boost_interprocess
Dossier Présent C:\ProgramData\Conduit
Dossier Présent C:\Searchprotect
Dossier Présent C:\Users\JEAN-C~1\AppData\Local\Temp\AirInstaller
Dossier Présent C:\Users\JEAN-C~1\AppData\Local\Temp\Desk365
Dossier Présent C:\Users\jean-claude\AppData\Local\Conduit
Dossier Présent C:\Users\jean-claude\AppData\Local\Searchprotect
Dossier Présent C:\Users\jean-claude\AppData\LocalLow\Conduit
Dossier Présent C:\Users\jean-claude\AppData\LocalLow\InternetHelper3.7
Dossier Présent C:\Users\jean-claude\AppData\LocalLow\PriceGong
Dossier Présent C:\Users\jean-claude\AppData\Roaming\iSafe
Dossier Présent C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\CT3315828
Dossier Présent C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\CT3316660
Dossier Présent C:\Users\jean-claude\AppData\Roaming\Searchprotect
Fichier Présent : C:\END
Fichier Présent : C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\searchplugins\Conduit.xml
Fichier Présent : C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\user.js
Fichier Présent : C:\Users\Public\Desktop\eBay.lnk
Fichier Présent : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
Fichier Présent : C:\WINDOWS\System32\Tasks\Desk 365 RunAsStdUser
Fichier Présent : C:\WINDOWS\System32\Tasks\LaunchApp

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Présente : HKCU\Software\AppDataLow\Software\Conduit
Clé Présente : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Clé Présente : HKCU\Software\AppDataLow\Software\Crossrider
Clé Présente : HKCU\Software\AppDataLow\Software\InternetHelper3.7
Clé Présente : HKCU\Software\AppDataLow\Software\PriceGong
Clé Présente : HKCU\Software\AppDataLow\Software\smartbar
Clé Présente : HKCU\Software\AppDataLow\Toolbar
Clé Présente : HKCU\Software\Conduit
Clé Présente : HKCU\Software\InstalledThirdPartyPrograms
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Clé Présente : [x64] HKCU\Software\Conduit
Clé Présente : [x64] HKCU\Software\InstalledThirdPartyPrograms
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{B052E68E-A114-4480-B416-C8E617D346A9}
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT3298581
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT3315828
Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT3316660
Clé Présente : HKLM\Software\Conduit
Clé Présente : HKLM\Software\Desksvc
Clé Présente : HKLM\Software\hdcode
Clé Présente : HKLM\Software\InternetHelper3.7
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72627B5C-D018-450D-B8D8-EA14EA31CD90}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CEC04CA-41B5-454A-B133-F29A613A1710}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E2479DE-6096-41F3-90AB-83BE9946AA2D}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B052E68E-A114-4480-B416-C8E617D346A9}
Clé Présente : HKLM\Software\V9
Clé Présente : HKLM\Software\winzipersvc
Clé Présente : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Clé Présente : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8E2479DE-6096-41F3-90AB-83BE9946AA2D}]
Valeur Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8E2479DE-6096-41F3-90AB-83BE9946AA2D}]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8E2479DE-6096-41F3-90AB-83BE9946AA2D}]

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v25.0.1 (fr)

[ Fichier : C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\prefs.js ]

Ligne Trouvée : user_pref("CT3315828.FF19Solved", "true");
Ligne Trouvée : user_pref("CT3315828.UserID", "UN26142758201061474");
Ligne Trouvée : user_pref("CT3315828.browser.search.defaultthis.engineName", "true");
Ligne Trouvée : user_pref("CT3315828.fullUserID", "UN26142758201061474.IN.20131115185618");
Ligne Trouvée : user_pref("CT3315828.installDate", "15/11/2013 18:56:21");
Ligne Trouvée : user_pref("CT3315828.installSessionId", "{21456E3B-5553-46D6-827D-F10994571B23}");
Ligne Trouvée : user_pref("CT3315828.installSp", "TRUE");
Ligne Trouvée : user_pref("CT3315828.installerVersion", "1.8.1.4");
Ligne Trouvée : user_pref("CT3315828.keyword", "true");
Ligne Trouvée : user_pref("CT3315828.originalHomepage", "hxxp://do-search.com/?type=hpts=1384553232from=airuid=TOSHIBAXMQ01ABD075_13TCFCXASXX13TCFCXAS");
Ligne Trouvée : user_pref("CT3315828.originalSearchAddressUrl", "");
Ligne Trouvée : user_pref("CT3315828.originalSearchEngine", "do-search");
Ligne Trouvée : user_pref("CT3315828.originalSearchEngineName", "do-search");
Ligne Trouvée : user_pref("CT3315828.searchRevert", "false");
Ligne Trouvée : user_pref("CT3315828.searchUninstallUserMode", "2");
Ligne Trouvée : user_pref("CT3315828.searchUserMode", "2");
Ligne Trouvée : user_pref("CT3315828.smartbar.homepage", "true");
Ligne Trouvée : user_pref("CT3315828.toolbarInstallDate", "15-11-2013 18:56:18");
Ligne Trouvée : user_pref("CT3315828.versionFromInstaller", "10.22.3.18");
Ligne Trouvée : user_pref("CT3315828.xpeMode", "0");
Ligne Trouvée : user_pref("CT3316660.FF19Solved", "true");
Ligne Trouvée : user_pref("CT3316660.UserID", "UN29930082081054615");
Ligne Trouvée : user_pref("CT3316660.browser.search.defaultthis.engineName", "true");
Ligne Trouvée : user_pref("CT3316660.fullUserID", "UN29930082081054615.IN.20131025212423");
Ligne Trouvée : user_pref("CT3316660.installDate", "25/10/2013 21:24:31");
Ligne Trouvée : user_pref("CT3316660.installSessionId", "{761D42B8-6DA1-4311-9790-141E02EE9E90}");
Ligne Trouvée : user_pref("CT3316660.installSp", "FALSE");
Ligne Trouvée : user_pref("CT3316660.installerVersion", "1.8.0.14");
Ligne Trouvée : user_pref("CT3316660.keyword", "true");
Ligne Trouvée : user_pref("CT3316660.originalHomepage", "abouthome");
Ligne Trouvée : user_pref("CT3316660.originalSearchAddressUrl", "");
Ligne Trouvée : user_pref("CT3316660.originalSearchEngine", "Bing");
Ligne Trouvée : user_pref("CT3316660.originalSearchEngineName", "Bing");
Ligne Trouvée : user_pref("CT3316660.searchRevert", "false");
Ligne Trouvée : user_pref("CT3316660.searchUserMode", "2");
Ligne Trouvée : user_pref("CT3316660.smartbar.homepage", "true");
Ligne Trouvée : user_pref("CT3316660.toolbarInstallDate", "25-10-2013 21:24:24");
Ligne Trouvée : user_pref("CT3316660.versionFromInstaller", "10.21.1.7");
Ligne Trouvée : user_pref("CT3316660.xpeMode", "0");
Ligne Trouvée : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3316660octid=CT3316660SearchSource=61CUI=UN29930082081054615UM=2UP=SP714411F3-39D6-4306-A81E-B915C40DA890");
Ligne Trouvée : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Ligne Trouvée : user_pref("browser.search.defaultenginename", "InternetHelper3.7 Customized Web Search");
Ligne Trouvée : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.7 Customized Web Search");
Ligne Trouvée : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315828CUI=UN26142758201061474UM=2SearchSource=3q={searchTerms}");
Ligne Trouvée : user_pref("browser.search.selectedEngine", "InternetHelper3.7 Customized Web Search");
Ligne Trouvée : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315828SearchSource=2CUI=UN26142758201061474UM=2q=");
Ligne Trouvée : user_pref("smartbar.addressBarOwnerCTID", "CT3315828");
Ligne Trouvée : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3316660CUI=UN29930082081054615UM=2SearchSource=13,hxxp://search.conduit.com/?ctid=CT3316660CUI=UN29930082081054615UM=2[...]
Ligne Trouvée : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316660SearchSource=2CUI=UN29930082081054615UM=2q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Ligne Trouvée : user_pref("smartbar.defaultSearchOwnerCTID", "CT3315828");
Ligne Trouvée : user_pref("smartbar.homePageOwnerCTID", "CT3315828");
Ligne Trouvée : user_pref("smartbar.machineId", "IQIIJKHHC56T/5ZSITP9WBOCZUYR+A3SSK6L901RAP9CXUTTSLUVQ3TIZRCZ7I+NM8YNBRQC+7BLRM72ZG66QA");
Ligne Trouvée : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3316660CUI=UN29930082081054615UM=2SearchSource=13UP=SP714411F3-39D6-4306-A81E-B915C40DA890");

-\\ Google Chrome v

[ Fichier : C:\Users\jean-claude\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10780 octets] - [21/11/2013 14:17:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10841 octets] ##########
Avatar du membre
par jcdesrochers
#78270
Rapport Mbam
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16438

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.697000 GHz
Memory total: 7720931328, free: 5587693568

Downloaded database version: v2013.11.21.03
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
11/21/2013 06:25:51
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\TVALZ_O.SYS
\SystemRoot\System32\drivers\tos_sps64.sys
\SystemRoot\system32\DRIVERS\THAccel.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_AMDASF.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\FwLnk.sys
\SystemRoot\System32\drivers\Thotkey.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dc3d.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\point64.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffe00001ea7060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000002c\
Lower Device Object: 0xffffe000018d4060
Lower Device Driver Name: \Driver\storahci\

Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00001ea7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00001ea7b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00001ea7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00001ecb4f0, DeviceName: Unknown, DriverName: \Driver\THAccel\
DevicePointer: 0xffffe000018d4060, DeviceName: \Device\0000002c\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0

Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes


Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...


Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
Read File: File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2279819310
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid 20740c60-9d3b-45be-8a75-d5e58be5c0f1
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2279819310
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid 20740c60-9d3b-45be-8a75-d5e58be5c0f1
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID f0555558-adfb-11e2-a741-c466777ba6e8
FirstLBA 2048 Last LBA 2099199
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID f0555560-adfb-11e2-a741-c466777ba6e8
FirstLBA 2099200 Last LBA 2631679
Attributes 0
Partition Name Basic data partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID f0555562-adfb-11e2-a741-c466777ba6e8
FirstLBA 2631680 Last LBA 2893823
Attributes 0
Partition Name Basic data partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID f055556a-adfb-11e2-a741-c466777ba6e8
FirstLBA 2893824 Last LBA 1439250431
Attributes 0
Partition Name Basic data partition

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 387fe0e2-1289-4760-9d4f-e82a8c42cada
FirstLBA 1439250432 Last LBA 1439967231
Attributes 1
Partition Name

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID b3d5b5f7-78e4-4179-8c7a-79d15f19e936
FirstLBA 1439967232 Last LBA 1465147391
Attributes 1
Partition Name Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16438

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.697000 GHz
Memory total: 7720931328, free: 5689442304

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16438

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.697000 GHz
Memory total: 7720931328, free: 5704626176

=======================================
Avatar du membre
par 2011N2
#78284
Salut,

Passe AdwCleaner en mode Nettoyer et poste le rapport.

Et puis tu as passé MBAR et non MBAM, mais pas grave on verra ça un peu après.

Gabriel.
Avatar du membre
par jcdesrochers
#78298
# AdwCleaner v3.012 - Rapport créé le 22/11/2013 à 15:50:24
# Mis à jour le 11/11/2013 par Xplode
# Système d'exploitation : Windows 8.1 (64 bits)
# Nom d'utilisateur : jean-claude - JC
# Exécuté depuis : C:\Users\jean-claude\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\Conduit

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v25.0.1 (fr)

[ Fichier : C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\prefs.js ]


-\\ Google Chrome v

[ Fichier : C:\Users\jean-claude\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************
Avatar du membre
par jcdesrochers
#78316
~ Report of ZHPDiag v2013.11.22.46 - Nicolas Coolman (2013-11-22)
~ Launched by jean-claude (2013-11-22 20:05:18)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16438
MFIE: Mozilla Firefox 25.0.1 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 6JCMG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v9.0.2007
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Information on the system
~ Processor: AMD64 Family 21 Model 19 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7363 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 629 GB (91%) free of 685 GB

---\\ Connection to the system mode
~ Computer Name: JC
~ User Name: jean-claude
~ All Users Names: jean-claude, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\jean-claude\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jean-claude\AppData\Roaming\
~ %Desktop% : C:\Users\jean-claude\Desktop\
~ %Favorites% : C:\Users\jean-claude\Favorites\
~ %LocalAppData% : C:\Users\jean-claude\AppData\Local\
~ %StartMenu% : C:\Users\jean-claude\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 629 Go of 685 Go)
D: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.2013-10-22 - 02:55:27.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2013-08-22 - 04:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.92E05214CC073A85CEDFF9BD4966F96B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-10-18 - 22:53:26.) -- C:\Windows\System32\wininet.dll [2332160]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2013-08-22 - 04:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.2013-08-22 - 05:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.2013-08-22 - 08:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2013-08-22 - 07:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2013-08-22 - 06:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2013-08-22 - 03:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2013-08-22 - 06:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2013-08-22 - 06:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.2013-08-22 - 06:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.2013-09-29 - 23:14:00.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.2013-09-29 - 23:13:57.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.2013-08-22 - 06:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-08-22 - 08:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.2013-08-22 - 06:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2013-08-22 - 06:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.2013-09-29 - 22:59:53.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.2013-08-22 - 08:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2013-08-22 - 07:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/112
~ Mes musiques (My Musics) : 1/1101
~ Mes Favoris (My Favorites) : 1/30
~ Mes Documents (My Documents) : 1/13
~ Mon Bureau (My Desktop) : 1/30
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3008]
[MD5.736E57247F12EACECDB224B8D1F7F187] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.4692]
[MD5.ACA0A7CF75AAD65FBF2EB88C47012D7E] - (.TOSHIBA Corporation - Sleep and Charge Service.) -- C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392] [PID.1096]
[MD5.849D66021A0EF43A20137BA9D85ECADF] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.5352]
[MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8262144] [PID.5852]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\jean-claude\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.7.9, (Désactivé) =PUP.Elex
~ Google Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\prefs.js
M0 - MFSP: prefs.js [jean-claude - u52m4roy.default] http://support.me
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com =PUP.DoSearches
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com =PUP.DoSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com =PUP.DoSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Bing Bar [64Bits] - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll =Toolbar.Bing
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Desktop Assist.lnk . (...) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Desktop Assist\TosDesktopAssist.exe (.not file.)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://do-search.com =PUP.DoSearches
O4 - GS\Desktop [Public]: Nouvelles Canadienne.lnk - Orphan key
O4 - GS\Desktop [Public]: PagesJaunes.ca.lnk - Orphan key
O4 - GS\Desktop [Public]: Quicken 2012.lnk . (.Intuit Inc. - Quicken Launcher.) -- C:\Program Files (x86)\Quicken\qw.exe
O4 - GS\Desktop [Public]: Reader for PC.lnk . (.Sony Corporation - Reader for PC.) -- C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe
O4 - GS\Desktop [Public]: Reader Library.lnk . (.Sony Corporation - Reader Library.) -- C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe
O4 - GS\Program [Public]: Desktop.lnk - Orphan key
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://do-search.com =PUP.DoSearches
O4 - GS\QuickLaunch [jean-claude]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =PUP.DoSearches
O4 - GS\TaskBar [jean-claude]: Evernote.lnk . (...) -- C:\windows\Installer\{0BE73D3C-B5AF-11E1-933A-984BE15F174E}\Evernote.ico
O4 - GS\TaskBar [jean-claude]: FRST64.lnk . (.Farbar - No Comment.) -- C:\Users\jean-claude\AppData\Local\Microsoft\Windows\INetCache\IE\SAVVVM77\FRST64.exe
O4 - GS\TaskBar [jean-claude]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =PUP.DoSearches
O4 - GS\TaskBar [jean-claude]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://do-search.com =PUP.DoSearches
O4 - GS\Program [jean-claude]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =PUP.DoSearches
O4 - GS\SendTo [jean-claude]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote.) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
O4 - GS\Desktop [jean-claude]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote.) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
~ Global Startup: 60 Legitimates Filtered in 00mn 01s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [jean-claude]: EvernoteClipper.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote Clipper.) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe (.not file.)
O4 - HKLM\..\Run: [TecoResident] . (.TOSHIBA Corporation - Resident module of eco Utility.) -- C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =.Skype Technologies S.A.
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [TSVU] . (.TOSHIBA - TOSHIBA Display Setup Launcher.) -- c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(R) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Reader Library Launcher] . (.Sony Corporation - Reader Library Launcher.) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Reader Application Helper] . (.Sony Corporation - Reader Application Helper.) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-1487622431-3749382543-737347118-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1487622431-3749382543-737347118-1001\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =.Microsoft Corporation
O9 - Extra button: Notes liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E502E682-AEEF-40A9-B168-3DBC1EB1578D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpDomain = hsd1.fl.comcast.net.
O17 - HKLM\System\CS1\Services\Tcpip\..\{E502E682-AEEF-40A9-B168-3DBC1EB1578D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpDomain = hsd1.fl.comcast.net.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
[MD5.6EF487A46FB615DF717F85D7458BD2CD] [APT] [TODDMain] (...) -- C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 08s



---\\ HKCU HKLM Software Keys
[HKCU\Software\Mixi.DJ]
[HKLM\Software\Wow6432Node\epubforwindows]
~ Key Software: 161 Legitimates Filtered in 00mn 01s



---\\ Contents of the Common Files folders (O43)
~ 62 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 208 Legitimates Filtered in 00mn 23s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] - 2013-11-16 - 08:12:23 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [385528]
O44 - LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] - 2013-11-16 - 08:12:23 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385528]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2013-11-20 - 19:38:00 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 219 Legitimates Filtered in 00mn 40s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 2013-11-09 - 18:00:21 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {E6B7A242-3416-4F1C-8F52-FAAFE2410C55} [DefaultScope] - (InternetHelper3.7 Customized Web Search) - http://search.conduit.com
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.ED2CEB84E22F95C82AF4BAFABDE9ED51] [SPRF][2013-11-15] (...) -- C:\Users\jean-claude\AppData\Local\Temp\air201D.exe [73824]
[MD5.5B773C76A0F9D0A8E7D16C8E052DF707] [SPRF][2013-11-15] (.Search Results - Setup.exe.) -- C:\Users\jean-claude\AppData\Local\Temp\air6248.exe [3143792]
[MD5.67E143A00B5D934DF632C01B64E460B8] [SPRF][2013-11-15] (.No owner - conduitinstaller.) -- C:\Users\jean-claude\AppData\Local\Temp\airE18F.exe [117760] =Adware.Bloson
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][2013-11-21] (...) -- C:\Users\jean-claude\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.378189889438568FEF3D98588283B3A5] [SPRF][2013-11-10] (...) -- C:\Users\jean-claude\AppData\Local\Temp\Quarantine.exe [350377]
[MD5.8C24311EC0A970BE2F451A66A8DD7FE3] [SPRF][2013-11-20] (...) -- C:\Users\jean-claude\AppData\Local\Temp\SHSetup.exe [46777424] =Crapware.SpyHunter
[MD5.7CA420A4688109E2AB5844A2C753C905] [SPRF][2013-10-14] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\jean-claude\AppData\Local\Temp\tbInt0.dll [5176096] =Toolbar.Conduit
~ Files: 13 Legitimates Filtered in 00mn 04s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "28D186A376158144EBAB8E99416866B5" . (.Bing Bar.) -- C:\WINDOWS\Installer\{3A681D82-5167-4418-BEBA-E8991486665B}\icon_installer_ico =Toolbar.Bing
~ Update Products: 123 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.0A5E9225002C08C5A5869E9CC3C2D209] [WIS][2011-11-10] (.Intuit - Quicken.) -- C:\Windows\Installer\302f5d.msi [4743680]
~ WIS: 123 Legitimates Filtered in 00mn 26s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 2013-09-03 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 2013-10-13 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 2013-09-26 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Disabled 2013-09-07 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2013-11-09 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Auto 2013-10-10 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BBSvc.exe
SR - | Demand 2013-10-10 240288 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\SeaPort.exe
SS - | Disabled 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Disabled 2013-04-10 16720 | (dts_apo_service) . (...) - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
SS - | Auto 2013-11-09 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-11-09 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-10-23 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2013-04-04 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 2013-04-04 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Disabled 2013-11-16 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 2013-09-05 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 2010-04-02 73728 | (Sony SCSI Helper Service) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
SS - | Disabled 2013-03-26 216976 | (THAccelSvc) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
SS - | Disabled 2013-03-19 53864 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =.Toshiba Corporation
SS - | Disabled 2009-07-28 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SS - | Disabled 2013-01-28 322400 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =.Toshiba Corporation
SS - | Disabled 2013-03-11 462688 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Demand 1658-07-10 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 1658-07-10 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 1658-07-10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SS - | Demand 2013-08-22 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 28s



---\\ Scan Additionnel (O88)
Database Version : 12996 - (2013-11-22)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 6

[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =PUP.Elex^
[HKCU\Software\Mixi.DJ] =Toolbar.MixiDJ
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\TBSBrowser.exe] =Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =Toolbar.Bing^
C:\Users\jean-claude\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =PUP.Elex^
C:\Users\jean-claude\AppData\Local\Temp\airE18F.exe =Adware.Bloson^
C:\Users\jean-claude\AppData\Local\Temp\SHSetup.exe =Crapware.SpyHunter^
C:\Users\jean-claude\AppData\Local\Temp\tbInt0.dll =Toolbar.Conduit^
C:\Users\jean-claude\AppData\Local\Temp\GoogleToolbarInstaller1.log =PUP.Babylon
C:\Users\jean-claude\AppData\Local\Temp\GoogleToolbarInstaller2.log =PUP.Babylon
~ Additionnel Scan: 276493 Items scanned in 01mn 19s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blo ... 6-pup-elex =PUP.Elex
~ http://nicolascoolman.webs.com/apps/blo ... dosearches =PUP.DoSearches
~ http://nicolascoolman.webs.com/apps/blo ... are-bloson =Adware.Bloson
~ http://nicolascoolman.webs.com/apps/blo ... -spyhunter =Crapware.SpyHunter
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit =Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... ar-babylon =PUP.Babylon
~ MSI: 6 link(s) detected in 01mn 19s



~ 1221 Legitimates filtered by white list
End of the scan (410 lines in 03mn 53s)(0)
Avatar du membre
par jcdesrochers
#78383
BonjourRapport de ZHPFix 2013.11.19.7 par Nicolas Coolman, Update du 19/11/2013
Fichier d'export Registre :
Run by jean-claude at 2013-11-23 08:17:02
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Recycle Bin emptied (00mn 09s)

========== Process memory ==========
REMOVES: Memory Process: C:\Users\jean-claude\AppData\Local\Temp\air6248.exe
REMOVES: Memory Process: C:\Users\jean-claude\AppData\Local\Temp\airE18F.exe
REMOVES: Memory Process: C:\Users\jean-claude\AppData\Local\Temp\SHSetup.exe

========== Memory modules ==========
REMOVES: Memory Module: C:\Users\jean-claude\AppData\Local\Temp\tbInt0.dll

========== Registry keys ==========
REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}]
REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
REMOVES: HKCU\Software\Mixi.DJ
REMOVES: [HKLM\Software\Classes\Installer\Products\\28D186A376158144EBAB8E99416866B5]
REMOVES: [HKLM\Software\Classes\Installer\Features\28D186A376158144EBAB8E99416866B5]
REMOVES: Service: BBSvc
REMOVES: Service: BBUpdate
REMOVES: HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\TBSBrowser.exe

========== Registry values ==========
REMOVES: Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f}
REMOVES: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

========== Elements of the registry data ==========
REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R1 Search Page =

========== Folders ==========
REMOVES: C:\Users\jean-claude\AppData\Local\{2206DF12-0370-4024-99DB-C08D27DDEC84}

========== Files ==========
REMOVES: c:\users\jean-claude\appdata\local\google\chrome\user data\default\preferences
REMOVES: c:\users\public\desktop\mozilla firefox.lnk
REMOVES: c:\programdata\microsoft\windows\start menu\programs\mozilla firefox.lnk
REMOVES: c:\users\jean-claude\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk
REMOVES: c:\users\jean-claude\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk
REMOVES: c:\users\jean-claude\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\mozilla firefox.lnk
REMOVES: c:\users\jean-claude\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk
REMOVES: C:\Users\jean-claude\AppData\Local\Temp\GoogleToolbarInstaller1.log
REMOVES: C:\Users\jean-claude\AppData\Local\Temp\GoogleToolbarInstaller2.log
REMOVES: c:\program files (x86)\microsoft\bingbar\7.3.114.0\bbsvc.exe
REMOVES Reboot: c:\program files (x86)\microsoft\bingbar\7.3.114.0\seaport.exe
Deletes temporary Windows (1547) (344 934 662 octets)
REMOVES Flash Cookies (0) (0 octets)

========== System restore ==========
The system successfully created restore point


========== Summary ==========
3 : Process memory
1 : Memory modules
8 : Registry keys
2 : Registry values
3 : Elements of the registry data
1 : Folders
13 : Files
1 : System restore


End of clean in 01mn 03s

========== Path to file report ==========
C:\Users\jean-claude\AppData\Roaming\ZHP\ZHPFix[R1].txt - 2013-11-23 08:17:12 [3254]
voici le rapport
Avatar du membre
par jcdesrochers
#78458
mbam rapport
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
http://www.malwarebytes.org

Version de la base de données: v2013.11.23.05

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16438
jean-claude :: JC [administrateur]

Protection: Activé

2013-11-23 09:23:26
MBAM-log-2013-11-23 (10-31-02).txt

Type d'examen: Examen complet (C:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 362346
Temps écoulé: 1 heure(s), 6 minute(s), 13 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.DoSearch.A) - Mauvais: (http://do-search.com/web/?type=dsts=138 ... earchTerms}) Bon: (http://www.google.com) - Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearch.A) - Mauvais: (http://do-search.com/?type=hpts=1384553 ... X13TCFCXAS) Bon: (http://www.google.com) - Aucune action effectuée.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearch.A) - Mauvais: (http://do-search.com/?type=hpts=1384553 ... X13TCFCXAS) Bon: (http://www.google.com) - Aucune action effectuée.

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 5
C:\Users\jean-claude\AppData\Roaming\ZHP\Quarantine\air6248.exe.VIR (PUP.Optional.DefaultTab.A) - Aucune action effectuée.
C:\Users\jean-claude\Downloads\AdwCleaner_brff(1).exe (PUP.Optional.Conduit.A) - Aucune action effectuée.
C:\Users\jean-claude\Downloads\AdwCleaner_brff(2).exe (PUP.Optional.Conduit.A) - Aucune action effectuée.
C:\Users\jean-claude\Downloads\AdwCleaner_brff(3).exe (PUP.Optional.Conduit.A) - Aucune action effectuée.
C:\Users\jean-claude\Downloads\AdwCleaner_brff.exe (PUP.Optional.Conduit.A) - Aucune action effectuée.

(fin)
Avatar du membre
par jcdesrochers
#78515
Bonjour Gabriel
Do-search semble du moins éliminé de mon PC Voici
le rapport mbam rapport et j'ai supprimé
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
http://www.malwarebytes.org

Version de la base de données: v2013.11.23.05

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16438
jean-claude :: JC [administrateur]

Protection: Activé

2013-11-23 10:40:30
mbam-log-2013-11-23 (10-40-30).txt

Type d'examen: Examen complet (C:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 362337
Temps écoulé: 1 heure(s), 4 minute(s), 56 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.DoSearch.A) - Mauvais: (http://do-search.com/web/?type=dsts=138 ... earchTerms}) Bon: (http://www.google.com) - Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearch.A) - Mauvais: (http://do-search.com/?type=hpts=1384553 ... X13TCFCXAS) Bon: (http://www.google.com) - Aucune action effectuée.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearch.A) - Mauvais: (http://do-search.com/?type=hpts=1384553 ... X13TCFCXAS) Bon: (http://www.google.com) - Aucune action effectuée.

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 5
C:\Users\jean-claude\AppData\Roaming\ZHP\Quarantine\air6248.exe.VIR (PUP.Optional.DefaultTab.A) - Aucune action effectuée.
C:\Users\jean-claude\Downloads\AdwCleaner_brff(1).exe (PUP.Optional.Conduit.A) - Aucune action effectuée.
C:\Users\jean-claude\Downloads\AdwCleaner_brff(2).exe (PUP.Optional.Conduit.A) - Aucune action effectuée.
C:\Users\jean-claude\Downloads\AdwCleaner_brff(3).exe (PUP.Optional.Conduit.A) - Aucune action effectuée.
C:\Users\jean-claude\Downloads\AdwCleaner_brff.exe (PUP.Optional.Conduit.A) - Aucune action effectuée.

(fin)
Avatar du membre
par 2011N2
#78520
Re,

Y'a toujours marqué qu'aucune action n'a été effectuée mais je te fais confiance.

Fais moi un nouveau rapport ZHPDiag pour voir si c'est propre.

Gabriel.
Avatar du membre
par jcdesrochers
#78543
Voici ZHP diag
~ Report of ZHPDiag v2013.11.22.46 - Nicolas Coolman (2013-11-22)
~ Launched by jean-claude (2013-11-23 13:23:37)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16438
MFIE: Mozilla Firefox 25.0.1 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 6JCMG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v9.0.2007
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Information on the system
~ Processor: AMD64 Family 21 Model 19 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7363 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 631 GB (92%) free of 685 GB

---\\ Connection to the system mode
~ Computer Name: JC
~ User Name: jean-claude
~ All Users Names: jean-claude, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\jean-claude\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jean-claude\AppData\Roaming\
~ %Desktop% : C:\Users\jean-claude\Desktop\
~ %Favorites% : C:\Users\jean-claude\Favorites\
~ %LocalAppData% : C:\Users\jean-claude\AppData\Local\
~ %StartMenu% : C:\Users\jean-claude\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 631 Go of 685 Go)
D: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.2013-10-22 - 02:55:27.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2013-08-22 - 04:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.92E05214CC073A85CEDFF9BD4966F96B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-10-18 - 22:53:26.) -- C:\Windows\System32\wininet.dll [2332160]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2013-08-22 - 04:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.2013-08-22 - 05:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.2013-08-22 - 08:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2013-08-22 - 07:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2013-08-22 - 06:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2013-08-22 - 03:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2013-08-22 - 06:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2013-08-22 - 06:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.2013-08-22 - 06:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.2013-09-29 - 23:14:00.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.2013-09-29 - 23:13:57.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.2013-08-22 - 06:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-08-22 - 08:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.2013-08-22 - 06:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2013-08-22 - 06:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.2013-09-29 - 22:59:53.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.2013-08-22 - 08:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2013-08-22 - 07:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/113
~ Mes musiques (My Musics) : 1/1101
~ Mes Favoris (My Favorites) : 1/31
~ Mes Documents (My Documents) : 1/13
~ Mon Bureau (My Desktop) : 1/33
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 01s



---\\ Process running
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2404]
[MD5.736E57247F12EACECDB224B8D1F7F187] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.3896]
[MD5.ACA0A7CF75AAD65FBF2EB88C47012D7E] - (.TOSHIBA Corporation - Sleep and Charge Service.) -- C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392] [PID.3004]
[MD5.849D66021A0EF43A20137BA9D85ECADF] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.6532]
[MD5.D4B602FF4916CBF70ED21A2ECF8E576D] - (.Microsoft - Microsoft Solitaire Collection.) -- C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.0.1.31107_x86__8wekyb3d8bbwe\Solitaire.exe [1043968] [PID.6052]
[MD5.B9562F200149C64CC53D47F969CEA6C3] - (.Microsoft Corporation - Hôte Microsoft WWA.) -- C:\WINDOWS\syswow64\wwahost.exe [518656] [PID.4832]
[MD5.77BD0166102F3B9BB9499B2952C3BCFA] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [92024] [PID.6640]
[MD5.EE889775E0F9755C90FAEBFB93FBD781] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [805992] [PID.1644]
[MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8262144] [PID.3048]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\prefs.js
M0 - MFSP: prefs.js [jean-claude - u52m4roy.default] http://support.me
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com =PUP.DoSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Desktop Assist.lnk . (...) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Desktop Assist\TosDesktopAssist.exe (.not file.)
O4 - GS\Desktop [Public]: Nouvelles Canadienne.lnk - Orphan key
O4 - GS\Desktop [Public]: PagesJaunes.ca.lnk - Orphan key
O4 - GS\Desktop [Public]: Quicken 2012.lnk . (.Intuit Inc. - Quicken Launcher.) -- C:\Program Files (x86)\Quicken\qw.exe
O4 - GS\Desktop [Public]: Reader for PC.lnk . (.Sony Corporation - Reader for PC.) -- C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe
O4 - GS\Desktop [Public]: Reader Library.lnk . (.Sony Corporation - Reader Library.) -- C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe
O4 - GS\Program [Public]: Desktop.lnk - Orphan key
O4 - GS\TaskBar [jean-claude]: Evernote.lnk . (...) -- C:\windows\Installer\{0BE73D3C-B5AF-11E1-933A-984BE15F174E}\Evernote.ico
O4 - GS\TaskBar [jean-claude]: FRST64.lnk . (...) -- C:\Users\jean-claude\AppData\Local\Microsoft\Windows\INetCache\IE\SAVVVM77\FRST64.exe (.not file.)
O4 - GS\TaskBar [jean-claude]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [jean-claude]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote.) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
O4 - GS\Desktop [jean-claude]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote.) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
~ Global Startup: 56 Legitimates Filtered in 00mn 01s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [jean-claude]: EvernoteClipper.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote Clipper.) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe (.not file.)
O4 - HKLM\..\Run: [TecoResident] . (.TOSHIBA Corporation - Resident module of eco Utility.) -- C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =.Skype Technologies S.A.
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [TSVU] . (.TOSHIBA - TOSHIBA Display Setup Launcher.) -- c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(R) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Reader Library Launcher] . (.Sony Corporation - Reader Library Launcher.) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Reader Application Helper] . (.Sony Corporation - Reader Application Helper.) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-1487622431-3749382543-737347118-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1487622431-3749382543-737347118-1001\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =.Microsoft Corporation
O9 - Extra button: Notes liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E502E682-AEEF-40A9-B168-3DBC1EB1578D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpDomain = hsd1.fl.comcast.net.
O17 - HKLM\System\CS1\Services\Tcpip\..\{E502E682-AEEF-40A9-B168-3DBC1EB1578D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpDomain = hsd1.fl.comcast.net.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
[MD5.6EF487A46FB615DF717F85D7458BD2CD] [APT] [TODDMain] (...) -- C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 09s



---\\ HKCU HKLM Software Keys
[HKLM\Software\Wow6432Node\epubforwindows]
~ Key Software: 160 Legitimates Filtered in 00mn 01s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] - 2013-11-16 - 08:12:23 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [385528]
O44 - LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] - 2013-11-16 - 08:12:23 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385528]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2013-11-20 - 19:38:00 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 219 Legitimates Filtered in 00mn 36s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 2013-11-09 - 18:00:21 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.0A5E9225002C08C5A5869E9CC3C2D209] [WIS][2011-11-10] (.Intuit - Quicken.) -- C:\Windows\Installer\302f5d.msi [4743680]
~ WIS: 123 Legitimates Filtered in 00mn 28s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 2013-09-03 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 2013-10-13 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 2013-09-26 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Disabled 2013-09-07 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2013-11-09 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Disabled 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Disabled 2013-04-10 16720 | (dts_apo_service) . (...) - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
SS - | Auto 2013-11-09 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-11-09 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-10-23 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2013-04-04 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 2013-04-04 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Disabled 2013-11-16 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 2013-09-05 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 2010-04-02 73728 | (Sony SCSI Helper Service) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
SS - | Disabled 2013-03-26 216976 | (THAccelSvc) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
SS - | Disabled 2013-03-19 53864 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =.Toshiba Corporation
SS - | Disabled 2009-07-28 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SS - | Disabled 2013-01-28 322400 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =.Toshiba Corporation
SS - | Disabled 2013-03-11 462688 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Demand 1658-07-10 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 1658-07-10 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 1658-07-10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SS - | Demand 2013-08-22 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 30s



---\\ Scan Additionnel (O88)
Database Version : 12996 - (2013-11-22)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 271771 Items scanned in 01mn 17s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blo ... dosearches =PUP.DoSearches
~ MSI: 1 link(s) detected in 01mn 17s



~ 1155 Legitimates filtered by white list
End of the scan (349 lines in 03mn 43s)(0)
Avatar du membre
par jcdesrochers
#79239
Voici ZHP diag
~ Report of ZHPDiag v2013.11.22.46 - Nicolas Coolman (2013-11-22)
~ Launched by jean-claude (2013-11-23 13:23:37)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16438
MFIE: Mozilla Firefox 25.0.1 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 6JCMG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v9.0.2007
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Information on the system
~ Processor: AMD64 Family 21 Model 19 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7363 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 631 GB (92%) free of 685 GB

---\\ Connection to the system mode
~ Computer Name: JC
~ User Name: jean-claude
~ All Users Names: jean-claude, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\jean-claude\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jean-claude\AppData\Roaming\
~ %Desktop% : C:\Users\jean-claude\Desktop\
~ %Favorites% : C:\Users\jean-claude\Favorites\
~ %LocalAppData% : C:\Users\jean-claude\AppData\Local\
~ %StartMenu% : C:\Users\jean-claude\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 631 Go of 685 Go)
D: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.2013-10-22 - 02:55:27.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2013-08-22 - 04:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.92E05214CC073A85CEDFF9BD4966F96B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-10-18 - 22:53:26.) -- C:\Windows\System32\wininet.dll [2332160]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2013-08-22 - 04:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.2013-08-22 - 05:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.2013-08-22 - 08:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2013-08-22 - 07:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2013-08-22 - 06:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2013-08-22 - 03:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2013-08-22 - 06:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2013-08-22 - 06:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.2013-08-22 - 06:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.2013-09-29 - 23:14:00.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.2013-09-29 - 23:13:57.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.2013-08-22 - 06:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-08-22 - 08:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.2013-08-22 - 06:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2013-08-22 - 06:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.2013-09-29 - 22:59:53.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.2013-08-22 - 08:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2013-08-22 - 07:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/113
~ Mes musiques (My Musics) : 1/1101
~ Mes Favoris (My Favorites) : 1/31
~ Mes Documents (My Documents) : 1/13
~ Mon Bureau (My Desktop) : 1/33
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 01s



---\\ Process running
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2404]
[MD5.736E57247F12EACECDB224B8D1F7F187] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.3896]
[MD5.ACA0A7CF75AAD65FBF2EB88C47012D7E] - (.TOSHIBA Corporation - Sleep and Charge Service.) -- C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392] [PID.3004]
[MD5.849D66021A0EF43A20137BA9D85ECADF] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.6532]
[MD5.D4B602FF4916CBF70ED21A2ECF8E576D] - (.Microsoft - Microsoft Solitaire Collection.) -- C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.0.1.31107_x86__8wekyb3d8bbwe\Solitaire.exe [1043968] [PID.6052]
[MD5.B9562F200149C64CC53D47F969CEA6C3] - (.Microsoft Corporation - Hôte Microsoft WWA.) -- C:\WINDOWS\syswow64\wwahost.exe [518656] [PID.4832]
[MD5.77BD0166102F3B9BB9499B2952C3BCFA] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [92024] [PID.6640]
[MD5.EE889775E0F9755C90FAEBFB93FBD781] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [805992] [PID.1644]
[MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8262144] [PID.3048]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\jean-claude\AppData\Roaming\Mozilla\Firefox\Profiles\u52m4roy.default\prefs.js
M0 - MFSP: prefs.js [jean-claude - u52m4roy.default] http://support.me
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com =PUP.DoSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Desktop Assist.lnk . (...) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Desktop Assist\TosDesktopAssist.exe (.not file.)
O4 - GS\Desktop [Public]: Nouvelles Canadienne.lnk - Orphan key
O4 - GS\Desktop [Public]: PagesJaunes.ca.lnk - Orphan key
O4 - GS\Desktop [Public]: Quicken 2012.lnk . (.Intuit Inc. - Quicken Launcher.) -- C:\Program Files (x86)\Quicken\qw.exe
O4 - GS\Desktop [Public]: Reader for PC.lnk . (.Sony Corporation - Reader for PC.) -- C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe
O4 - GS\Desktop [Public]: Reader Library.lnk . (.Sony Corporation - Reader Library.) -- C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe
O4 - GS\Program [Public]: Desktop.lnk - Orphan key
O4 - GS\TaskBar [jean-claude]: Evernote.lnk . (...) -- C:\windows\Installer\{0BE73D3C-B5AF-11E1-933A-984BE15F174E}\Evernote.ico
O4 - GS\TaskBar [jean-claude]: FRST64.lnk . (...) -- C:\Users\jean-claude\AppData\Local\Microsoft\Windows\INetCache\IE\SAVVVM77\FRST64.exe (.not file.)
O4 - GS\TaskBar [jean-claude]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [jean-claude]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote.) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
O4 - GS\Desktop [jean-claude]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote.) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
~ Global Startup: 56 Legitimates Filtered in 00mn 01s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [jean-claude]: EvernoteClipper.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote Clipper.) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe (.not file.)
O4 - HKLM\..\Run: [TecoResident] . (.TOSHIBA Corporation - Resident module of eco Utility.) -- C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =.Skype Technologies S.A.
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [TSVU] . (.TOSHIBA - TOSHIBA Display Setup Launcher.) -- c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(R) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Reader Library Launcher] . (.Sony Corporation - Reader Library Launcher.) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Reader Application Helper] . (.Sony Corporation - Reader Application Helper.) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-1487622431-3749382543-737347118-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1487622431-3749382543-737347118-1001\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =.Microsoft Corporation
O9 - Extra button: Notes liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E502E682-AEEF-40A9-B168-3DBC1EB1578D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpDomain = hsd1.fl.comcast.net.
O17 - HKLM\System\CS1\Services\Tcpip\..\{E502E682-AEEF-40A9-B168-3DBC1EB1578D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{F29B38AA-9493-43E7-9DC6-2D1EBEA82C65}: DhcpDomain = hsd1.fl.comcast.net.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
[MD5.6EF487A46FB615DF717F85D7458BD2CD] [APT] [TODDMain] (...) -- C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 09s



---\\ HKCU HKLM Software Keys
[HKLM\Software\Wow6432Node\epubforwindows]
~ Key Software: 160 Legitimates Filtered in 00mn 01s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] - 2013-11-16 - 08:12:23 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [385528]
O44 - LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] - 2013-11-16 - 08:12:23 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385528]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2013-11-20 - 19:38:00 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 219 Legitimates Filtered in 00mn 36s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 2013-11-09 - 18:00:21 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.0A5E9225002C08C5A5869E9CC3C2D209] [WIS][2011-11-10] (.Intuit - Quicken.) -- C:\Windows\Installer\302f5d.msi [4743680]
~ WIS: 123 Legitimates Filtered in 00mn 28s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 2013-09-03 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 2013-10-13 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 2013-09-26 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Disabled 2013-09-07 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2013-11-09 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Disabled 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Disabled 2013-04-10 16720 | (dts_apo_service) . (...) - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
SS - | Auto 2013-11-09 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-11-09 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-10-23 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2013-04-04 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 2013-04-04 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Disabled 2013-11-16 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 2013-09-05 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 2010-04-02 73728 | (Sony SCSI Helper Service) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
SS - | Disabled 2013-03-26 216976 | (THAccelSvc) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
SS - | Disabled 2013-03-19 53864 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =.Toshiba Corporation
SS - | Disabled 2009-07-28 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SS - | Disabled 2013-01-28 322400 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =.Toshiba Corporation
SS - | Disabled 2013-03-11 462688 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Demand 1658-07-10 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 1658-07-10 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 1658-07-10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SS - | Demand 2013-08-22 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 30s



---\\ Scan Additionnel (O88)
Database Version : 12996 - (2013-11-22)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 271771 Items scanned in 01mn 17s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blo ... dosearches =PUP.DoSearches
~ MSI: 1 link(s) detected in 01mn 17s



~ 1155 Legitimates filtered by white list
End of the scan (349 lines in 03mn 43s)(0)

Bonjour Gabriel
1) update checker est en place et il fonctionne
2) usb Fix est considéré par Avast et Microsoft comme un site de hameçonnage. Ils ne laissent pas s'installer.
3)DelFix a été installer ci-joint le rapport
# DelFix v10.6 - Rapport créé le 25/11/2013 à 14:38:46
# Mis à jour le 11/11/2013 par Xplode
# Nom d'utilisateur : jean-claude - JC
# Système d'exploitation : Windows 8.1 (64 bits)

~ Activation de l'UAC ... OK

~ Suppression des outils de désinfection ...

Supprimé : C:\USBFix
Supprimé : C:\FRST
Supprimé : C:\AdwCleaner
Supprimé : C:\Users\jean-claude\AppData\Roaming\ZHP
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Users\jean-claude\Desktop\mbar
Supprimé : C:\Program Files (x86)\ZHPDiag
Supprimé : C:\logFileUI.txt
Supprimé : C:\Users\jean-claude\Desktop\JRT.txt
Supprimé : C:\Users\jean-claude\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\jean-claude\Desktop\ZHPFix.lnk
Supprimé : C:\Users\jean-claude\Downloads\adwcleaner.exe
Supprimé : C:\Users\jean-claude\Downloads\AdwCleaner_brff(1).exe
Supprimé : C:\Users\jean-claude\Downloads\AdwCleaner_brff(2).exe
Supprimé : C:\Users\jean-claude\Downloads\AdwCleaner_brff(3).exe
Supprimé : C:\Users\jean-claude\Downloads\AdwCleaner_brff.exe
Supprimé : C:\Users\jean-claude\Downloads\ZHPDiag2.exe
Supprimée : HKLM\SOFTWARE\OldTimer Tools
Supprimée : HKLM\SOFTWARE\AdwCleaner
Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix
Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Sauvegarde de la base de registre ... OK

~ Purge de la restauration système ...

Supprimé : RP #5 [avast! antivirus system restore point | 11/09/2013 22:59:12]
Supprimé : RP #6 [Windows Update | 11/13/2013 10:08:58]
Supprimé : RP #7 [Windows Update | 11/16/2013 14:36:49]
Supprimé : RP #8 [Installed SpyHunter | 11/21/2013 00:33:13]
Supprimé : RP #9 [ZHPFix Restore System Point | 11/23/2013 13:16:31]
Supprimé : RP #10 [Installed Adobe Reader XI. | 11/25/2013 16:40:19]

Nouveau point de restauration créé !

~ Réinitialisation des paramètres système ... OK

########## - EOF - ##########
Avatar du membre
par jcdesrochers
#79310
Results of screen317's Security Check version 0.99.77
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.9.900.117
Adobe Reader XI
Mozilla Firefox (25.0.1)
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Avatar du membre
par jcdesrochers
#79378
Bonjour

J'ai suivi le processus et je comprend en bonne partie.
Le seul petit problème a été USB Fix je n'ai pas été capable de l'installer car Avast le considère comme un site de hameçonnage.
Encore Merci
par Dori@n
#87161
Image Bonjour,

Nous n'avons plus de nouvelle de l'auteur de ce sujet depuis plus de 10 jours. Nous considérons donc ce problème comme résolu ou abandonné par son auteur. La prochaine fois, merci de nous tenir au courant de l'évolution de votre problème, ou à faire un UP régulièrement !

Ce sujet est verrouillé, si vous souhaitez le reprendre, merci de contacter par message privé un membre de l'équipe de modération du forum.

À bientôt sur FEI !
Bug PC

Bonsoir Nicouille04 Oui, une restauration &agra[…]

Une partie de mon problème a ét&eacu[…]

désinstaller sophos

:bonjour: tu remets frst et addition je t'ai de[…]

Hello!

Nice to meet you, guys! Opportunities like schola[…]