virus? Résolu/Fermé

Question

Bonsoir,
Mon ordinateur - window 7entreprise - est TRES lent, je me demande si je n'ai pas un virus. 
J'avais Avast, que j'ai désinstallé pour Microsoft Security Essentials.
Comment savoir si mon ordinateur est infecté? Et, au passage, si Avast a correctement été désinstallé ?

kingk06 · Answer

salut,

 
 Scan ZHPDiag :  

   Nous allons utiliser cet outil de diagnostic pour voir tous les problèmes 

Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau

Cliquez ensuite sur le fichier téléchargé pour exécuter l'installation du logiciel.
Laissez vous guider lors de l'installation en laissant les réglages par défaut,

 ==> Surtout, n'oublie pas d'installer son icône sur le bureau l'icône est en forme de parchemin 

Suite à ces actions,l'outil a créé"2°"raccourcis ( ZHPFix, ZHPDiag ) 


Pour exécuter une analyse complète, cliquez sur l'icône bureau "ZHPDiag" représentant un "parchemin".

Dans l'interface du logiciel, cliquez sur le bouton "Configurer" pour accéder aux réglages.

Cliquez ensuite sur bouton "Loupe +" en bas à gauche, pour lancer un Diagnostic Full options. ==>  ICI IMAGE

L'analyse s'effectue, patientez quelques minutes pendant le travail de l'outil indiqué par "Traitement en cours..."

A l'issue de l'analyse qui sera indiquée dans l'interface du programme, 100%, le rapport va s'ouvrir dans le bloc note. => 

==>NOTE: Il faut héberger ce rapport qui se trouve sur le bureau, celui-ci étant trop long pour être posté sur le forum Pour héberger le rapport Rendez vous sur le site Cjoint ==> https://www.cjoint.com/ 

=> Pour t'aider http://www.pc-infopratique.com/forum-informatique/tutoriel-heberger-rapport-vt-67934.html 

clic ici tutorial  zhpdiag 

Le rapport ZHPDiag.txt sera aussi sur votre bureau. En cas de nécessité, il est sauvegardé dans C:\ZHP\ZHPDiag.txt.

Iris1045 · Answer

Voila ! 
C'est ça ?  : https://www.cjoint.com/?3LstRBu88Z1

kingk06 · Answer

Tu as des adwares fais ce qui suit, dans l'ordre 

 1)Télécharge ==> AdwCleaner (de Xplode) sur ton bureau 
 
Double-clique sur l'icône présente sur ton bureau pour le lancer (Vista/7/8 --> Clic droit et "Exécuter en tant qu'administrateur")
Clique sur le bouton "Scanner"

Lorsque l'analyse est terminée, il est indiqué "En attente. Veuillez décocher les éléments...." au dessus de la barre de progression
Clique sur le bouton Nettoyer

Accepte le message de fermeture des applications

Valide, après lecture, la fenêtre d'information sur les PUP/LPI
Accepte le message de redémarrage

Patiente durant la suppression
Le PC va redémarrer et un rapport s'ouvrira automatiquement dans le bloc-notes après redémarrage Copie/colle son contenu dans ta prochaine réponse

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt 

___________________________________________________________>>>

On va utiliser un outil en complément à Adwcleaner:

==> 2) Télécharge ici ==>Junkware Removal Tool

si ça marche pas lien direct ici => http://thisisudax.org/downloads/JRT.exe 

==> (ne clique pas sur télécharger, le téléchargement va débuter automatiquement) 

==> Enregistre-le sur ton bureau.

==> Ferme toutes les applications en cours.

==> Ouvre JRT.exe et appuie sur Entrée : si tu es sous Windows Vista, 7 ou 8, ouvre-le en faisant : clic droit => Exécuter en tant qu'administrateur.

==> Patiente le temps que l'outil travaille : le bureau va disparaître quelques instants, c'est tout à fait normal.

-> À la fin de l'analyse, un rapport nommé JRT.txt va s'ouvrir. Héberge-le comme ceci http://www.forum-entraide-informatique.com/support/cjoint-com-tutoriel-t2939.html et poste le lien obtenu dans ta prochaine réponse.

==>Tutoriel :=> ICI JRT

Iris1045 · Answer

Alors pour le 1/ j'ai fait scanner, c'est terminé, mais rien ne se passe... ni fenêtre, ni rapport, ni "en attente" ...

kingk06 · Answer

Clique sur le bouton Nettoyer

Iris1045 · Answer

effectivement ça a marché :-) 
voici le rapport : 
# AdwCleaner v3.015 - Report created 19/12/2013 at 00:50:51
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : user - USER-LAP
# Running from : C:\Users\user\Downloads\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\ Internet Explorer v11.0.9600.16428


-\ Google Chrome v31.0.1650.63

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1355 octets] - [18/12/2013 20:51:33]
AdwCleaner[R1].txt - [1419 octets] - [18/12/2013 21:15:21]
AdwCleaner[R2].txt - [1479 octets] - [19/12/2013 00:48:12]
AdwCleaner[S0].txt - [1412 octets] - [19/12/2013 00:50:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1472 octets] ##########

kingk06 · Answer

ok fais la suite avec JRT 

et supprimer ceci => Trend Micro OfficeScan Client v10.5

Iris1045 · Answer

Voici le rapport JRT, j'espère que c'est bien ca






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Enterprise x86
Ran by user on Thu 12/19/2013 at  1:18:41.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3495645949-2252045420-2483743716-1000\Software\Microsoft\Internet Explorer\Main\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E638C7A-12A8-4B2E-A401-421E0835D0AB}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/19/2013 at  1:41:02.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

kingk06 · Answer

Re,

ok pour JRT ;)

tu à supprimer ceci  ? = > Trend Micro OfficeScan Client v10.5

Iris1045 · Answer

Je cherche mais je ne trouve pas ce que c'est......

kingk06 · Answer

bon pas graver je vais le faire moi a prés ;) Ensuite Fais ceci ==> 3)Télécharge =>> Malwarebytes'Antimalwares Procèdes à l'installation de celui çi Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware PRO" La mise à jour du programme va se faire directement ; si ce n'est pas le cas, clique sur Recherche de mises à jour ***Attention le scan peut durer assez longtemps environ 2h voire plus...*** =>Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.<= => Fais une analyse complète en cliquant sur Exécuter un examen complet Sélectionne les lecteurs à analyser et clique sur Lancer l'examen L'analyse peut durer un certain temps Lorsque l'analyse est terminée, => clique sur OK puis sur Afficher les résultats ***/!\"IMPORTANT "Assure-toi que tout est coché et clique sur "Supprimer"la sélection puis sur "OK"/!\*** Le bloc-note va s'ouvrir qui contiendra un rapport Copie (Ctrl+C)/Colle (Ctrl+V) le rapport dans ta prochaine réponse /!\ Il est possible que certains fichiers devront être supprimés au redémarrage du PC. Il faut le faire en cliquant sur Oui à la question posée pour retrouver le rapport ouvre MBAM +> onglet rapports/logs l Le dernier en date => image ICI==> onglet rapports/logs =>Si tu as besoin d'aide regarde ce tutoriel ==>ICI tutoriel<== ou là==> malware-tutoriel<== (Garde Malwarebytes sur ton PC pour des scans réguliers de temps en temps)

Iris1045 · Answer

Merci! et désolée, je n'ai toujours pas compris ce que c'est Trend Micro OfficeScan Client v10.5 ni ou le trouver !!
Voici le rapport :


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
user :: USER-LAP [administrator]

Protection: Enabled

12/19/2013 1:32:43 PM
mbam-log-2013-12-19 (13-32-43).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317000
Time elapsed: 3 hour(s), 34 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\user\Downloads\SkypeSetup-aoc-jd.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\vlcmediaplayer-setup.exe (PUP.DownloadAdmin) -> Quarantined and deleted successfully.

(end)

kingk06 · Answer

dans le rapport de ZHPDiag => http://cjoint.com/data3/3LstRBu88Z1.htm

---\ System protection software
Microsoft Security Client v4.4.0304.0
Trend Micro OfficeScan Client v10.5
Windows Defender W7 

puis =>

pour contrôle refais un nouveau log ZHPDiag:  stp
regarde l'image ici =>
https://www.cjoint.com/c/CJukFzALKYy 
Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> https://www.cjoint.com/

Iris1045 · Answer

Voila le lien de l'hébergement : https://www.cjoint.com/?3Ltw2SoMdGY Et le rapport ~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (12/14/2013) ~ Launched by user (12/19/2013 8:32:45 PM) ~ Web site address : https://nicolascoolman.webs.com/ ~ Free support forums for disinfection : https://nicolascoolman.webs.com/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\ Internet browsers MSIE: Internet Explorer v11.0.9600.16476 GCIE: Google Chrome v31.0.1650.63 (Defaut) ---\ Windows product information ~ Langage: Anglais Windows 7 Enterprise, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, VOLUME_MAK channel Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ System protection software Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.4.0304.0 Trend Micro OfficeScan Client v10.5 Windows Defender W7 ---\ System optimization software CCleaner v4.07 =>Piriform Ltd ---\ Sharing software PeerToPeer ---\ Surveillance software Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 45 ---\ Information on the system ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3002.8 MB (52% free) System Restore: Activé (Enable) System drive C: has 172 GB (63%) free of 270 GB ---\ Connection to the system mode ~ Computer Name: USER-LAP ~ User Name: user ~ All Users Names: user, Guest, Administrator, ~ Unselected Option: None Logged in as Administrator ---\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\user\AppData\Roaming\ ~ %Desktop% : C:\Users\user\Desktop\ ~ %Favorites% : C:\Users\user\Favorites\ ~ %LocalAppData% : C:\Users\user\AppData\Local\ ~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 172 Go of 270 Go) D: Hard drive, Flash drive, Thumb drive (Free 195 Go of 195 Go) E: CD-ROM drive (Free 0 Go of 0 Go) ---\ State of the Windows Security Center [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified ~ Security Center: 46 Legitimates Filtered in 00mn AMs ---\ Search Generic System Files [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 7:30:54 AM.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 3:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/26/2013 - 8:33:33 AM.) -- C:\Windows\System32\wininet.dll [1820160] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.11/20/2010 - 1:17:56 PM.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.11/20/2010 - 1:21:26 PM.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/14/2013 - 2:48:58 AM.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 3:26:15 AM.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 1:11:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:38:12 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:42:34 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:59:30 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 1:11:24 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 1:54:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 4:17:22 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:39:46 AM.) -- C:\Windows\system32\Drivers etBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.4/12/2013 - 3:45:29 PM.) -- C:\Windows\system32\Drivers tfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 1:45:35 AM.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 1:54:34 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 11:24:48 AM.) -- C:\Windows\system32\Drivers dpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 1:53:41 AM.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:39:18 AM.) -- C:\Windows\system32\Drivers dx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.11/20/2010 - 1:30:18 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 02mn AMs ---\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/5046 ~ Mes musiques (My Musics) : 1/1422 ~ Mes Videos (My Videos) : 1/55 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 3/807 ~ Mon Bureau (My Desktop) : 1/306 ~ Menu demarrer (Programs) : 1/25 ~ Hidden Files: Scanned in 14mn AMs ---\ Process running [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3768] [MD5.CF8826B8A0C15E6F08AED52A91A832DE] - (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe [882776] [PID.2700] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.256] [MD5.1029B84ECBE4B95ACB8491A3FE63D70F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.2008] [MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.3124] [MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.1724] [MD5.2A1BE3D0B2F439ABB52EF1570D8EB4F7] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20549280] [PID.2176] [MD5.2F0EAAF91FC7A5C70D1F4BE9B18A1CF5] - (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe [354304] [PID.3712] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4056] [MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.4616] [MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.4964] [MD5.B888C567E8247E780D6A7E8BFD75C775] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [660480] [PID.0] ~ Processes Running: Scanned in 03mn AMs ---\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [aafjadljlfmdflceamoombjnhbfilggh] Search.us Home v.2.0.0.1599, (Activé) =>PUP.StartSearch G2 - GCE: Preference [User Data\Default] [dfogncpkkfnegidlbhiijikjekagckkk] Search.us Search v.2.0.0.1599, (Activé) =>Adware.Bandoo G2 - GCE: Preference [User Data\Default] [jfgomgcnnjcbkodippaajplchmepkkcm] Manta Ray v.1.5 (Activé) ~ Google Browser: 20 Legitimates Filtered in 52mn AMs ---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKCU] [@tightropeinteractive.com/Plugin] - (.Search.Us.com - npAPI Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599 pTNT2.dll =>PUP.StartSearch P2 - FPN: [HKCU] [@tnt2ghost.com/Plugin] - (.Search.Us.com - npAPI Ghost Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599 pTNT2ghost.dll =>PUP.StartSearch ~ Firefox Browser: 12 Legitimates Filtered in 00mn AMs ---\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.us.com/ =>PUP.StartSearch R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = https://search.us.com/ =>PUP.StartSearch R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Search.Us.com - npAPI Ghost Plugin.) (No version) -- (.not file.) =>PUP.StartSearch ~ IE Browser: 11 Legitimates Filtered in 00mn AMs ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn AMs ---\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn AMs ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn AMs ~ Nombre de lignes (Lines number): 22 ---\ Other User Links (O4) O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [user]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Administrator]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Global Startup: 75 Legitimates Filtered in 14mn AMs ---\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\db98c47c-b1c6-483e-89cf-cf77094ec8d3.exe (.not file.) O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe ~ Application: Scanned in 00mn AMs ---\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico ~ IE Extra Buttons: Scanned in 00mn AMs ---\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} ((no name)) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab ~ Objets ActiveX: Scanned in 00mn AMs ---\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CCS\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CS1\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CS2\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn AMs ---\ Extra protocols (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn AMs ---\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn AMs ---\ Software installed (O42) O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {682545CE-8E7A-4BF5-ABE4-A9547C8F4380} =>PUP.StartSearch O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {BCF727E5-7B53-48C7-8A8C-F36B13FDD18D} =>PUP.StartSearch ~ Logic: 26 Legitimates Filtered in 01mn AMs ---\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.63A02F14B2225694E2C0FA4A4CAF1473] - 12/13/2013 - 7:10:01 PM ---A- . (...) -- C:\Windows tbtlog.txt [62952] O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 12/19/2013 - 11:32:32 AM ---A- . (...) -- C:\Windows\win.ini [478] O44 - LFC:[MD5.2A5B94BAB7E4D6448BB5E47546E91C28] - 12/19/2013 - 8:37:57 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20736] O44 - LFC:[MD5.2A5B94BAB7E4D6448BB5E47546E91C28] - 12/19/2013 - 8:37:57 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20736] O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 12/5/2013 - 2:38:05 PM ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284] O44 - LFC:[MD5.CFAE025C29AE553872C7254CD78D2406] - 12/5/2013 - 2:41:42 PM ---A- . (...) -- C:\Windows\IE11_main.log [24853] ~ Files: 90 Legitimates Filtered in 11mn AMs ---\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.7B1626E357B7D03953D3BB29B8DA06DE] - 11/21/2013 - 12:21:07 PM ---A- - C:\Windows\Prefetch\SKYAAD5.TMP-CD9A09A9.pf O45 - LFCP:[MD5.FFC04637D17BEC2EF3C3EE688A45DDE9] - 12/13/2013 - 7:17:19 PM ---A- - C:\Windows\Prefetch\TMPFW.EXE-FFCD08D3.pf O45 - LFCP:[MD5.FB3E0DD4C4D783292F6CF377A374FD97] - 12/13/2013 - 7:18:55 PM ---A- - C:\Windows\Prefetch\TMBMSRV.EXE-AB2757B7.pf O45 - LFCP:[MD5.3631F6988F0A42BDAAA4A830406690D6] - 12/13/2013 - 7:27:05 PM ---A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf O45 - LFCP:[MD5.FC5CBF8CC177E7E8CC5D5A06447788B1] - 12/19/2013 - 7:59:36 PM ---A- - C:\Windows\Prefetch\CNTAOSMGR.EXE-2F20F093.pf O45 - LFCP:[MD5.5F31A8A979B9A1B444F203ECB6D0CA5E] - 12/19/2013 - 8:09:16 PM ---A- - C:\Windows\Prefetch\PCCNTMON.EXE-9C94F257.pf O45 - LFCP:[MD5.23890C0F3F66D1A125E74DEE68F214C9] - 12/19/2013 - 8:11:26 PM ---A- - C:\Windows\Prefetch\PCCNTUPD.EXE-2CA54AB4.pf ~ Prefetcher: 143 Legitimates Filtered in 04mn AMs ---\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn AMs ---\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{c13f622b-fe79-11e1-9aee-806e6f6e6963}\AutoRun\command. (...) -- E:\autorun.exe (.not file.) ~ Keys: Scanned in 00mn AMs ---\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 18 Legitimates Filtered in 00mn AMs ---\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/14/2009 - 3:20:28 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/14/2009 - 12:54:14 AM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/14/2009 - 3:19:04 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 11:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 11:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 11:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 11:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 11:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 11:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 11:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 11:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 11:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 11:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 11:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 11:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 11:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 18 Legitimates Filtered in 04mn AMs ---\ Last modified or created user files (O61) O61 - LFC: 12/18/2013 - 8:45:02 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman O61 - LFC: 12/18/2013 - 8:45:02 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\ZHPDiag.txt [29805] =>.Nicolas Coolman O61 - LFC: 12/18/2013 - 8:46:50 PM ---A- . (...) -- C:\Users\user\Downloads\adwcleaner (1).exe [1226750] O61 - LFC: 12/18/2013 - 8:47:01 PM ---A- . (...) -- C:\Users\user\Downloads\adwcleaner.exe [1226750] O61 - LFC: 12/19/2013 - 8:43:46 PM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [264269] O61 - LFC: 12/19/2013 - 8:44:02 PM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State [50055] O61 - LFC: 12/19/2013 - 8:45:02 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\Log.txt [41879] =>.Nicolas Coolman O61 - LFC: 12/19/2013 - 8:45:02 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\TestsZHPDiag.txt [2783] =>.Nicolas Coolman O61 - LFC: 12/19/2013 - 8:47:39 PM ---A- . (.Pelagos.) -- C:\Users\user\Downloads\Plan rapp stage hiv.doc [48128] O61 - LFC: 12/19/2013 - 8:47:40 PM ---A- . (.Pelagos.) -- C:\Users\user\Downloads\Rapport de stage pelagos 2.doc [48640] O61 - LFC: 12/19/2013 - 8:47:43 PM ---A- . (...) -- C:\Users\user\Downloads\UNDP- Corm.docx [609268] O61 - LFC: 12/19/2013 - 8:47:44 PM ---A- . (...) -- C:\Users\user\Downloads\UNDP27 (1).docx [603302] ~ 21 Fichiers temporaires (Temporary files) ~ Files: 224 Legitimates Filtered in 19mn AMs ---\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn AMs ---\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn AMs ---\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn AMs ---\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8 O69 - SBI: SearchScopes [HKCU] {8E638C7A-12A8-4B2E-A401-421E0835D0AB} - (Search.us) - https://search.us.com/ =>PUP.StartSearch O69 - SBI: SearchScopes [HKCU] {A6D36A1B-A63D-4847-BD27-91A947F7EF04} - (Yahoo) - https://search.yahoo.com/ O69 - SBI: SearchScopes [HKCU] {CA6B071B-2601-4077-B3E1-54764FB645DB} - (Yahoo!) - https://search.yahoo.com/ ~ Keys: Scanned in 00mn AMs ---\ Search Particular Root Folder (SPRF) (O84) [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/13/2013] (...) -- C:\Users\user\AppData\Local\Temp\mpam-41c501fb.exe [0] [MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][12/10/2013] (...) -- C:\Users\user\AppData\Local\Temp\Quarantine.exe [360051] ~ Files: 3 Legitimates Filtered in 03mn AMs ---\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 10/7/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 10/7/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 9/5/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 7/27/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 10/23/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 12/17/2012 1574936 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client trtscan.exe SR - | Auto 10/9/2013 3275136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SR - | Demand 9/11/2012 345648 | (TMBMServer) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\BM\TMBMSRV.exe SR - | Auto 12/17/2012 1650376 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client mlisten.exe SR - | Demand 4/15/2011 497272 | (TmPfw) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe SR - | Demand 4/15/2011 689680 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe SR - | Auto 7/14/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 20mn AMs ---\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 02mn AMs ---\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by user at 12/19/2013 10:45:55 PM ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 04mn AMs ---\ Scan Additionnel (O88) Database Version : 13013 - (12/14/2013) Clés trouvées (Keys found) : 4 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 0 [HKLM\Software\Google\Chrome\Extensions\aafjadljlfmdflceamoombjnhbfilggh] =>PUP.StartSearch^ [HKLM\Software\Google\Chrome\Extensions\dfogncpkkfnegidlbhiijikjekagckkk] =>Adware.Bandoo^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{682545CE-8E7A-4BF5-ABE4-A9547C8F4380}] =>PUP.StartSearch^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCF727E5-7B53-48C7-8A8C-F36B13FDD18D}] =>PUP.StartSearch^ [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{CFBFAE00-17A6-11D0-99CB-00C04FD64497} =>PUP.StartSearch^ C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjadljlfmdflceamoombjnhbfilggh =>PUP.StartSearch^ C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogncpkkfnegidlbhiijikjekagckkk =>Adware.Bandoo^ ~ Additionnel Scan: 198012 Items scanned in 37mn AMs ---\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch =>PUP.StartSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ MSI: 2 link(s) detected in 37mn AMs ~ 1281 Legitimates filtered by white list End of the scan (460 lines in 49mn AMs)(0)

kingk06 · Answer

puis fais ceci => >>>Attention script personnalisé à ne pas reproduire sur un autre ordinateur risque de plantage !<<< => Copie tout le texte existant dans le fichier hébergé : <<< ouvre le fiches ICI >>> http://cjoint.com/data3/3Lui5RwlLmN.htm (Sélectionne-le, clique droit dessus et choisis "tout sélectionner"). => Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.(icône seringue) (Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur) => Une fois ZHPFix ouvert => clique sur "importer" Vérifie bien que toutes les lignes se collent automatiquement dans ZHPFix. image ici clic sur "GO" en bas de page et confirme par oui pour lancer le nettoyage des données ==> laisse travailler l'outil et ne touche à rien ... ==> Si il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le ! le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt . ==> Copie/colle la totalité du rapport dans ta prochaine réponse. ==> : https://www.cjoint.com/ Copie le lien dans ta prochaine réponse. ( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt ) Redémarre le PC et poste le rapport stp. tuto ici ==> ZHPFi ici tu a un tutorial en vidéo => https://www.youtube.com/watch?v=PgsbvafSLuI

Iris1045 · Answer

Bonjour,
Tout d'abord bonne année!
Désolée du retard de ma réponse, je n'avais plus accès à internet.

Je ne crois pas que le ZHPFix ait marché car aucun rapport ne s'est affiché. Sur mon bureau il y a seulement le rapport JRT et ZHP Diag
Dois-je relancer ZHP fix? le lien n'est plus d'actualité par contre...

Merci !!

kingk06 · Answer

Re, tu a comme antivirus Microsoft Security Client v4.4.0304.0 désinstaller=> Trend Micro OfficeScan Client v10.5 puis fais ceci => Utilisation de l'outil ZHPFix : puis fais ceci => >>>Attention script personnalisé à ne pas reproduire sur un autre ordinateur risque de plantage !<<< => Copie tout le texte existant dans le fichier hébergé : <<< ouvre le fiches ICI >>> http://cjoint.com/data/0AgbjqcJ0wI.htm (Sélectionne-le, clique droit dessus et choisis "tout sélectionner"). => Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.(icône seringue) (Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur) => Une fois ZHPFix ouvert => clique sur "importer" Vérifie bien que toutes les lignes se collent automatiquement dans ZHPFix. image ici clic sur "GO" en bas de page et confirme par oui pour lancer le nettoyage des données ==> laisse travailler l'outil et ne touche à rien ... ==> Si il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le ! le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt . ==> Copie/colle la totalité du rapport dans ta prochaine réponse. ==> : https://www.cjoint.com/ Copie le lien dans ta prochaine réponse. ( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt ) Redémarre le PC et poste le rapport stp. tuto ici ==> ZHPFi ici tu a un tutorial en vidéo => https://www.youtube.com/watch?v=PgsbvafSLuI ou ici => Pour t'aider Allez jusqu'au bout de votre désinfection, même si vous notez une amélioration après les premiers outils passés Bonne année :D

Iris1045 · Answer

Vraiment désolé, mais impossible de trouver Trend Micro OfficeScan Client v10.5 pour le désinstaller. Mon antiviru est microsoft security essential, dois-je le désinstaller ??

JE lance ZHPFix quand meme ??

kingk06 · Answer

ok

oui lance ZHPFix  et poste le rapport

Iris 1045 · Answer

Bonjour, j'ai essayé plusieurs fois de lancer ZHPFix, je crois que ça ne marche pas, il tourne mais ne charge pas (la barre en bas est verte sur 3 milimètres seulement alors que ça fait des heures que je l'ai lancé) 
Y a t il une autre solution?

kingk06 · Answer

Re,

essais de le faire mode sans échec avec prise en charge de réseau  <<<<

Au redémarrage de ton pc tapote sur la touche F8 où F5 dans le menu qui s'affiche choisis mode sans échec avec prise en charge de réseau (avec la flèche de direction du haut)

=> Comment rebooter en mode sans échec Sous XP/Vista/Win7/Win8

Iris1045 · Answer

Je l'ai relance en mode sans echec, meme resultat : il a tourne toute la nuit sans avancees... 
Est ce que je dois reprendre depuis le debut et refaire un ZHPDiag ?
Merci beaucoup

kingk06 · Answer

Re,

ok on va refaire le le fix !

pour contrôle refais un nouveau log ZHPDiag:  stp
regarde l'image ici => https://www.cjoint.com/c/CJukFzALKYy 
Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> https://www.cjoint.com/

Iris 1045 · Answer

Merci pour votre patience :-) Voici le rapport ZHPDiag : ~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (12/14/2013) ~ Launched by user (1/15/2014 10:55:22 AM) ~ Web site address : http://nicolascoolman.webs.com ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\ Internet browsers MSIE: Internet Explorer v11.0.9600.16476 GCIE: Google Chrome v31.0.1650.63 (Defaut) ---\ Windows product information ~ Langage: Anglais Windows 7 Enterprise, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, VOLUME_MAK channel Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ System protection software Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.4.0304.0 Trend Micro OfficeScan Client v10.5 Windows Defender W7 ---\ System optimization software CCleaner v4.07 =>Piriform Ltd ---\ Sharing software PeerToPeer ---\ Surveillance software Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 45 ---\ Information on the system ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3002.8 MB (59% free) System Restore: Activé (Enable) System drive C: has 173 GB (64%) free of 270 GB ---\ Connection to the system mode ~ Computer Name: USER-LAP ~ User Name: user ~ All Users Names: user, Guest, Administrator, ~ Unselected Option: None Logged in as Administrator ---\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\user\AppData\Roaming\ ~ %Desktop% : C:\Users\user\Desktop\ ~ %Favorites% : C:\Users\user\Favorites\ ~ %LocalAppData% : C:\Users\user\AppData\Local\ ~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 173 Go of 270 Go) D: Hard drive, Flash drive, Thumb drive (Free 195 Go of 195 Go) E: CD-ROM drive (Free 0 Go of 0 Go) ---\ State of the Windows Security Center [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified ~ Security Center: 46 Legitimates Filtered in 00mn AMs ---\ Search Generic System Files [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 7:30:54 AM.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 3:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/26/2013 - 8:33:33 AM.) -- C:\Windows\System32\wininet.dll [1820160] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.11/20/2010 - 1:17:56 PM.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.11/20/2010 - 1:21:26 PM.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/14/2013 - 2:48:58 AM.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 3:26:15 AM.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 1:11:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:38:12 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:42:34 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:59:30 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 1:11:24 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 1:54:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 4:17:22 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:39:46 AM.) -- C:\Windows\system32\Drivers etBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.4/12/2013 - 3:45:29 PM.) -- C:\Windows\system32\Drivers tfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 1:45:35 AM.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 1:54:34 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 11:24:48 AM.) -- C:\Windows\system32\Drivers dpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 1:53:41 AM.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:39:18 AM.) -- C:\Windows\system32\Drivers dx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.11/20/2010 - 1:30:18 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 04mn AMs ---\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/5046 ~ Mes musiques (My Musics) : 1/1422 ~ Mes Videos (My Videos) : 1/55 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 3/809 ~ Mon Bureau (My Desktop) : 3/322 ~ Menu demarrer (Programs) : 1/25 ~ Hidden Files: Scanned in 09mn AMs ---\ Process running [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2868] [MD5.B63E5C7807334A3A8F731062F15462CC] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008] [PID.3128] [MD5.CF8826B8A0C15E6F08AED52A91A832DE] - (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe [882776] [PID.3148] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.3212] [MD5.1029B84ECBE4B95ACB8491A3FE63D70F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.3228] [MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.3236] [MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.3268] [MD5.2F0EAAF91FC7A5C70D1F4BE9B18A1CF5] - (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe [354304] [PID.3452] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4700] [MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.4128] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\RunDll32.exe [0] [PID.1252] ~ Processes Running: Scanned in 02mn AMs ---\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [aafjadljlfmdflceamoombjnhbfilggh] Search.us Home v.2.0.0.1599, (Activé) =>PUP.StartSearch G2 - GCE: Preference [User Data\Default] [dfogncpkkfnegidlbhiijikjekagckkk] Search.us Search v.2.0.0.1599, (Activé) =>Adware.Bandoo G2 - GCE: Preference [User Data\Default] [jfgomgcnnjcbkodippaajplchmepkkcm] Manta Ray v.1.5 (Activé) ~ Google Browser: 20 Legitimates Filtered in 14mn AMs ---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKCU] [@tightropeinteractive.com/Plugin] - (.Search.Us.com - npAPI Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599 pTNT2.dll =>PUP.StartSearch P2 - FPN: [HKCU] [@tnt2ghost.com/Plugin] - (.Search.Us.com - npAPI Ghost Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599 pTNT2ghost.dll =>PUP.StartSearch ~ Firefox Browser: 12 Legitimates Filtered in 01mn AMs ---\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.us.com =>PUP.StartSearch R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.us.com =>PUP.StartSearch R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Search.Us.com - npAPI Ghost Plugin.) (No version) -- (.not file.) =>PUP.StartSearch ~ IE Browser: 11 Legitimates Filtered in 00mn AMs ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn AMs ---\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn AMs ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn AMs ~ Nombre de lignes (Lines number): 22 ---\ Other User Links (O4) O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [user]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Administrator]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Global Startup: 75 Legitimates Filtered in 33mn AMs ---\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\db98c47c-b1c6-483e-89cf-cf77094ec8d3.exe (.not file.) O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe ~ Application: Scanned in 02mn AMs ---\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico ~ IE Extra Buttons: Scanned in 00mn AMs ---\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} ((no name)) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab ~ Objets ActiveX: Scanned in 00mn AMs ---\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CCS\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 10.30.30.107 10.30.30.148 O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CS1\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 10.30.30.107 10.30.30.148 O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CS2\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 10.30.30.107 10.30.30.148 O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.30.30.107 10.30.30.148 ~ Domain: Scanned in 00mn AMs ---\ Extra protocols (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn AMs ---\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn AMs ---\ Software installed (O42) O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {682545CE-8E7A-4BF5-ABE4-A9547C8F4380} =>PUP.StartSearch O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {BCF727E5-7B53-48C7-8A8C-F36B13FDD18D} =>PUP.StartSearch ~ Logic: 26 Legitimates Filtered in 02mn AMs ---\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.627501FD298ACACBB327CC4269CA3AF0] - 1/14/2014 - 8:27:45 PM ---A- . (...) -- C:\Windows tbtlog.txt [125254] O44 - LFC:[MD5.82E4D00AFB920F5935821CF16912EBCC] - 1/15/2014 - 11:00:39 AM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20960] O44 - LFC:[MD5.82E4D00AFB920F5935821CF16912EBCC] - 1/15/2014 - 11:00:39 AM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20960] ~ Files: 10 Legitimates Filtered in 50mn AMs ---\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.737E39C0D3859F0A9551EC9339120CD7] - 1/15/2014 - 10:49:31 AM ---A- - C:\Windows\Prefetch\CNTAOSMGR.EXE-2F20F093.pf ~ Prefetcher: 58 Legitimates Filtered in 01mn AMs ---\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn AMs ---\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{c13f622b-fe79-11e1-9aee-806e6f6e6963}\AutoRun\command. (...) -- E:\autorun.exe (.not file.) ~ Keys: Scanned in 00mn AMs ---\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 18 Legitimates Filtered in 00mn AMs ---\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/14/2009 - 3:20:28 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/14/2009 - 12:54:14 AM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/14/2009 - 3:19:04 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 11:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 11:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 11:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 11:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 11:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 11:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 11:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 11:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 11:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 11:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 11:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 11:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 11:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 18 Legitimates Filtered in 06mn AMs ---\ Last modified or created user files (O61) O61 - LFC: 1/14/2014 - 11:13:15 AM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [267844] O61 - LFC: 1/14/2014 - 11:21:32 AM ---A- . (...) -- C:\Users\user\Downloads\Ibn Taymiya http.docx [16300] O61 - LFC: 1/15/2014 - 11:13:15 AM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [6] O61 - LFC: 1/15/2014 - 11:14:58 AM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State [54065] O61 - LFC: 1/15/2014 - 11:16:40 AM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\Log.txt [87218] =>.Nicolas Coolman O61 - LFC: 1/15/2014 - 11:16:40 AM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\TestsZHPDiag.txt [2783] =>.Nicolas Coolman ~ 10 Fichiers temporaires (Temporary files) ~ Files: 224 Legitimates Filtered in 34mn AMs ---\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn AMs ---\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn AMs ---\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn AMs ---\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {8E638C7A-12A8-4B2E-A401-421E0835D0AB} - (Search.us) - http://search.us.com =>PUP.StartSearch O69 - SBI: SearchScopes [HKCU] {A6D36A1B-A63D-4847-BD27-91A947F7EF04} - (Yahoo) - http://search.yahoo.com O69 - SBI: SearchScopes [HKCU] {CA6B071B-2601-4077-B3E1-54764FB645DB} - (Yahoo!) - http://search.yahoo.com ~ Keys: Scanned in 00mn AMs ---\ Search Particular Root Folder (SPRF) (O84) [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/13/2013] (...) -- C:\Users\user\AppData\Local\Temp\mpam-41c501fb.exe [0] [MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][12/10/2013] (...) -- C:\Users\user\AppData\Local\Temp\Quarantine.exe [360051] ~ Files: 3 Legitimates Filtered in 03mn AMs ---\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 10/7/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 10/7/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 9/5/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 7/27/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 10/23/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 12/17/2012 1574936 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client trtscan.exe SR - | Auto 10/9/2013 3275136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SR - | Demand 9/11/2012 345648 | (TMBMServer) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\BM\TMBMSRV.exe SR - | Auto 12/17/2012 1650376 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client mlisten.exe SR - | Demand 4/15/2011 497272 | (TmPfw) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe SR - | Demand 4/15/2011 689680 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe SR - | Auto 7/14/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 07mn AMs ---\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 02mn AMs ---\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by user at 1/15/2014 11:35:35 AM ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 04mn AMs ---\ Scan Additionnel (O88) Database Version : 13013 - (12/14/2013) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 0 [HKLM\Software\Google\Chrome\Extensions\aafjadljlfmdflceamoombjnhbfilggh] =>PUP.StartSearch^ [HKLM\Software\Google\Chrome\Extensions\dfogncpkkfnegidlbhiijikjekagckkk] =>Adware.Bandoo^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{682545CE-8E7A-4BF5-ABE4-A9547C8F4380}] =>PUP.StartSearch^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCF727E5-7B53-48C7-8A8C-F36B13FDD18D}] =>PUP.StartSearch^ [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{CFBFAE00-17A6-11D0-99CB-00C04FD64497} =>PUP.StartSearch^ C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjadljlfmdflceamoombjnhbfilggh =>PUP.StartSearch^ C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogncpkkfnegidlbhiijikjekagckkk =>Adware.Bandoo^ ~ Additionnel Scan: 200038 Items scanned in 38mn AMs ---\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch =>PUP.StartSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ MSI: 3 link(s) detected in 38mn AMs ~ 1116 Legitimates filtered by white list End of the scan (446 lines in 53mn AMs)(0)

kingk06 · Answer

=> Télécharge sur le bureau  => RogueKiller 

=> Quitte tous tes programmes en cours.

=> Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur

=> Sinon lance simplement RogueKiller.exe

NOTE: Si l'infection bloque le programme, il faut le relancer plusieurs fois ou le renommer en winlogon.exe 

=> Patiente pendant le pre-scan, puis clique sur le bouton Scan

=> Un rapport RKreport.txt a du se créer sur le bureau, poste-le.

=> Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.

Iris 1045 · Answer

Le lien ne corresponds pas à ma version window 7, j'ai téléchargée une autre mais à la fin de l'analyse il met que : version is outdated. Le seul rapport : 

[Params]
EulaAccepted=true

kingk06 · Answer

SUPPRIMER LA PREMIÈRE VERSION ET PREND CELUI-CI=>

ici => RogueKiller  
 
Allez jusqu'au bout de votre désinfection, même si vous notez une amélioration après les premiers outils passés Bonne année :D

Iris 1045 · Answer

J'ai parlé trop vite il marche apres 3 essais

Iris 1045 · Answer

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : user [Admin rights] Mode : Scan -- Date : 01/15/2014 21:54:04 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 192.168.15.19 ossrv1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABF050 +++++ --- User --- [MBR] c57d75757a7e7c1cc62adde52f878812 [BSP] bcf821d318a8c5b85f0be73f6c0b1203 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 276839 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 567173120 | Size: 199999 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_01152014_215404.txt >>

kingk06 · Answer

=> Quitte tous tes programmes en cours

=> Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur

=> Sinon lance simplement RogueKiller.exe

=> Patiente pendant le pre-scan, clique sur Scan

=> Vérifie que tous les éléments sont cochés puis clique sur [Suppression]

=> Poste le rapport RKreport.txt présent sur le bureau .

Iris 1045 · Answer

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : user [Admin rights] Mode : Remove -- Date : 01/15/2014 22:17:21 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 192.168.15.19 ossrv1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABF050 +++++ --- User --- [MBR] c57d75757a7e7c1cc62adde52f878812 [BSP] bcf821d318a8c5b85f0be73f6c0b1203 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 276839 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 567173120 | Size: 199999 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_01152014_221721.txt >> RKreport[0]_S_01152014_215404.txt

kingk06 · Answer

Utilisation de l'outil ZHPFix : puis fais ceci => >>>Attention script personnalisé à ne pas reproduire sur un autre ordinateur risque de plantage !<<< => Copie tout le texte existant dans le fichier hébergé : <<< ouvre le fiches ICI >>> http://cjoint.com/data3/3ApvXAEQl3N.htm (Sélectionne-le, clique droit dessus et choisis "tout sélectionner"). => Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.(icône seringue) (Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur) => Une fois ZHPFix ouvert => clique sur "importer" Vérifie bien que toutes les lignes se collent automatiquement dans ZHPFix. image ici clic sur "GO" en bas de page et confirme par oui pour lancer le nettoyage des données ==> laisse travailler l'outil et ne touche à rien ... ==> Si il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le ! le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt . ==> Copie/colle la totalité du rapport dans ta prochaine réponse. ==> : https://www.cjoint.com/ Copie le lien dans ta prochaine réponse. ( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt ) Redémarre le PC et poste le rapport stp. tuto ici ==> ZHPFi ici tu a un tutorial en vidéo => https://www.youtube.com/watch?v=PgsbvafSLuI ou ici => Pour t'aider

Iris 1045 · Answer

Bonjour, 
J'ai lancé le ZHPFix, mais même résultat : il a tourné toute la nuit mais sans avancer ...

kingk06 · Answer

Re,

ok on verra en suite fais ceci =>  Pre_Scan

iris 1045 · Answer

Bonjour!
Voila le rapport de pre_scan

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 4.01.23.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 12:37:09

~ Update on 23/01/2014 | 08.30 by g3n-h@ckm@n
~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/
~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/
~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/

~ [user (Administrator)] - [USER-LAP]
~ SID = S-1-5-21-3495645949-2252045420-2483743716-1000

~ System : Windows 7 Enterprise (32 bits) Enterprise Service Pack 1
~ TotalValidations : 2
~ ProcessorNameString : Intel(R) Core(TM)2 Solo CPU    U3500  @ 1.40GHz
~ Identifier : x86 Family 6 Model 23 Stepping 10


~ Memory RAM = Total (MB) : 3075 | Free (MB) : 2274
~ Pagefile = Total (MB) : 6148 | Free (MB) : 5117
~ Virtual = Total (MB) : 2097 | Free (MB) : 1881

¤¤¤¤¤¤¤¤¤¤ | Boot's scripts

C:\Windows\Setup\Scripts\Setupcomplete.cmd

¤¤¤¤¤¤¤¤¤¤ | Drives

c:\-> [Fixed] | [] | Total : 276840 Mo | Free : 177310 Mo -> NTFS
d:\-> [Fixed] | [] | Total : 200000 Mo | Free : 199650 Mo -> NTFS
e:\-> [CDROM] | [Audio CD]

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

Last(s) détection(s) : 2014-01-25 10:31:53
Last(s) download(s) : 2014-01-16 07:40:32
Last(s) installation(s) : 2014-01-16 06:47:12
Next search : 2014-01-26 08:02:44


¤¤¤¤¤¤¤¤¤¤ | Sessions

~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\user
~ C:\Users\Administrator

New restorepoint created : To restore the registry : C:\Pre_Scan\Save\Scan\ERDNT.exe

Standby deleted !


¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.16428     (© Microsoft Corporation.)
GC : 32.0.1700.76     (Copyright 2012 Google Inc.)

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

FlashPlayer ActiveX : 11.3.300.265
FlashPlayer Plugin : 11.3.300.265

¤¤¤¤¤¤¤¤¤¤ | Security

AV : Trend Micro OfficeScan Antivirus Disabled
AS : Microsoft Security Essentials Disabled
FW : Trend Micro Personal Firewall Disabled

¤¤¤¤¤¤¤¤¤¤ | stopped Processes

1500 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe
1660 | C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.6.5.0) -> "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe"
1708 | C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe"
1832 | C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (.Skype Technologies S.A. - Skype C2C Service.) - (6.13.0.13771) -> "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
420 | C:\Windows\system32	askhost.exe (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) -> "taskhost.exe"
620 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
1088 | C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
2128 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) -> C:\Windows\Explorer.EXE
2572 | C:\Program Files\Common Files\Java\Java Update\jusched.exe (.Oracle Corporation - Java(TM) Update Scheduler.) - (2.1.9.8) -> "C:\Program Files\Common Files\Java\Java Update\jusched.exe" 
2580 | C:\Windows\System32\igfxtray.exe (.Intel Corporation - igfxTray Module.) - (8.15.10.2202) -> "C:\Windows\System32\igfxtray.exe" 
2588 | C:\Windows\System32\hkcmd.exe (.Intel Corporation - hkcmd Module.) - (8.15.10.2202) -> "C:\Windows\System32\hkcmd.exe" 
2596 | C:\Windows\System32\igfxpers.exe (.Intel Corporation - persistence Module.) - (8.15.10.2202) -> "C:\Windows\System32\igfxpers.exe" 
2604 | C:\Program Files\Microsoft Security Client\msseces.exe (.Microsoft Corporation - Microsoft Security Client User Interface.) - (4.4.304.0) -> "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
2612 | C:\Program Files\Windows Sidebar\sidebar.exe (.Microsoft Corporation - Windows Desktop Gadgets.) - (6.1.7601.17514) -> "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
2628 | C:\Windows\System32\StikyNot.exe (.Microsoft Corporation - Sticky Notes.) - (6.1.7600.16385) -> "C:\Windows\System32\StikyNot.exe" 
3416 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding
4152 | C:\Windows\system32\wuauclt.exe (.Microsoft Corporation - Windows Update.) - (7.6.7600.256) -> "C:\Windows\system32\wuauclt.exe"
2928 | C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (.Trend Micro Inc. - Trend Micro OfficeScan Client Plug-in Service Manager.) - (2.0.0.1188) -> "C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe"
4892 | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (.Microsoft Corporation - Microsoft Office Software Protection Platform Service.) - (14.0.370.400) -> "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
2736 | C:\Windows\system32	askhost.exe (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) -> "taskhost.exe"
3616 | C:\Windows\system32	askeng.exe (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) -> taskeng.exe {1DD3B762-9536-4BB2-8494-2C43524BF9CE}
5776 | C:\Program Files\Google\Update\GoogleUpdate.exe (.Google Inc. - Google Installer.) - (1.3.21.103) -> "C:\Program Files\Google\Update\GoogleUpdate.exe" /c
5592 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.76) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" 
3192 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.76) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5592.0.853070250\270502690" --disable-image-transport-surface --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,5,13,23 --disable-accelerated-video-decode --gpu-vendor-id=8086 --gpu-device-id=2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2202 --ignored=" --type=renderer " /prefetch:822062411
3716 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe"
152 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.76) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=fr --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group3 pct:10c stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="5592.4.749822958\1969739152" /prefetch:673131151
2488 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
2532 | C:\Windows\system32\SearchFilterHost.exe (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchFilterHost.exe" 0 500 504 512 65536 508 

Boot : Normal  

¤¤¤¤¤¤¤¤¤¤ | Running processes


[07/10/2013 19:52:45] - 336 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.18113) -> \SystemRoot\System32\smss.exe   [69632 Ko]
[14/07/2009 01:11:09] - 432 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16   [6144 Ko]
[14/07/2009 01:36:49] - 484 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) -> wininit.exe   [96256 Ko]
[14/07/2009 01:11:09] - 492 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16   [6144 Ko]
[14/09/2012 20:21:51] - 548 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.17514) -> winlogon.exe   [286720 Ko]
[14/07/2009 01:11:26] - 584 | C:\Windows\system32\services.exe (.Microsoft Corporation - Services and Controller app.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe   [259072 Ko]
[13/11/2013 16:03:46] - 600 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18270) -> C:\Windows\system32\lsass.exe   [22016 Ko]
[14/09/2012 20:22:03] - 608 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe   [267776 Ko]
[14/07/2009 01:19:28] - 716 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch   [20992 Ko]
[14/07/2009 01:19:28] - 820 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS   [20992 Ko]
[23/10/2013 15:01:10] - 868 | C:\Program Files\Microsoft Security Client\MsMpEng.exe (.Microsoft Corporation - Antimalware Service Executable.) - (4.4.304.0) -> "C:\Program Files\Microsoft Security Client\MsMpEng.exe"   [22208 Ko]
[14/07/2009 01:19:28] - 1004 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted   [20992 Ko]
[14/07/2009 01:19:28] - 1056 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted   [20992 Ko]
[14/07/2009 01:19:28] - 1080 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService   [20992 Ko]
[14/07/2009 01:19:28] - 1116 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs   [20992 Ko]
[14/07/2009 01:19:28] - 1396 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService   [20992 Ko]
[14/07/2009 01:19:28] - 1536 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork   [20992 Ko]
[19/12/2013 12:24:55] - 1748 | C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"   [701512 Ko]
[16/01/2012 20:01:48] - 1796 | C:\Program Files\Trend Micro\OfficeScan Client
trtscan.exe (.Trend Micro Inc. - Trend Micro Common Client Real-time Scan Service (32-bit).) - (11.5.0.1824) -> "C:\Program Files\Trend Micro\OfficeScan Client
trtscan.exe"   [1574936 Ko]
[16/01/2012 20:07:24] - 1252 | C:\Program Files\Trend Micro\OfficeScan Client	mlisten.exe (.Trend Micro Inc. - Trend Micro Common Client Communication Service.) - (11.5.0.1824) -> "C:\Program Files\Trend Micro\OfficeScan Client	mlisten.exe"   [1650376 Ko]
[14/07/2009 01:24:23] - 2064 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe"   [92672 Ko]
[14/07/2009 01:19:28] - 2472 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation   [20992 Ko]
[18/01/2012 03:58:20] - 2564 | C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) - (10.5.0.2328) -> "C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe" -HideWindow   [882776 Ko]
[15/04/2011 21:26:56] - 3004 | C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (.Trend Micro Inc. - Trend Micro Personal Firewall Service.) - (5.82.0.1030) -> "C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe"   [497272 Ko]
[14/07/2009 01:19:28] - 3724 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted   [20992 Ko]
[17/09/2012 21:42:54] - 3932 | C:\Program Files\Trend Micro\BM\TMBMSRV.exe (.Trend Micro Inc. - Manages the Trend Micro unauthorized change prevention feature.) - (2.95.0.1162) -> "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service   [345648 Ko]
[15/04/2011 21:20:54] - 3236 | C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (.Trend Micro Inc. - Trend Micro Proxy Service.) - (5.82.0.1030) -> "C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe"   [689680 Ko]
[25/01/2014 12:24:00] - 3508 | C:\Users\user\Downloads\Pre_Scan.exe (. - Pre_Scan.) - (4.1.23.1) -> "C:\Users\user\Downloads\Pre_Scan.exe"    [2698752 Ko]
[14/09/2012 20:21:45] - 2560 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe   [257536 Ko]
[29/03/2011 05:31:14] - 5052 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"   [1713536 Ko]
[29/03/2011 05:31:16] - 5308 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) -> WLIDSvcM.exe 5052   [193920 Ko]
[14/09/2012 19:51:29] - 1340 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding   [427520 Ko]
[14/09/2012 20:21:59] - 4964 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe"   [1121792 Ko]
[14/09/2012 19:53:07] - 1844 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe   [317440 Ko]
[14/09/2012 20:22:05] - 4072 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Windows Modules Installer.) - (6.1.7601.17514) -> C:\Windows\servicing\TrustedInstaller.exe   [204800 Ko]
[14/07/2009 01:41:43] - 708 | C:\Windows\System32undll32.exe (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) -> C:\Windows\System32undll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding   [44544 Ko]
[14/09/2012 19:51:29] - 6076 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"    [164352 Ko]
[14/09/2012 19:51:29] - 4868 | C:\Windows\system32\SearchFilterHost.exe (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchFilterHost.exe" 0 500 504 512 65536 508    [86528 Ko]

¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !


¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK !

Changed : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ | Associations

Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe


¤

Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"

¤¤¤¤¤¤¤¤¤¤ | Registry

Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0

¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access



¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

Safeboot Keys are O.K

Alternate shell is OK !

¤

Safeboot Minimal Subkeys : O.K !

¤

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ | IFEO


¤¤¤¤¤¤¤¤¤¤ | Mountpoints2

Deleted : HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{c13f622b-fe79-11e1-9aee-806e6f6e6963} | AutoRun\command : E:\autorun.exe


¤¤¤¤¤¤¤¤¤¤ | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

Winsrv : OK !


[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : 
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0

¤¤¤¤¤¤¤¤¤¤ | Security Center






¤¤¤¤¤¤¤¤¤¤ | Services Corrections


Repaired : [HKLM | Services\agp440] : 3 -> 2
Repaired : [HKLM | Services\EapHost] : 3 -> 2
Repaired : [HKLM | Services\SharedAccess] : 4 -> 2
Repaired : [HKLM | Services\windefend] : 3 -> 2
Repaired : [HKLM | Services\wudfsvc] : 3 -> 2
Repaired : [HKLM | Services\WerSvc] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://search.us.com/?guid={BCF727E5-7B53-48C7-8A8C-F36B13FDD18D}&serpv=5 -> http://www.google.com/
Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKLM\Software\Microsoft\Internet Explorer\AboutURLs]|[Tabs] : http://search.us.com/?guid={BCF727E5-7B53-48C7-8A8C-F36B13FDD18D}&serpv=5 -> res://ieframe.dll/tabswelcome.htm

¤

Repaired : [HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Cleaned 

¤¤¤¤¤¤¤¤¤¤ | reparsepoint



¤¤¤¤¤¤¤¤¤¤ | Offsets detection


¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry


Removed : C:\$Recycle.bin\S-1-5-21-3495645949-2252045420-2483743716-500
Removed : C:\$Recycle.bin\S-1-5-21-4292706814-1702609081-6705846-1922
Removed : C:\$Recycle.bin\S-1-5-21-3495645949-2252045420-2483743716-1000


Moved to quarantine successfully : C:\Users\user\AppData\Local\microsoft\windows\WebCacheLock.dat
Moved to quarantine successfully : C:\Windows\assembly	mp\
Moved to quarantine successfully : C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

Prefetch -> Emptied 



D:\ : Vaccinated (Vaccin created by Pre_Scan)
E:\ : Impossible to vaccinate

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Drive C:] : Hidden : 1 | Restored : 1
~ [Program Files] : Hidden : 3 | Restored : 3
~ [Users] : Hidden : 2 | Restored : 2
~ [Pictures] : Hidden : 6 | Restored : 6
~ [Documents] : Hidden : 75 | Restored : 75
~ [Desktop] : Hidden : 13 | Restored : 13
~ [Searches] : Hidden : 2 | Restored : 2
~ [Windows] : Hidden : 78 | Restored : 78
~ [Libraries] : Hidden : 44 | Restored : 44


¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)

 Disk: 0   Size=477G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    07-NTFS    100M   Yes   No         2,048      204,800
  1    1    07-NTFS    277G   No    No       206,848  566,966,272
  2    2    07-NTFS    200G   No    No   567,173,120  409,597,952

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1

End : 12:50:39


Standby Restored !
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 298

kingk06 · Answer

Re,

ok ;) 

pour contrôle refais un nouveau log ZHPDiag:  stp
regarde l'image ici => https://www.cjoint.com/c/CJukFzALKYy 
Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> https://www.cjoint.com/

iris 1045 · Answer

voila ! ~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (12/14/2013) ~ Launched by user (1/25/2014 1:29:09 PM) ~ Web site address : http://nicolascoolman.webs.com ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Deactivate by user ---\ Internet browsers MSIE: Internet Explorer v11.0.9600.16476 GCIE: Google Chrome v32.0.1700.76 (Defaut) ---\ Windows product information ~ Langage: Anglais Windows 7 Enterprise, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, VOLUME_MAK channel Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ System protection software Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.4.0304.0 Trend Micro OfficeScan Client v10.5 Windows Defender W7 ---\ System optimization software CCleaner v4.07 =>Piriform Ltd ---\ Sharing software PeerToPeer ---\ Surveillance software Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 45 ---\ Information on the system ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3002.8 MB (69% free) System Restore: Activé (Enable) System drive C: has 173 GB (63%) free of 270 GB ---\ Connection to the system mode ~ Computer Name: USER-LAP ~ User Name: user ~ All Users Names: user, Guest, Administrator, ~ Unselected Option: None Logged in as Administrator ---\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\user\AppData\Roaming\ ~ %Desktop% : C:\Users\user\Desktop\ ~ %Favorites% : C:\Users\user\Favorites\ ~ %LocalAppData% : C:\Users\user\AppData\Local\ ~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 173 Go of 270 Go) D: Hard drive, Flash drive, Thumb drive (Free 195 Go of 195 Go) E: CD-ROM drive (Free 0 Go of 0 Go) ---\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ~ Security Center: 46 Legitimates Filtered in 00mn AMs ---\ Search Generic System Files [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 7:30:54 AM.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 3:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/26/2013 - 8:33:33 AM.) -- C:\Windows\System32\wininet.dll [1820160] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.11/20/2010 - 1:17:56 PM.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.11/20/2010 - 1:21:26 PM.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/14/2013 - 2:48:58 AM.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 3:26:15 AM.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 1:11:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:38:12 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:42:34 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:59:30 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 1:11:24 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 1:54:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 4:17:22 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:39:46 AM.) -- C:\Windows\system32\Drivers etBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.4/12/2013 - 3:45:29 PM.) -- C:\Windows\system32\Drivers tfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 1:45:35 AM.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 1:54:34 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 11:24:48 AM.) -- C:\Windows\system32\Drivers dpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 1:53:41 AM.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:39:18 AM.) -- C:\Windows\system32\Drivers dx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.11/20/2010 - 1:30:18 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn AMs ---\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/5046 ~ Mes musiques (My Musics) : 1/1422 ~ Mes Videos (My Videos) : 1/55 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 1/814 ~ Mon Bureau (My Desktop) : 1/346 ~ Menu demarrer (Programs) : 1/25 ~ Hidden Files: Scanned in 03mn AMs ---\ Process running [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.388] [MD5.1029B84ECBE4B95ACB8491A3FE63D70F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.2040] [MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.492] [MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.1316] [MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20584608] [PID.296] [MD5.2F0EAAF91FC7A5C70D1F4BE9B18A1CF5] - (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe [354304] [PID.2056] [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2512] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.984] [MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.4084] [MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.5548] ~ Processes Running: Scanned in 00mn AMs ---\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [aafjadljlfmdflceamoombjnhbfilggh] Search.us Home v.2.0.0.1599, (Activé) =>PUP.StartSearch G2 - GCE: Preference [User Data\Default] [dfogncpkkfnegidlbhiijikjekagckkk] Search.us Search v.2.0.0.1599, (Activé) =>Adware.Bandoo G2 - GCE: Preference [User Data\Default] [jfgomgcnnjcbkodippaajplchmepkkcm] Manta Ray v.1.5 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) ~ Google Browser: 20 Legitimates Filtered in 18mn AMs ---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKCU] [@tightropeinteractive.com/Plugin] - (.Search.Us.com - npAPI Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599 pTNT2.dll =>PUP.StartSearch P2 - FPN: [HKCU] [@tnt2ghost.com/Plugin] - (.Search.Us.com - npAPI Ghost Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599 pTNT2ghost.dll =>PUP.StartSearch ~ Firefox Browser: 12 Legitimates Filtered in 00mn AMs ---\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Search.Us.com - npAPI Ghost Plugin.) (No version) -- (.not file.) =>PUP.StartSearch ~ IE Browser: 11 Legitimates Filtered in 00mn AMs ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn AMs ---\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn AMs ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn AMs ~ Nombre de lignes (Lines number): 21 ---\ Other User Links (O4) O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [user]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [user]: Donate.lnk . (...) -- C:\Program Files\Mozilla Firefox\firefox.exe (.not file.) O4 - GS\Desktop [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Administrator]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Global Startup: 77 Legitimates Filtered in 19mn AMs ---\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\db98c47c-b1c6-483e-89cf-cf77094ec8d3.exe (.not file.) O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe ~ Application: Scanned in 01mn AMs ---\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico ~ IE Extra Buttons: Scanned in 00mn AMs ---\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} ((no name)) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab ~ Objets ActiveX: Scanned in 00mn AMs ---\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CCS\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.11.67.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CS1\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.11.67.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CS2\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.11.67.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.11.67.1 ~ Domain: Scanned in 00mn AMs ---\ Extra protocols (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn AMs ---\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn AMs ---\ Software installed (O42) O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {682545CE-8E7A-4BF5-ABE4-A9547C8F4380} =>PUP.StartSearch O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {BCF727E5-7B53-48C7-8A8C-F36B13FDD18D} =>PUP.StartSearch ~ Logic: 26 Legitimates Filtered in 00mn AMs ---\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.627501FD298ACACBB327CC4269CA3AF0] - 1/14/2014 - 8:27:45 PM ---A- . (...) -- C:\Windows tbtlog.txt [125254] O44 - LFC:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 1/15/2014 - 9:52:16 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712] O44 - LFC:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 1/15/2014 - 9:53:27 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072] O44 - LFC:[MD5.777B9966DB87CE8B25A9124FE2778A5D] - 1/25/2014 - 12:50:41 PM R--A- . (...) -- C:\Pre_Scan_25_01_2014_12_50_41.txt [24196] O44 - LFC:[MD5.EAE96FA4E26925D1B08042923664B11E] - 1/25/2014 - 1:34:13 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20960] O44 - LFC:[MD5.EAE96FA4E26925D1B08042923664B11E] - 1/25/2014 - 1:34:13 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20960] ~ Files: 329 Legitimates Filtered in 24mn AMs ---\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.522B7DE372810F3AF10FCC909F07B9AF] - 1/16/2014 - 9:33:20 PM ---A- - C:\Windows\Prefetch\32.0.1700.76_31.0.1650.63_CHR-AA6FA0F3.pf O45 - LFCP:[MD5.2645385078800B70D6F30B5C0E366721] - 1/25/2014 - 12:56:45 PM ---A- - C:\Windows\Prefetch\TMBMSRV.EXE-AB2757B7.pf O45 - LFCP:[MD5.06893B9AEBE9AE636DD77B4DFF99DE85] - 1/25/2014 - 1:13:08 PM ---A- - C:\Windows\Prefetch\CNTAOSMGR.EXE-2F20F093.pf ~ Prefetcher: 57 Legitimates Filtered in 01mn AMs ---\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn AMs ---\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn AMs ---\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/14/2009 - 3:20:28 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 1/15/2014 - 9:52:16 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/14/2009 - 12:54:14 AM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 1/15/2014 - 9:52:23 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys.bak [26624] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/14/2009 - 3:19:04 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 1/15/2014 - 9:53:27 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 11:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 11:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 11:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 11:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 11:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 11:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 11:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 11:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 11:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 11:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 11:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 11:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 11:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 16 Legitimates Filtered in 09mn AMs ---\ Last modified or created user files (O61) O61 - LFC: 1/25/2014 - 1:49:59 PM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State [55832] O61 - LFC: 1/25/2014 - 1:50:36 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\Log.txt [111301] =>.Nicolas Coolman O61 - LFC: 1/25/2014 - 1:50:36 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\TestsZHPDiag.txt [2783] =>.Nicolas Coolman O61 - LFC: 1/25/2014 - 1:54:54 PM ---A- . (...) -- C:\Users\user\Downloads\Hama ou Hamah.docx [26547] O61 - LFC: 1/25/2014 - 1:54:54 PM ---A- . (.Anne-Marie.) -- C:\Users\user\Downloads\Harbin moi.doc [24576] O61 - LFC: 1/25/2014 - 1:54:55 PM ---A- . (...) -- C:\Users\user\Downloads\Ibn taymiyya[1].docx [33714] ~ 5 Fichiers temporaires (Temporary files) ~ Files: 100 Legitimates Filtered in 19mn AMs ---\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn AMs ---\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn AMs ---\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn AMs ---\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {8E638C7A-12A8-4B2E-A401-421E0835D0AB} - (Search.us) - http://search.us.com =>PUP.StartSearch O69 - SBI: SearchScopes [HKCU] {A6D36A1B-A63D-4847-BD27-91A947F7EF04} - (Yahoo) - http://search.yahoo.com O69 - SBI: SearchScopes [HKCU] {CA6B071B-2601-4077-B3E1-54764FB645DB} - (Yahoo!) - http://search.yahoo.com ~ Keys: Scanned in 00mn AMs ---\ Search Particular Root Folder (SPRF) (O84) [MD5.381DA081E8005C2ABB5AE4BAE87E3AD4] [SPRF][1/25/2014] (.No owner - Pre_Scan.) -- C:\Users\user\Desktop\Pre_Scan.exe [2698752] ~ Files: 1 Legitimates Filtered in 01mn AMs ---\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 10/7/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 10/7/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 9/5/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 7/27/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 10/23/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 12/17/2012 1574936 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client trtscan.exe SR - | Auto 10/9/2013 3275136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SR - | Demand 9/11/2012 345648 | (TMBMServer) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\BM\TMBMSRV.exe SR - | Auto 12/17/2012 1650376 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client mlisten.exe SR - | Demand 4/15/2011 497272 | (TmPfw) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe SR - | Demand 4/15/2011 689680 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe SR - | Auto 7/14/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 57mn AMs ---\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 02mn AMs ---\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by user at 1/25/2014 2:06:53 PM ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 04mn AMs ---\ Scan Additionnel (O88) Database Version : 13013 - (12/14/2013) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 0 [HKLM\Software\Google\Chrome\Extensions\aafjadljlfmdflceamoombjnhbfilggh] =>PUP.StartSearch^ [HKLM\Software\Google\Chrome\Extensions\dfogncpkkfnegidlbhiijikjekagckkk] =>Adware.Bandoo^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{682545CE-8E7A-4BF5-ABE4-A9547C8F4380}] =>PUP.StartSearch^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCF727E5-7B53-48C7-8A8C-F36B13FDD18D}] =>PUP.StartSearch^ [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{CFBFAE00-17A6-11D0-99CB-00C04FD64497} =>PUP.StartSearch^ C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjadljlfmdflceamoombjnhbfilggh =>PUP.StartSearch^ C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogncpkkfnegidlbhiijikjekagckkk =>Adware.Bandoo^ ~ Additionnel Scan: 194305 Items scanned in 04mn AMs ---\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch =>PUP.StartSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ MSI: 3 link(s) detected in 04mn AMs ~ 1310 Legitimates filtered by white list End of the scan (449 lines in 50mn AMs)(0)

kingk06 · Answer

Utilisation de l'outil ZHPFix : puis fais ceci => >>>Attention script personnalisé à ne pas reproduire sur un autre ordinateur risque de plantage !<<< => Copie tout le texte existant dans le fichier hébergé : <<< ouvre le fiches ICI >>> http://cjoint.com/data3/3AznGVQbXl8.htm (Sélectionne-le, clique droit dessus et choisis "tout sélectionner"). => Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.(icône seringue) (Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur) => Une fois ZHPFix ouvert => clique sur "importer" Vérifie bien que toutes les lignes se collent automatiquement dans ZHPFix. image ici clic sur "GO" en bas de page et confirme par oui pour lancer le nettoyage des données ==> laisse travailler l'outil et ne touche à rien ... ==> Si il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le ! le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt . ==> Copie/colle la totalité du rapport dans ta prochaine réponse. ==> : https://www.cjoint.com/ Copie le lien dans ta prochaine réponse. ( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt ) Redémarre le PC et poste le rapport stp. tuto ici ==> ZHPFi ici tu a un tutorial en vidéo => https://www.youtube.com/watch?v=PgsbvafSLuI ou ici => Pour t'aider

iris 1045 · Answer

ZHPfix n'a toujours pas fonctionné, il a tourné toute la nuit et n'a pas avancé !

kingk06 · Answer

essais de le faire mode sans échec avec prise en charge de réseau  <<<<

Au redémarrage de ton pc tapote sur la touche F8 où F5 dans le menu qui s'affiche choisis mode sans échec avec prise en charge de réseau (avec la flèche de direction du haut)

=> Comment rebooter en mode sans échec Sous XP/Vista/Win7/Win8

Iris 10 45 · Answer

Aucun rapport n'a ete genere suite a cette analyse en mode sans echec !

kingk06 · Answer

Re,

si tu a fais le fix regarde ici =>

( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt )

Iris 10 45 · Answer

Oui je l'ai cherche ici, mais il n'y a rien correspondant a un rapport de ZHP fix

kingk06 · Answer

ok on va voire =>


pour contrôle refais un nouveau log ZHPDiag:  stp
regarde l'image ici => https://www.cjoint.com/c/CJukFzALKYy 
Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> http://www.cj

iris 1045 · Answer

Voici le rapport ZHP diag : ~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (12/14/2013) ~ Launched by user (1/27/2014 12:42:59 PM) ~ Web site address : http://nicolascoolman.webs.com ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Deactivate by user ---\ Internet browsers MSIE: Internet Explorer v11.0.9600.16476 GCIE: Google Chrome v32.0.1700.76 (Defaut) ---\ Windows product information ~ Langage: Anglais Windows 7 Enterprise, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, VOLUME_MAK channel Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ System protection software Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.4.0304.0 Trend Micro OfficeScan Client v10.5 Windows Defender W7 ---\ System optimization software CCleaner v4.07 =>Piriform Ltd ---\ Sharing software PeerToPeer ---\ Surveillance software Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 45 ---\ Information on the system ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3002.8 MB (66% free) System Restore: Activé (Enable) System drive C: has 174 GB (64%) free of 270 GB ---\ Connection to the system mode ~ Computer Name: USER-LAP ~ User Name: user ~ All Users Names: user, Guest, Administrator, ~ Unselected Option: None Logged in as Administrator ---\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\user\AppData\Roaming\ ~ %Desktop% : C:\Users\user\Desktop\ ~ %Favorites% : C:\Users\user\Favorites\ ~ %LocalAppData% : C:\Users\user\AppData\Local\ ~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 174 Go of 270 Go) D: Hard drive, Flash drive, Thumb drive (Free 195 Go of 195 Go) E: CD-ROM drive (Free 0 Go of 0 Go) ---\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ~ Security Center: 46 Legitimates Filtered in 00mn AMs ---\ Search Generic System Files [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 7:30:54 AM.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 3:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/26/2013 - 8:33:33 AM.) -- C:\Windows\System32\wininet.dll [1820160] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.11/20/2010 - 1:17:56 PM.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.11/20/2010 - 1:21:26 PM.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/14/2013 - 2:48:58 AM.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 3:26:15 AM.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 1:11:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:38:12 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:42:34 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:59:30 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 1:11:24 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 1:54:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 4:17:22 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:39:46 AM.) -- C:\Windows\system32\Drivers etBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.4/12/2013 - 3:45:29 PM.) -- C:\Windows\system32\Drivers tfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 1:45:35 AM.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 1:54:34 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 11:24:48 AM.) -- C:\Windows\system32\Drivers dpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 1:53:41 AM.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:39:18 AM.) -- C:\Windows\system32\Drivers dx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.11/20/2010 - 1:30:18 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 04mn AMs ---\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/5046 ~ Mes musiques (My Musics) : 1/1422 ~ Mes Videos (My Videos) : 1/55 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 1/814 ~ Mon Bureau (My Desktop) : 1/350 ~ Menu demarrer (Programs) : 1/25 ~ Hidden Files: Scanned in 06mn AMs ---\ Process running [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2196] [MD5.CF8826B8A0C15E6F08AED52A91A832DE] - (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe [882776] [PID.2572] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2636] [MD5.1029B84ECBE4B95ACB8491A3FE63D70F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.2648] [MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.2668] [MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.2728] [MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20584608] [PID.2896] [MD5.2F0EAAF91FC7A5C70D1F4BE9B18A1CF5] - (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe [354304] [PID.2908] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4932] [MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.5428] ~ Processes Running: Scanned in 02mn AMs ---\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [aafjadljlfmdflceamoombjnhbfilggh] Search.us Home v.2.0.0.1599, (Activé) =>PUP.StartSearch G2 - GCE: Preference [User Data\Default] [dfogncpkkfnegidlbhiijikjekagckkk] Search.us Search v.2.0.0.1599, (Activé) =>Adware.Bandoo G2 - GCE: Preference [User Data\Default] [jfgomgcnnjcbkodippaajplchmepkkcm] Manta Ray v.1.5 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) ~ Google Browser: 20 Legitimates Filtered in 42mn AMs ---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKCU] [@tightropeinteractive.com/Plugin] - (.Search.Us.com - npAPI Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599 pTNT2.dll =>PUP.StartSearch P2 - FPN: [HKCU] [@tnt2ghost.com/Plugin] - (.Search.Us.com - npAPI Ghost Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599 pTNT2ghost.dll =>PUP.StartSearch ~ Firefox Browser: 12 Legitimates Filtered in 02mn AMs ---\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Search.Us.com - npAPI Ghost Plugin.) (No version) -- (.not file.) =>PUP.StartSearch ~ IE Browser: 11 Legitimates Filtered in 00mn AMs ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn AMs ---\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn AMs ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn AMs ~ Nombre de lignes (Lines number): 21 ---\ Other User Links (O4) O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [user]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [user]: Donate.lnk . (...) -- C:\Program Files\Mozilla Firefox\firefox.exe (.not file.) O4 - GS\Desktop [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Administrator]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Global Startup: 77 Legitimates Filtered in 30mn AMs ---\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\db98c47c-b1c6-483e-89cf-cf77094ec8d3.exe (.not file.) O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe ~ Application: Scanned in 00mn AMs ---\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico ~ IE Extra Buttons: Scanned in 01mn AMs ---\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} ((no name)) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab ~ Objets ActiveX: Scanned in 00mn AMs ---\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CCS\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 10.30.30.107 10.30.30.148 O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CS1\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 10.30.30.107 10.30.30.148 O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CS2\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.11.67.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.30.30.107 10.30.30.148 ~ Domain: Scanned in 00mn AMs ---\ Extra protocols (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn AMs ---\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn AMs ---\ Software installed (O42) O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {682545CE-8E7A-4BF5-ABE4-A9547C8F4380} =>PUP.StartSearch O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {BCF727E5-7B53-48C7-8A8C-F36B13FDD18D} =>PUP.StartSearch ~ Logic: 26 Legitimates Filtered in 01mn AMs ---\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 1/15/2014 - 9:52:16 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712] O44 - LFC:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 1/15/2014 - 9:53:27 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072] O44 - LFC:[MD5.777B9966DB87CE8B25A9124FE2778A5D] - 1/25/2014 - 12:50:41 PM R--A- . (...) -- C:\Pre_Scan_25_01_2014_12_50_41.txt [24196] O44 - LFC:[MD5.B891BDFD929291F93085F1D86FA59E08] - 1/26/2014 - 11:37:43 PM ---A- . (...) -- C:\Windows tbtlog.txt [249858] O44 - LFC:[MD5.28043E1231429379DA8163AC264BB1E3] - 1/27/2014 - 12:48:12 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20960] O44 - LFC:[MD5.28043E1231429379DA8163AC264BB1E3] - 1/27/2014 - 12:48:12 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20960] ~ Files: 329 Legitimates Filtered in 29mn AMs ---\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.522B7DE372810F3AF10FCC909F07B9AF] - 1/16/2014 - 9:33:20 PM ---A- - C:\Windows\Prefetch\32.0.1700.76_31.0.1650.63_CHR-AA6FA0F3.pf O45 - LFCP:[MD5.0DEC7226458D64F560D9DCB11A227FA9] - 1/26/2014 - 1:59:35 PM ---A- - C:\Windows\Prefetch\TNT2USER.EXE-2A2BBCE1.pf O45 - LFCP:[MD5.DF294BEF11C2974A239AD404C6689A97] - 1/26/2014 - 3:07:31 PM ---A- - C:\Windows\Prefetch\PCCNTMON.EXE-9C94F257.pf O45 - LFCP:[MD5.5DCD854F8D39BD3C62FD8726FC7FD6E8] - 1/27/2014 - 7:58:36 AM ---A- - C:\Windows\Prefetch\TMBMSRV.EXE-AB2757B7.pf O45 - LFCP:[MD5.F8D14AE3719B64C0C8E814333EEF44CC] - 1/27/2014 - 7:58:47 AM ---A- - C:\Windows\Prefetch\PCCNTUPD.EXE-2CA54AB4.pf O45 - LFCP:[MD5.BEF6C190DA5A84F04789D0BC8E1A3FD8] - 1/27/2014 - 7:58:57 AM ---A- - C:\Windows\Prefetch\TMPFW.EXE-FFCD08D3.pf O45 - LFCP:[MD5.CA4BCA2CD7F7DBB6FE172F31FF4BED07] - 1/27/2014 - 9:54:33 AM ---A- - C:\Windows\Prefetch\CNTAOSMGR.EXE-2F20F093.pf ~ Prefetcher: 124 Legitimates Filtered in 02mn AMs ---\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn AMs ---\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn AMs ---\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/14/2009 - 3:20:28 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 1/15/2014 - 9:52:16 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/14/2009 - 12:54:14 AM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 1/15/2014 - 9:52:23 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys.bak [26624] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/14/2009 - 3:19:04 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 1/15/2014 - 9:53:27 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 11:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 11:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 11:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 11:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 11:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 11:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 11:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 11:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 11:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 11:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 11:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 11:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 11:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 16 Legitimates Filtered in 33mn AMs ---\ Last modified or created user files (O61) O61 - LFC: 1/25/2014 - 1:05:32 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman O61 - LFC: 1/25/2014 - 1:05:32 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\ZHPDiag.txt [31670] =>.Nicolas Coolman O61 - LFC: 1/25/2014 - 1:08:01 PM ---A- . (...) -- C:\Users\user\Downloads\Hama ou Hamah.docx [26547] O61 - LFC: 1/25/2014 - 1:08:01 PM ---A- . (.Anne-Marie.) -- C:\Users\user\Downloads\Harbin moi.doc [24576] O61 - LFC: 1/25/2014 - 1:08:04 PM ---A- . (...) -- C:\Users\user\Downloads\Ibn taymiyya[1].docx [33714] O61 - LFC: 1/26/2014 - 1:08:01 PM ---A- . (...) -- C:\Users\user\Downloads\Hoover__J._CV_2012_academia.edu.pdf [75284] O61 - LFC: 1/27/2014 - 1:04:55 PM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] O61 - LFC: 1/27/2014 - 1:05:08 PM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State [55783] O61 - LFC: 1/27/2014 - 1:05:32 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\Log.txt [134012] =>.Nicolas Coolman O61 - LFC: 1/27/2014 - 1:05:32 PM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\TestsZHPDiag.txt [2783] =>.Nicolas Coolman ~ 14 Fichiers temporaires (Temporary files) ~ Files: 124 Legitimates Filtered in 12mn AMs ---\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn AMs ---\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn AMs ---\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn AMs ---\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {8E638C7A-12A8-4B2E-A401-421E0835D0AB} - (Search.us) - http://search.us.com =>PUP.StartSearch O69 - SBI: SearchScopes [HKCU] {A6D36A1B-A63D-4847-BD27-91A947F7EF04} - (Yahoo) - http://search.yahoo.com O69 - SBI: SearchScopes [HKCU] {CA6B071B-2601-4077-B3E1-54764FB645DB} - (Yahoo!) - http://search.yahoo.com ~ Keys: Scanned in 00mn AMs ---\ Search Particular Root Folder (SPRF) (O84) [MD5.381DA081E8005C2ABB5AE4BAE87E3AD4] [SPRF][1/25/2014] (.No owner - Pre_Scan.) -- C:\Users\user\Desktop\Pre_Scan.exe [2698752] ~ Files: 1 Legitimates Filtered in 00mn AMs ---\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 10/7/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 10/7/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 9/5/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 7/27/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 10/23/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 12/17/2012 1574936 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client trtscan.exe SR - | Auto 10/9/2013 3275136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SR - | Demand 9/11/2012 345648 | (TMBMServer) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\BM\TMBMSRV.exe SR - | Auto 12/17/2012 1650376 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client mlisten.exe SR - | Demand 4/15/2011 497272 | (TmPfw) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe SR - | Demand 4/15/2011 689680 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe SR - | Auto 7/14/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 31mn AMs ---\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 02mn AMs ---\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by user at 1/27/2014 1:23:44 PM ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 04mn AMs ---\ Scan Additionnel (O88) Database Version : 13013 - (12/14/2013) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 0 [HKLM\Software\Google\Chrome\Extensions\aafjadljlfmdflceamoombjnhbfilggh] =>PUP.StartSearch^ [HKLM\Software\Google\Chrome\Extensions\dfogncpkkfnegidlbhiijikjekagckkk] =>Adware.Bandoo^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{682545CE-8E7A-4BF5-ABE4-A9547C8F4380}] =>PUP.StartSearch^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCF727E5-7B53-48C7-8A8C-F36B13FDD18D}] =>PUP.StartSearch^ [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{CFBFAE00-17A6-11D0-99CB-00C04FD64497} =>PUP.StartSearch^ C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjadljlfmdflceamoombjnhbfilggh =>PUP.StartSearch^ C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogncpkkfnegidlbhiijikjekagckkk =>Adware.Bandoo^ ~ Additionnel Scan: 194540 Items scanned in 41mn AMs ---\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch =>PUP.StartSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ MSI: 3 link(s) detected in 41mn AMs ~ 1401 Legitimates filtered by white list End of the scan (457 lines in 28mn AMs)(0)

kingk06 · Answer

non tu na rien supprimer la premier fois ! puis fais ceci => Utilisation de l'outil ZHPFix : /!\Attention script personnalisé à ne pas reproduire sur un autre ordinateur risque de plantage /!\ (dans le fichier hébergé surlignes avec la souris puis clic droit copier de Script ZHPFix jusqu'à la fin Emptytemp) => Copie tout le texte existant dans le fichier hébergé : <<< ouvre le fiches ICI >>> http://cjoint.com/data3/3ABnsrfV0QX.htm (Sélectionne-le, clique droit dessus et choisis "tout sélectionner"). => Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.(icône seringue) (Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur) => Une fois ZHPFix ouvert => clique sur "importer" Vérifie bien que toutes les lignes se collent automatiquement dans ZHPFix. image ici clic sur "GO" en bas de page et confirme par oui pour lancer le nettoyage des données ==> laisse travailler l'outil et ne touche à rien ... ==> Si il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le ! le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt . ==> Copie/colle la totalité du rapport dans ta prochaine réponse. ==> : https://www.cjoint.com/ Copie le lien dans ta prochaine réponse. ( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt ) Redémarre le PC et poste le rapport stp. tuto ici ==> ZHPFi ici tu a un tutorial en vidéo => https://www.youtube.com/watch?v=PgsbvafSLuI ou ici => Pour t'aider

Iris 10 45 · Answer

J'ai suivit toutes les marches a suivre ( copier le texte du fichier heberge, lancer ZHPfix, importer, go.. ) mais ca met "syntax error"

kingk06 · Answer

désactiver antivirus microsoft security essential puis zhpfix => fais le par un clic-droit (Exécuter en tant qu'administrateur) tu a bien pris au début de "Script ZHPFix" jusqu'à la fin "emptytemp" ? (tu surlignes avec la souris puis clic droit copier de Script ZHPFix jusqu'à la fin Emptytemp) Vérifie bien que toutes les lignes se collent automatiquement dans ZHPFix. et tu le colle dans zhpfix le script doit automatiquement apparaitre dans ZHPFix clic sur "GO" en bas de page et confirme par oui pour lancer le nettoyage des données.

Iris 1045 · Answer

Bonsoir,
J'avais bien fait tout ça, mais ça reste comme bloqué... J'ai essayé plusieurs fois, mais rien, maintenant le lien n'est plus disponible

kingk06 · Answer

Re,

fais ceci ==> Pre_Scan

Iris 1045 · Answer

Voici le rapport 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 4.01.23.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 17:22:08

~ Update on 23/01/2014 | 08.30 by g3n-h@ckm@n
~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/
~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/
~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/

~ [user (Administrator)] - [USER-LAP]
~ SID = S-1-5-21-3495645949-2252045420-2483743716-1000

~ System : Windows 7 Enterprise (32 bits) Enterprise Service Pack 1
~ TotalValidations : 2
~ ProcessorNameString : Intel(R) Core(TM)2 Solo CPU    U3500  @ 1.40GHz
~ Identifier : x86 Family 6 Model 23 Stepping 10


~ Memory RAM = Total (MB) : 3075 | Free (MB) : 2318
~ Pagefile = Total (MB) : 6148 | Free (MB) : 5215
~ Virtual = Total (MB) : 2097 | Free (MB) : 1938

¤¤¤¤¤¤¤¤¤¤ | Boot's scripts

C:\Windows\Setup\Scripts\Setupcomplete.cmd

¤¤¤¤¤¤¤¤¤¤ | Drives

c:\-> [Fixed] | [] | Total : 276840 Mo | Free : 175870 Mo -> NTFS
d:\-> [Fixed] | [] | Total : 200000 Mo | Free : 199650 Mo -> NTFS
e:\-> [CDROM] | [Audio CD]

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

Last(s) détection(s) : 2014-02-05 11:59:56
Last(s) download(s) : 2014-01-16 07:40:32
Last(s) installation(s) : 2014-01-16 06:47:12
Next search : 2014-02-06 06:27:35


¤¤¤¤¤¤¤¤¤¤ | Sessions

~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\user
~ C:\Users\Administrator

New restorepoint created : To restore the registry : C:\Pre_Scan\Save\Scan\ERDNT.exe

Standby deleted !


¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.16428     (© Microsoft Corporation.)
GC : 32.0.1700.107     (Copyright 2012 Google Inc.)

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

FlashPlayer ActiveX : 11.3.300.265
FlashPlayer Plugin : 11.3.300.265

¤¤¤¤¤¤¤¤¤¤ | Security

AV : Trend Micro OfficeScan Antivirus Enabled
AS : Microsoft Security Essentials Disabled
FW : Trend Micro Personal Firewall Disabled

¤¤¤¤¤¤¤¤¤¤ | stopped Processes

1484 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe
1644 | C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.6.5.0) -> "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe"
1688 | C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe"
1792 | C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (.Skype Technologies S.A. - Skype C2C Service.) - (6.13.0.13771) -> "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
1356 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
384 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) -> WLIDSvcM.exe 1356
148 | C:\Windows\system32	askhost.exe (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) -> "taskhost.exe"
2068 | C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
2208 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) -> C:\Windows\Explorer.EXE
2820 | C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) - (1.701.3.3014) -> "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 
3028 | C:\Program Files\Common Files\Java\Java Update\jusched.exe (.Oracle Corporation - Java(TM) Update Scheduler.) - (2.1.9.8) -> "C:\Program Files\Common Files\Java\Java Update\jusched.exe" 
3048 | C:\Windows\System32\igfxtray.exe (.Intel Corporation - igfxTray Module.) - (8.15.10.2202) -> "C:\Windows\System32\igfxtray.exe" 
3092 | C:\Windows\System32\hkcmd.exe (.Intel Corporation - hkcmd Module.) - (8.15.10.2202) -> "C:\Windows\System32\hkcmd.exe" 
3104 | C:\Windows\System32\igfxpers.exe (.Intel Corporation - persistence Module.) - (8.15.10.2202) -> "C:\Windows\System32\igfxpers.exe" 
3112 | C:\Program Files\Microsoft Security Client\msseces.exe (.Microsoft Corporation - Microsoft Security Client User Interface.) - (4.4.304.0) -> "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
3192 | C:\Program Files\Windows Sidebar\sidebar.exe (.Microsoft Corporation - Windows Desktop Gadgets.) - (6.1.7601.17514) -> "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
3204 | C:\Program Files\Skype\Phone\Skype.exe (.Skype Technologies S.A. - Skype .) - (6.11.0.102) -> "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
3244 | C:\Windows\System32\StikyNot.exe (.Microsoft Corporation - Sticky Notes.) - (6.1.7600.16385) -> "C:\Windows\System32\StikyNot.exe" 
3544 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding
2964 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe"
3420 | C:\Windows\system32\wuauclt.exe (.Microsoft Corporation - Windows Update.) - (7.6.7600.256) -> "C:\Windows\system32\wuauclt.exe"
5948 | C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (.Trend Micro Inc. - Trend Micro OfficeScan Client Plug-in Service Manager.) - (2.0.0.1188) -> "C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe"
3164 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.107) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" 
2140 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.107) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3164.0.129125460\1259569178" --disable-image-transport-surface --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,5,13,23 --disable-accelerated-video-decode --gpu-vendor-id=8086 --gpu-device-id=2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2202 --ignored=" --type=renderer " /prefetch:822062411
3736 | C:\Windows\system32	askeng.exe (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) -> taskeng.exe {C1908DE4-1AAA-4D94-98AD-2273504110C4}
4956 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.107) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=fr --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group3 pct:10c stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --disable-accelerated-2d-canvas --disable-accelerated-video-decode --enable-software-compositing --channel="3164.3.480650279\1125797622" /prefetch:673131151

Boot : Normal  

¤¤¤¤¤¤¤¤¤¤ | Running processes


[07/10/2013 19:52:45] - 336 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.18113) -> \SystemRoot\System32\smss.exe   [69632 Ko]
[14/07/2009 01:11:09] - 424 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16   [6144 Ko]
[14/07/2009 01:36:49] - 476 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) -> wininit.exe   [96256 Ko]
[14/07/2009 01:11:09] - 484 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16   [6144 Ko]
[14/09/2012 20:21:51] - 540 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.17514) -> winlogon.exe   [286720 Ko]
[14/07/2009 01:11:26] - 576 | C:\Windows\system32\services.exe (.Microsoft Corporation - Services and Controller app.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe   [259072 Ko]
[13/11/2013 16:03:46] - 584 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18270) -> C:\Windows\system32\lsass.exe   [22016 Ko]
[14/09/2012 20:22:03] - 592 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe   [267776 Ko]
[14/07/2009 01:19:28] - 700 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch   [20992 Ko]
[14/07/2009 01:19:28] - 800 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS   [20992 Ko]
[23/10/2013 15:01:10] - 848 | C:\Program Files\Microsoft Security Client\MsMpEng.exe (.Microsoft Corporation - Antimalware Service Executable.) - (4.4.304.0) -> "C:\Program Files\Microsoft Security Client\MsMpEng.exe"   [22208 Ko]
[14/07/2009 01:19:28] - 980 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted   [20992 Ko]
[14/07/2009 01:19:28] - 1032 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted   [20992 Ko]
[14/07/2009 01:19:28] - 1060 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService   [20992 Ko]
[14/07/2009 01:19:28] - 1096 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs   [20992 Ko]
[14/07/2009 01:19:28] - 1368 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService   [20992 Ko]
[14/07/2009 01:19:28] - 1520 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork   [20992 Ko]
[19/12/2013 12:24:55] - 1724 | C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"   [701512 Ko]
[16/01/2012 20:01:48] - 1760 | C:\Program Files\Trend Micro\OfficeScan Client
trtscan.exe (.Trend Micro Inc. - Trend Micro Common Client Real-time Scan Service (32-bit).) - (11.5.0.1824) -> "C:\Program Files\Trend Micro\OfficeScan Client
trtscan.exe"   [1574936 Ko]
[14/07/2009 01:19:28] - 1856 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k imgsvc   [20992 Ko]
[16/01/2012 20:07:24] - 1788 | C:\Program Files\Trend Micro\OfficeScan Client	mlisten.exe (.Trend Micro Inc. - Trend Micro Common Client Communication Service.) - (11.5.0.1824) -> "C:\Program Files\Trend Micro\OfficeScan Client	mlisten.exe"   [1650376 Ko]
[14/07/2009 01:24:23] - 2168 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe"   [92672 Ko]
[14/07/2009 01:19:28] - 2588 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation   [20992 Ko]
[14/07/2009 01:19:28] - 2720 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted   [20992 Ko]
[18/01/2012 03:58:20] - 3004 | C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) - (10.5.0.2328) -> "C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe" -HideWindow   [882776 Ko]
[17/09/2012 21:42:54] - 4012 | C:\Program Files\Trend Micro\BM\TMBMSRV.exe (.Trend Micro Inc. - Manages the Trend Micro unauthorized change prevention feature.) - (2.95.0.1162) -> "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service   [345648 Ko]
[15/04/2011 21:26:56] - 4508 | C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (.Trend Micro Inc. - Trend Micro Personal Firewall Service.) - (5.82.0.1030) -> "C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe"   [497272 Ko]
[15/04/2011 21:20:54] - 6120 | C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (.Trend Micro Inc. - Trend Micro Proxy Service.) - (5.82.0.1030) -> "C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe"   [689680 Ko]
[25/01/2014 12:24:00] - 4548 | C:\Users\user\Desktop\Pre_Scan.exe (. - Pre_Scan.) - (4.1.23.1) -> "C:\Users\user\Desktop\Pre_Scan.exe"    [2698752 Ko]
[14/09/2012 20:21:45] - 5692 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe   [257536 Ko]
[29/03/2011 05:31:14] - 5388 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"   [1713536 Ko]
[29/03/2011 05:31:16] - 5556 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) -> WLIDSvcM.exe 5388   [193920 Ko]
[14/09/2012 20:21:59] - 2452 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe"   [1121792 Ko]
[14/09/2012 19:51:29] - 3184 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding   [427520 Ko]
[14/09/2012 19:53:07] - 4948 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe   [317440 Ko]
[14/09/2012 19:51:29] - 5560 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"    [164352 Ko]
[14/09/2012 19:51:29] - 3124 | C:\Windows\system32\SearchFilterHost.exe (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchFilterHost.exe" 0 500 504 512 65536 508    [86528 Ko]

¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !


¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK !

Changed : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ | Associations



¤


¤¤¤¤¤¤¤¤¤¤ | Registry


¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access



¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

Safeboot Keys are O.K

Alternate shell is OK !

¤

Safeboot Minimal Subkeys : O.K !

¤

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ | IFEO


¤¤¤¤¤¤¤¤¤¤ | Mountpoints2



¤¤¤¤¤¤¤¤¤¤ | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

Winsrv : OK !


[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : 
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0

¤¤¤¤¤¤¤¤¤¤ | Security Center






¤¤¤¤¤¤¤¤¤¤ | Services Corrections


Repaired : [HKLM | Services\agp440] : 3 -> 2
Repaired : [HKLM | Services\EapHost] : 3 -> 2
Repaired : [HKLM | Services\SharedAccess] : 4 -> 2
Repaired : [HKLM | Services\windefend] : 3 -> 2
Repaired : [HKLM | Services\wudfsvc] : 3 -> 2
Repaired : [HKLM | Services\WerSvc] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer


Browsers settings for Users : OK


Browsers settings for Machine : OK

¤


Hijack.Internet : OK

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Cleaned 

¤¤¤¤¤¤¤¤¤¤ | reparsepoint



¤¤¤¤¤¤¤¤¤¤ | Offsets detection


¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry


Removed : C:\$Recycle.bin\S-1-5-21-3495645949-2252045420-2483743716-1000


Moved to quarantine successfully : C:\Users\user\AppData\Local\microsoft\windows\WebCacheLock.dat
Moved to quarantine successfully : C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

Prefetch -> Emptied 



D:\ : Vaccinated (Vaccin created by Pre_Scan)
E:\ : Impossible to vaccinate

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Program Files] : Hidden : 1 | Restored : 1
~ [Desktop] : Hidden : 1 | Restored : 1
~ [Windows] : Hidden : 8 | Restored : 8
~ [Libraries] : Hidden : 11 | Restored : 11


¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)

 Disk: 0   Size=477G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    07-NTFS    100M   Yes   No         2,048      204,800
  1    1    07-NTFS    277G   No    No       206,848  566,966,272
  2    2    07-NTFS    200G   No    No   567,173,120  409,597,952

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1

End : 17:34:13


Standby Restored !
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 277

kingk06 · Answer

pour contrôle refais un nouveau log ZHPDiag: exactement comme dans l'image   joint:ICI ==>  stp => https://www.cjoint.com/c/CJukFzALKYy 
Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> https://www.cjoint.com/

Iris 1045 · Answer

voila le rapport : ~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (12/14/2013) ~ Launched by user (2/6/2014 10:07:56 AM) ~ Web site address : http://nicolascoolman.webs.com ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Deactivate by user ---\ Internet browsers MSIE: Internet Explorer v11.0.9600.16476 GCIE: Google Chrome v32.0.1700.107 (Defaut) ---\ Windows product information ~ Langage: Anglais Windows 7 Enterprise, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, VOLUME_MAK channel Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ System protection software Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.4.0304.0 Trend Micro OfficeScan Client v10.5 Windows Defender W7 ---\ System optimization softwarea CCleaner v4.07 =>Piriform Ltd ---\ Sharing software PeerToPeer ---\ Surveillance software Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 45 ---\ Information on the system ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3002.8 MB (58% free) System Restore: Activé (Enable) System drive C: has 172 GB (63%) free of 270 GB ---\ Connection to the system mode ~ Computer Name: USER-LAP ~ User Name: user ~ All Users Names: user, Guest, Administrator, ~ Unselected Option: None Logged in as Administrator ---\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\user\AppData\Roaming\ ~ %Desktop% : C:\Users\user\Desktop\ ~ %Favorites% : C:\Users\user\Favorites\ ~ %LocalAppData% : C:\Users\user\AppData\Local\ ~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 172 Go of 270 Go) D: Hard drive, Flash drive, Thumb drive (Free 195 Go of 195 Go) E: CD-ROM drive (Free 0 Go of 0 Go) ---\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ~ Security Center: 46 Legitimates Filtered in 00mn AMs ---\ Search Generic System Files [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 7:30:54 AM.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 3:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/26/2013 - 8:33:33 AM.) -- C:\Windows\System32\wininet.dll [1820160] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.11/20/2010 - 1:17:56 PM.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.11/20/2010 - 1:21:26 PM.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/14/2013 - 2:48:58 AM.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 3:26:15 AM.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 1:11:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:38:12 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:42:34 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:59:30 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 1:11:24 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 1:54:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 4:17:22 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:39:46 AM.) -- C:\Windows\system32\Drivers etBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.4/12/2013 - 3:45:29 PM.) -- C:\Windows\system32\Drivers tfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 1:45:35 AM.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 1:54:34 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 11:24:48 AM.) -- C:\Windows\system32\Drivers dpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 1:53:41 AM.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:39:18 AM.) -- C:\Windows\system32\Drivers dx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.11/20/2010 - 1:30:18 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 15mn AMs ---\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/5046 ~ Mes musiques (My Musics) : 1/1422 ~ Mes Videos (My Videos) : 1/55 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 1/814 ~ Mon Bureau (My Desktop) : 1/366 ~ Menu demarrer (Programs) : 1/25 ~ Hidden Files: Scanned in 09mn AMs ---\ Process running [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2548] [MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.3124] [MD5.CF8826B8A0C15E6F08AED52A91A832DE] - (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe [882776] [PID.3132] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.3140] [MD5.1029B84ECBE4B95ACB8491A3FE63D70F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.3148] [MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.3156] [MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.3164] [MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20584608] [PID.3288] [MD5.2F0EAAF91FC7A5C70D1F4BE9B18A1CF5] - (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe [354304] [PID.3344] [MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [866632] [PID.1840] [MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.4788] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.5048] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\RunDll32.exe [0] [PID.6020] ~ Processes Running: Scanned in 13mn AMs ---\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [aafjadljlfmdflceamoombjnhbfilggh] Search.us Home v.2.0.0.1599, (Activé) =>PUP.StartSearch G2 - GCE: Preference [User Data\Default] [dfogncpkkfnegidlbhiijikjekagckkk] Search.us Search v.2.0.0.1599, (Activé) =>Adware.Bandoo G2 - GCE: Preference [User Data\Default] [jfgomgcnnjcbkodippaajplchmepkkcm] Manta Ray v.1.5 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) ~ Google Browser: 20 Legitimates Filtered in 03mn AMs ---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKCU] [@tightropeinteractive.com/Plugin] - (.Search.Us.com - npAPI Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599 pTNT2.dll =>PUP.StartSearch P2 - FPN: [HKCU] [@tnt2ghost.com/Plugin] - (.Search.Us.com - npAPI Ghost Plugin.) -- C:\Users\user\AppData\Local\TNT2\2.0.0.1599 pTNT2ghost.dll =>PUP.StartSearch ~ Firefox Browser: 12 Legitimates Filtered in 00mn AMs ---\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Search.Us.com - npAPI Ghost Plugin.) (No version) -- (.not file.) =>PUP.StartSearch ~ IE Browser: 11 Legitimates Filtered in 00mn AMs ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn AMs ---\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn AMs ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn AMs ~ Nombre de lignes (Lines number): 21 ---\ Other User Links (O4) O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [user]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [user]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [user]: Donate.lnk . (...) -- C:\Program Files\Mozilla Firefox\firefox.exe (.not file.) O4 - GS\Desktop [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Administrator]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Global Startup: 77 Legitimates Filtered in 37mn AMs ---\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro OfficeScan Monitor.) -- C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\db98c47c-b1c6-483e-89cf-cf77094ec8d3.exe (.not file.) O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-3495645949-2252045420-2483743716-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe ~ Application: Scanned in 00mn AMs ---\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico ~ IE Extra Buttons: Scanned in 00mn AMs ---\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} ((no name)) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab ~ Objets ActiveX: Scanned in 00mn AMs ---\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CCS\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.11.67.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CS1\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.11.67.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CS2\Services\Tcpip\..\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.11.67.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpDomain = interne.usj.edu.lb O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.11.67.1 ~ Domain: Scanned in 00mn AMs ---\ Extra protocols (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn AMs ---\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn AMs ---\ Software installed (O42) O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {682545CE-8E7A-4BF5-ABE4-A9547C8F4380} =>PUP.StartSearch O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU] -- {BCF727E5-7B53-48C7-8A8C-F36B13FDD18D} =>PUP.StartSearch ~ Logic: 26 Legitimates Filtered in 01mn AMs ---\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.777B9966DB87CE8B25A9124FE2778A5D] - 1/25/2014 - 12:50:41 PM R--A- . (...) -- C:\Pre_Scan_25_01_2014_12_50_41.txt [24196] O44 - LFC:[MD5.A7B3D1B4BE315526F58E4608E4193C45] - 2/4/2014 - 9:04:36 PM ---A- . (...) -- C:\Windows tbtlog.txt [312160] O44 - LFC:[MD5.1101FF3FC2E1CB364C212C88C4BD88E0] - 2/5/2014 - 5:34:14 PM R--A- . (...) -- C:\Pre_Scan_05_02_2014_17_34_14.txt [19918] O44 - LFC:[MD5.7C89F7271811C50D3B4F7A9ECD395037] - 2/6/2014 - 10:16:09 AM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20960] O44 - LFC:[MD5.7C89F7271811C50D3B4F7A9ECD395037] - 2/6/2014 - 10:16:09 AM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20960] ~ Files: 12 Legitimates Filtered in 26mn AMs ---\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.522B7DE372810F3AF10FCC909F07B9AF] - 1/16/2014 - 9:33:20 PM ---A- - C:\Windows\Prefetch\32.0.1700.76_31.0.1650.63_CHR-AA6FA0F3.pf O45 - LFCP:[MD5.695D97F4EF025E86EC12569EDDFEB2B2] - 1/29/2014 - 9:30:17 AM ---A- - C:\Windows\Prefetch\32.0.1700.102_32.0.1700.76_CH-B4FA1B22.pf O45 - LFCP:[MD5.C5EDFD279F20E5E4097C14DEE0C13BF9] - 2/4/2014 - 8:26:50 PM ---A- - C:\Windows\Prefetch\32.0.1700.107_32.0.1700.102_C-69B47055.pf O45 - LFCP:[MD5.7E3591BCF508278C0ADF1F958BCF20D6] - 2/5/2014 - 5:36:20 PM ---A- - C:\Windows\Prefetch\TMPFW.EXE-FFCD08D3.pf O45 - LFCP:[MD5.5E1740CD98AF3C568E0151F77E822EA7] - 2/5/2014 - 5:36:29 PM ---A- - C:\Windows\Prefetch\CNTAOSMGR.EXE-2F20F093.pf ~ Prefetcher: 81 Legitimates Filtered in 04mn AMs ---\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn AMs ---\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn AMs ---\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/14/2009 - 3:20:28 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 1/15/2014 - 9:52:16 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys.bak [453712] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/14/2009 - 12:54:14 AM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 1/15/2014 - 9:52:23 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys.bak [26624] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/14/2009 - 3:19:04 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 1/15/2014 - 9:53:27 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys.bak [21072] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 11:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 11:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 11:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 11:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 11:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 11:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 11:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 11:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 11:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 11:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 11:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 11:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 11:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 11:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 16 Legitimates Filtered in 19mn AMs ---\ Last modified or created user files (O61) O61 - LFC: 2/3/2014 - 11:03:17 AM ---A- . (.gbusztin.) -- C:\Users\user\Downloads\2013-10-23 Daily Update Iraq.doc [233984] O61 - LFC: 2/3/2014 - 11:04:12 AM ---A- . (...) -- C:\Users\user\Downloads\Daily Security Up Date_04 December 2013.pdf [1163636] O61 - LFC: 2/3/2014 - 11:04:12 AM ---A- . (...) -- C:\Users\user\Downloads\Daily Security Up Date_09 December 2013.pdf [2782773] O61 - LFC: 2/3/2014 - 11:04:12 AM ---A- . (...) -- C:\Users\user\Downloads\Daily Security Update_23 January 2014.pdf [1990340] O61 - LFC: 2/3/2014 - 11:04:34 AM ---A- . (...) -- C:\Users\user\Downloads\Irak (1).docx [16695] O61 - LFC: 2/3/2014 - 11:04:34 AM ---A- . (...) -- C:\Users\user\Downloads\Irak.docx [16695] O61 - LFC: 2/3/2014 - 11:04:34 AM ---A- . (.gbusztin.) -- C:\Users\user\Downloads\Iraq Daily Report, 30 October 2013.doc [235520] O61 - LFC: 2/3/2014 - 11:04:43 AM ---A- . (...) -- C:\Users\user\Downloads\MA-aide-mem-new.pdf [191873] O61 - LFC: 2/4/2014 - 11:03:50 AM ---A- . (...) -- C:\Users\user\Downloads\article_polit_0032-342x_2003_num_68_3_1234.pdf [827688] O61 - LFC: 2/4/2014 - 11:03:50 AM ---A- . (...) -- C:\Users\user\Downloads\article_polit_0032-342x_2005_num_70_2_1161.pdf [353394] O61 - LFC: 2/6/2014 - 10:56:44 AM ---A- . (...) -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State [58338] O61 - LFC: 2/6/2014 - 10:57:53 AM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\Log.txt [156774] =>.Nicolas Coolman O61 - LFC: 2/6/2014 - 10:57:53 AM ---A- . (...) -- C:\Users\user\AppData\Roaming\ZHP\TestsZHPDiag.txt [2783] =>.Nicolas Coolman ~ 5 Fichiers temporaires (Temporary files) ~ Files: 128 Legitimates Filtered in 35mn AMs ---\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn AMs ---\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 02mn AMs ---\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn AMs ---\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {8E638C7A-12A8-4B2E-A401-421E0835D0AB} - (Search.us) - http://search.us.com =>PUP.StartSearch O69 - SBI: SearchScopes [HKCU] {A6D36A1B-A63D-4847-BD27-91A947F7EF04} - (Yahoo) - http://search.yahoo.com O69 - SBI: SearchScopes [HKCU] {CA6B071B-2601-4077-B3E1-54764FB645DB} - (Yahoo!) - http://search.yahoo.com ~ Keys: Scanned in 00mn AMs ---\ Search Particular Root Folder (SPRF) (O84) [MD5.381DA081E8005C2ABB5AE4BAE87E3AD4] [SPRF][1/25/2014] (.No owner - Pre_Scan.) -- C:\Users\user\Desktop\Pre_Scan.exe [2698752] ~ Files: 1 Legitimates Filtered in 01mn AMs ---\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 10/7/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 10/7/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 9/5/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 7/27/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 10/23/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 12/17/2012 1574936 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client trtscan.exe SR - | Auto 10/9/2013 3275136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SR - | Demand 9/11/2012 345648 | (TMBMServer) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\BM\TMBMSRV.exe SR - | Auto 12/17/2012 1650376 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client mlisten.exe SR - | Demand 4/15/2011 497272 | (TmPfw) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe SR - | Demand 4/15/2011 689680 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe SR - | Auto 7/14/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 54mn AMs ---\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 02mn AMs ---\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by user at 2/6/2014 11:20:18 AM ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 04mn AMs ---\ Scan Additionnel (O88) Database Version : 13013 - (12/14/2013) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 0 [HKLM\Software\Google\Chrome\Extensions\aafjadljlfmdflceamoombjnhbfilggh] =>PUP.StartSearch^ [HKLM\Software\Google\Chrome\Extensions\dfogncpkkfnegidlbhiijikjekagckkk] =>Adware.Bandoo^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{682545CE-8E7A-4BF5-ABE4-A9547C8F4380}] =>PUP.StartSearch^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCF727E5-7B53-48C7-8A8C-F36B13FDD18D}] =>PUP.StartSearch^ [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{CFBFAE00-17A6-11D0-99CB-00C04FD64497} =>PUP.StartSearch^ C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjadljlfmdflceamoombjnhbfilggh =>PUP.StartSearch^ C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogncpkkfnegidlbhiijikjekagckkk =>Adware.Bandoo^ ~ Additionnel Scan: 194415 Items scanned in 25mn AMs ---\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch =>PUP.StartSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ MSI: 3 link(s) detected in 26mn AMs ~ 1045 Legitimates filtered by white list End of the scan (460 lines in 50mn AMs)(0)

kingk06 · Answer

Re, désinstaller => Trend Micro OfficeScan Client v10.5 si et toujour dans tt le programme ! puis fais ceci => Utilisation de l'outil ZHPFix : /!\Ce script est exclusivement réservé à l'utilisateur actuel du sujet, vous ne devez en aucun cas l'utiliser de votre propre chef sur un autre pc, sous risque d'endommager le système /!\ => Copie tout le texte existant dans le fichier hébergé : <<< ouvre le fiches ICI >>> http://cjoint.com/data3/3BgqzzU2htW.htm (Sélectionne-le, clique droit dessus et choisis "tout sélectionner"). => Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.(icône seringue) (Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur) => Une fois ZHPFix ouvert => clique sur "importer" Vérifie bien que toutes les lignes se collent automatiquement dans ZHPFix. image ici clic sur "GO" en bas de page et confirme par oui pour lancer le nettoyage des données ==> laisse travailler l'outil et ne touche à rien ... ==> Si il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le ! le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt . ==> Copie/colle la totalité du rapport dans ta prochaine réponse. ==> : https://www.cjoint.com/ Copie le lien dans ta prochaine réponse. ( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt ) Redémarre le PC et poste le rapport stp. tuto ici ==> ZHPFi ici tu a un tutorial en vidéo => https://www.youtube.com/watch?v=PgsbvafSLuI ou ici => Pour t'aider

Iris 1045 · Answer

J'avais déjà essayé de trouver Trend Micro OfficeScan Client v10.5 , mais je ne le trouve toujours pas, et ZHPfix c'est toujours la même chose,ça ne bouge pas

kingk06 · Answer

ok on va change de outils fais ceci => OTL

Iris 1045 · Answer

Merci! Voila le rapport : OTL logfile created on: 2/9/2014 3:15:13 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.93 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 46.44% Memory free 5.86 Gb Paging File | 3.46 Gb Available in Paging File | 59.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 270.35 Gb Total Space | 172.36 Gb Free Space | 63.76% Space Free | Partition Type: NTFS Drive D: | 195.31 Gb Total Space | 194.97 Gb Free Space | 99.83% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: USER-LAP | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/02/09 15:03:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2014/02/02 01:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013/11/15 18:50:38 | 001,423,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/10/07 19:25:27 | 000,617,744 | ---- | M] (Search.Us.com) -- c:\Users\user\AppData\Local\TNT2\2.0.0.1599\TNT2User.exe PRC - [2013/08/02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2013/07/02 08:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/29 14:29:18 | 000,882,776 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe PRC - [2012/12/17 11:12:10 | 001,650,376 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe PRC - [2012/12/17 11:09:04 | 001,574,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/09/11 15:47:52 | 000,345,648 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/28 20:15:52 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe PRC - [2011/04/15 21:26:56 | 000,497,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe PRC - [2011/04/15 21:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/02/18 07:39:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/02/02 01:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll MOD - [2014/02/02 01:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll MOD - [2014/02/02 01:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll MOD - [2014/02/02 01:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\libglesv2.dll MOD - [2014/02/02 01:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\libegl.dll MOD - [2014/02/02 01:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2010/10/21 00:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013/11/26 10:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/09/05 09:34:30 | 000,171,680 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012/12/17 11:12:10 | 001,650,376 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2012/12/17 11:09:04 | 001,574,936 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan) SRV - [2012/09/14 20:18:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012/09/11 15:47:52 | 000,345,648 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/04/15 21:26:56 | 000,497,272 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw) SRV - [2011/04/15 21:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight) DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2013/08/14 15:24:22 | 000,263,968 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter) DRV - [2013/08/14 15:24:10 | 000,036,128 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter) DRV - [2013/08/14 14:53:10 | 001,517,600 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/09/11 15:38:24 | 000,073,552 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon) DRV - [2012/09/11 15:37:44 | 000,062,728 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2012/09/11 14:34:04 | 000,257,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm) DRV - [2012/06/21 16:51:26 | 000,282,936 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp) DRV - [2012/06/21 16:50:26 | 000,146,232 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf) DRV - [2011/08/17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011/06/02 20:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2011/02/08 21:01:35 | 000,262,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) DRV - [2010/11/20 13:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 13:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 13:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 13:30:14 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010/11/20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 11:24:42 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010/11/20 11:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/11/20 11:21:16 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010/11/20 10:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 10:14:50 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010/11/20 10:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 10:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/11/09 04:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2010/10/19 18:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) DRV - [2010/10/15 01:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009/07/14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabia.msn.com/?rd=1&ucc=LB&dcc=LB&opt=0&ocid=iehp IE - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E 11 55 60 7A C3 CE 01 [binary data] IE - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\..\SearchScopes\{8E638C7A-12A8-4B2E-A401-421E0835D0AB}: "URL" = http://search.us.com/serp?guid={682545CE-8E7A-4BF5-ABE4-A9547C8F4380}&action=default_search&serpv=5&k={searchTerms} IE - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\..\SearchScopes\{A6D36A1B-A63D-4847-BD27-91A947F7EF04}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511 IE - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\..\SearchScopes\{CA6B071B-2601-4077-B3E1-54764FB645DB}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513 IE - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.usj.edu.lb/proxy.pac [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\user\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll (Search.Us.com) FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\user\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll (Search.Us.com) [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://google.fr/ CHR - Extension: Search.us Home = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjadljlfmdflceamoombjnhbfilggh\1.0.0.0_0\ CHR - Extension: Documents Google = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google\u00A0Drive = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Recherche Google = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Search.us Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogncpkkfnegidlbhiijikjekagckkk\1.0.0.0_0\ CHR - Extension: Manta Ray = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfgomgcnnjcbkodippaajplchmepkkcm\1.5_0\ CHR - Extension: Skype Click to Call = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\ CHR - Extension: Google\u00A0Wallet = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\ CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2010/12/23 21:08:04 | 000,000,780 | R-S- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\db98c47c-b1c6-483e-89cf-cf77094ec8d3.exe /check File not found O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe (Trend Micro Inc.) O4 - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3495645949-2252045420-2483743716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.11.67.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DAE520A-A7A1-4D59-B42A-F9BC8DDACC61}: DhcpNameServer = 192.168.100.5 193.227.187.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F845492D-CB47-4DDA-AAC7-F0473D942F6B}: DhcpNameServer = 192.11.67.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2014/01/25 12:47:55 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{c13f622b-fe79-11e1-9aee-806e6f6e6963}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/02/09 15:02:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2014/01/29 07:47:50 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\(c) CJoint.com, 2012_files [2014/01/25 12:25:10 | 000,000,000 | ---D | C] -- C:\Pre_Scan [2014/01/15 21:53:58 | 000,014,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys.bak [2014/01/15 21:53:57 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys.bak [2014/01/15 21:53:57 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys.bak [2014/01/15 21:53:56 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys.bak [2014/01/15 21:53:55 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys.bak [2014/01/15 21:53:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifimp.sys.bak [2014/01/15 21:53:50 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys.bak [2014/01/15 21:53:49 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys.bak [2014/01/15 21:53:49 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys.bak [2014/01/15 21:53:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys.bak [2014/01/15 21:53:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys.bak [2014/01/15 21:53:44 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys.bak [2014/01/15 21:53:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys.bak [2014/01/15 21:53:42 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys.bak [2014/01/15 21:53:41 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys.bak [2014/01/15 21:53:41 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys.bak [2014/01/15 21:53:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys.bak [2014/01/15 21:53:38 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tsusbhub.sys.bak [2014/01/15 21:53:38 | 000,027,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbGD.sys.bak [2014/01/15 21:53:37 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys.bak [2014/01/15 21:53:36 | 000,282,936 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys.bak [2014/01/15 21:53:36 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tpm.sys.bak [2014/01/15 21:53:35 | 000,146,232 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys.bak [2014/01/15 21:53:35 | 000,090,448 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys.bak [2014/01/15 21:53:34 | 000,257,952 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys.bak [2014/01/15 21:53:34 | 000,073,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys.bak [2014/01/15 21:53:34 | 000,062,728 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys.bak [2014/01/15 21:53:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\terminpt.sys.bak [2014/01/15 21:53:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys.bak [2014/01/15 21:53:29 | 000,077,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Synth3dVsc.sys.bak [2014/01/15 21:53:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys.bak [2014/01/15 21:53:28 | 000,053,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys.bak [2014/01/15 21:53:27 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys.bak [2014/01/15 21:53:27 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys.bak [2014/01/15 21:53:24 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys.bak [2014/01/15 21:53:24 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys.bak [2014/01/15 21:53:20 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys.bak [2014/01/15 21:53:18 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys.bak [2014/01/15 21:53:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys.bak [2014/01/15 21:53:16 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys.bak [2014/01/15 21:53:11 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys.bak [2014/01/15 21:53:09 | 000,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys.bak [2014/01/15 21:53:00 | 000,137,472 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsu.sys.bak [2014/01/15 21:53:00 | 000,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys.bak [2014/01/15 21:52:58 | 004,231,168 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\netw5v32.sys.bak [2014/01/15 21:52:57 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys.bak [2014/01/15 21:52:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys.bak [2014/01/15 21:52:43 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys.bak [2014/01/15 21:52:40 | 000,050,688 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\L1C62x86.sys.bak [2014/01/15 21:52:39 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys.bak [2014/01/15 21:52:35 | 000,269,824 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\drivers\IntcDAud.sys.bak [2014/01/15 21:52:27 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys.bak [2014/01/15 21:52:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys.bak [2014/01/15 21:52:24 | 000,041,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\HECI.sys.bak [2014/01/15 21:52:22 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS.bak [2014/01/15 21:52:15 | 000,262,824 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\e1c6232.sys.bak [2014/01/15 21:52:14 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys.bak [2014/01/15 21:52:14 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys.bak [2014/01/15 21:52:13 | 000,055,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dumpfve.sys.bak [2014/01/15 21:52:13 | 000,026,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys.bak [2014/01/15 21:52:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys.bak [2014/01/15 21:52:12 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys.bak [2014/01/15 21:52:12 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dmvsc.sys.bak [2014/01/15 21:52:11 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys.bak [2014/01/15 21:52:09 | 000,035,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys.bak [2014/01/15 21:52:07 | 000,140,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys.bak [2014/01/15 21:52:02 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys.bak [2014/01/15 21:52:02 | 000,025,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys.bak [2014/01/15 21:52:01 | 000,259,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys.bak [2014/01/15 21:51:53 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys.bak [2014/01/15 21:24:38 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine [2014/01/15 19:37:39 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014/01/15 19:37:21 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2014/01/15 19:37:05 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2014/01/15 19:37:04 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ] [1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/02/09 15:26:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/02/09 15:03:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2014/02/09 14:45:30 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/02/09 14:35:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/02/07 10:23:11 | 000,020,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/02/07 10:23:11 | 000,020,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/02/07 10:11:39 | 2361,491,456 | -HS- | M] () -- C:\hiberfil.sys [2014/02/06 11:20:21 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2014/02/05 17:40:26 | 000,647,002 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014/02/05 17:40:26 | 000,114,026 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014/02/05 17:34:15 | 000,001,822 | ---- | M] () -- C:\Users\user\Desktop\Donate.lnk [2014/02/05 17:34:13 | 000,000,962 | ---- | M] () -- C:\Users\user\Desktop\Internet Explorer.lnk [2014/02/04 20:32:11 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/01/29 07:47:50 | 000,002,167 | ---- | M] () -- C:\Users\user\Desktop\(c) CJoint.com, 2012.htm [2014/01/25 12:24:57 | 002,698,752 | ---- | M] () -- C:\Users\user\Desktop\Pre_Scan.exe [2014/01/19 09:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2014/01/18 15:30:26 | 000,534,643 | ---- | M] () -- C:\Users\user\Desktop\CVPointetNeige2014.pdf [2014/01/16 08:52:34 | 000,408,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014/01/15 21:53:58 | 000,014,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys.bak [2014/01/15 21:53:57 | 000,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys.bak [2014/01/15 21:53:57 | 000,035,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys.bak [2014/01/15 21:53:56 | 000,047,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys.bak [2014/01/15 21:53:55 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys.bak [2014/01/15 21:53:53 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifimp.sys.bak [2014/01/15 21:53:50 | 000,040,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys.bak [2014/01/15 21:53:50 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys.bak [2014/01/15 21:53:49 | 000,175,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys.bak [2014/01/15 21:53:49 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys.bak [2014/01/15 21:53:49 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys.bak [2014/01/15 21:53:45 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys.bak [2014/01/15 21:53:44 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys.bak [2014/01/15 21:53:42 | 000,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys.bak [2014/01/15 21:53:41 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys.bak [2014/01/15 21:53:41 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys.bak [2014/01/15 21:53:41 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys.bak [2014/01/15 21:53:38 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tsusbhub.sys.bak [2014/01/15 21:53:38 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys.bak [2014/01/15 21:53:38 | 000,027,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbGD.sys.bak [2014/01/15 21:53:37 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tpm.sys.bak [2014/01/15 21:53:36 | 000,282,936 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys.bak [2014/01/15 21:53:36 | 000,090,448 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys.bak [2014/01/15 21:53:35 | 000,146,232 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys.bak [2014/01/15 21:53:35 | 000,062,728 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys.bak [2014/01/15 21:53:34 | 000,257,952 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys.bak [2014/01/15 21:53:34 | 000,073,552 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys.bak [2014/01/15 21:53:34 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\terminpt.sys.bak [2014/01/15 21:53:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys.bak [2014/01/15 21:53:29 | 000,077,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Synth3dVsc.sys.bak [2014/01/15 21:53:29 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys.bak [2014/01/15 21:53:28 | 000,053,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys.bak [2014/01/15 21:53:28 | 000,028,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys.bak [2014/01/15 21:53:27 | 000,148,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys.bak [2014/01/15 21:53:25 | 000,405,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys.bak [2014/01/15 21:53:24 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys.bak [2014/01/15 21:53:20 | 000,140,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys.bak [2014/01/15 21:53:18 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys.bak [2014/01/15 21:53:18 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys.bak [2014/01/15 21:53:17 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys.bak [2014/01/15 21:53:11 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys.bak [2014/01/15 21:53:09 | 000,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys.bak [2014/01/15 21:53:01 | 000,137,472 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsu.sys.bak [2014/01/15 21:53:00 | 000,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys.bak [2014/01/15 21:52:58 | 004,231,168 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\netw5v32.sys.bak [2014/01/15 21:52:57 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys.bak [2014/01/15 21:52:44 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys.bak [2014/01/15 21:52:43 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys.bak [2014/01/15 21:52:41 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\L1C62x86.sys.bak [2014/01/15 21:52:39 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys.bak [2014/01/15 21:52:35 | 000,269,824 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\drivers\IntcDAud.sys.bak [2014/01/15 21:52:27 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys.bak [2014/01/15 21:52:26 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys.bak [2014/01/15 21:52:25 | 000,041,088 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\HECI.sys.bak [2014/01/15 21:52:22 | 000,187,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS.bak [2014/01/15 21:52:15 | 000,262,824 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1c6232.sys.bak [2014/01/15 21:52:15 | 000,218,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys.bak [2014/01/15 21:52:14 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys.bak [2014/01/15 21:52:13 | 000,055,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dumpfve.sys.bak [2014/01/15 21:52:13 | 000,026,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys.bak [2014/01/15 21:52:13 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys.bak [2014/01/15 21:52:12 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys.bak [2014/01/15 21:52:12 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dmvsc.sys.bak [2014/01/15 21:52:11 | 000,027,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys.bak [2014/01/15 21:52:09 | 000,035,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys.bak [2014/01/15 21:52:08 | 000,140,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys.bak [2014/01/15 21:52:03 | 000,025,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys.bak [2014/01/15 21:52:02 | 000,133,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys.bak [2014/01/15 21:52:01 | 000,259,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys.bak [2014/01/15 21:51:53 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys.bak [2014/01/15 16:29:14 | 000,246,101 | ---- | M] () -- C:\Users\user\Documents\= [2 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ] [1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/01/29 07:47:48 | 000,002,167 | ---- | C] () -- C:\Users\user\Desktop\(c) CJoint.com, 2012.htm [2014/01/25 12:50:41 | 000,001,822 | ---- | C] () -- C:\Users\user\Desktop\Donate.lnk [2014/01/25 12:50:39 | 000,000,962 | ---- | C] () -- C:\Users\user\Desktop\Internet Explorer.lnk [2014/01/25 12:24:00 | 002,698,752 | ---- | C] () -- C:\Users\user\Desktop\Pre_Scan.exe [2014/01/18 15:30:24 | 000,534,643 | ---- | C] () -- C:\Users\user\Desktop\CVPointetNeige2014.pdf [2014/01/15 16:31:10 | 000,246,101 | ---- | C] () -- C:\Users\user\Documents\= [2013/09/27 11:35:57 | 000,008,874 | ---- | C] () -- C:\Windows\cfgall.ini [2012/09/14 20:22:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012/09/14 20:21:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012/09/14 18:43:02 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012/09/14 18:42:59 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2012/09/14 18:42:57 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2012/09/14 18:42:57 | 000,213,332 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2012/09/14 18:42:57 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/11/14 14:48:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVAST Software [2014/02/06 11:37:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ZHP [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< MD5 for: AFD.SYS >[/color] [2011/04/25 04:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys [2010/11/20 09:40:04 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys [2013/09/14 02:57:08 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=66DD39CA12BAEB8D32111581769D9117 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_da50efe2d5eab341\afd.sys [2011/04/25 04:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys [2011/04/25 04:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys [2011/04/25 05:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys [2009/07/14 01:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys [2013/09/14 02:48:58 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=F81BB7E487EDCEAB630A7EE66CF23913 -- C:\Windows\System32\drivers\afd.sys [2013/09/14 02:48:58 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=F81BB7E487EDCEAB630A7EE66CF23913 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_d9b98067bcd7e63c\afd.sys [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 13:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad3

kingk06 · Answer

==> NOTE: Il faut héberger les rapports OTL.txt et Extras.tx qui se trouve sur le bureau, celui-ci étant trop long pour être posté sur le forum Pour héberger le rapport Rendez vous sur le site Cjoint=> https://www.cjoint.com/ si le premier lien ne marche pas ici=>http://pjjoint.malekal.com/ Allez jusqu'au bout de votre désinfection, même si vous notez une amélioration après les premiers outils passés.

Iris 1045 · Answer

OK, c'est fait sur le premier lien

kingk06 · Answer

il faut me donner les 2  lien en change comme tu veut que je vois les rapport !

Iris 1045 · Answer

Désolé 

http://cjoint.com/?3BjsSxWJd2l
http://cjoint.com/?3BjsTbrPhbQ

kingk06 · Answer

essais ceci pour Désinstaller Trend micro/Office scan

Menu Démarrer / Panneau de configuration
Double-clique sur Connexions réseau
Clic droit sur Connexion au réseau local / Propriétés
Dans la fenêtre blanche, tu devrais trouver Trend Micro Common Firewall Driver
Clique dessus pour le mettre en surbrillance puis clique sur Désinstaller puis sur OK
Ferme toutes les fenêtres

Redémarre l'ordinateur

Si OfficeScan est le seul produit Trend Micro installé, supprimer :
C:\Program Files\Trend Micro

Si il y a d'autres produits Trend Micro installés, supprimer :
C:\Program Files\Trend Micro\OfficeScan Client 

==> tuto ici

 pour avast y a de reste fais ceci => https://www.avast.com/fr-fr/uninstall-utility

Iris 1045 · Answer

BOnsoir, 
J'ai désinstallé OfficeScan et suivit la procédure pour Avast, je pense que c'est bon!

kingk06 · Answer

==> As tu encore des soucis? - sinon on passe phase finale "Désinstallation des outils de désinfection" !

Iris 1045 · Answer

Il y a encore cet outil de recherche "search us.com", je ne sais pas si c'est un virus ou pas, sinon je pense que ça va !

kingk06 · Answer

tu le vois ou  search us.com ?

Ce n'est pas vraiment un virus

Désinstaller un programme et extensions Firefox 

essais de faire ceci => 
2)
Note:désactiver provisoirement et seulement le temps de l'utilisation de L'outil la protection en temps réel de ton Antivirus

=> Télécharge Shortcut_Module  sur ton bureau

Ferme toutes les applications en cours, y compris ton navigateur.

=> Lance  Shortcut_Module  exécuter en tant qu'administrateur  sous Windows : 7/8 et Vista

   Le logiciel s'exécute automatiquement Patiente le temps du scan: le PC va redémarrer.
Une fois le PC redémarré, un rapport est généré ici : C:\Shortcut_Module_ Date_Heure.
    Héberge le rapport en utilisant le site  Cjoint.com pour poster le lien dans ta prochaine réponse.

Iris 1045 · Answer

J'ai lencé le logiciel mais un message d'erreur s'affiche : Variable used without being declared.
J'ai essayé plusieurs fois mais toujours la même chose

kingk06 · Answer

Ou tu peux le faire automatiquement avec ce programme : https://forum.malekal.com/viewtopic.php?t=46433&start=
Allez jusqu'au bout de votre désinfection, même si vous notez une amélioration après les premiers outils passés. 

si ça marche pas relance  roguekiller Patiente pendant le pre-scan  puis clic sur  Racc. RAZ 
 
Allez jusqu'au bout de votre désinfection, même si vous notez une amélioration après les premiers outils passés.

Iris1045 · Answer

Ok j'ai réinitialisé manuellement Internet explorer et Google Chrome, je n'ai pas Firefox. 
Je pense que ça a marché, il n'y a plus search.us
Merci!

Iris1045 · Answer

La désinfection est-elle terminée? je dois désinstaller les logiciels, et est ce que microsoft security essential est un bon anti-virus ou je devrais en prendre un autre?
Merci beaucoup pour votre aide

kingk06 · Answer

ok super ce parti pour la finale ;)

microsoft security essential ce boff.. moi je préférè avast 9

il nous reste encore à finaliser, voici la procédure =>

=>SFTGC: (permet simplement de supprimer les fichiers temporaires.)

=>Télécharger SFTGC.exe Enregistrez le fichier sur le bureau.  
 

=> SFTGC compatible avec XP, Vista, Windows 7 et 8 en 32 et 64 bits.

Sous XP:

=> Faire un double clic sur le fichier.

=> Sous les autres versions de Windows:

=> Faire un clic droit sur le fichier et choisir Exécuter en tant qu'administrateur.

=>lancer le nettoyage, cliquer sur Go.

=>Après le nettoyage, un rapport s'ouvrira.

=>Le rapport est sur le bureau (SFT.txt)

=> Pour le poster, hébergez-le ici => https://www.cjoint.com/  si le premier lien ne marche pas ici => http://pjjoint.malekal.com/ 
Important! Si SFTGC  vous invite à redémarrer, s'il vous plaît le faire immédiatement. Si ce n'est pas invité, redémarrez manuellement la machine de toute façon à assurer un nettoyage complet.

puis: ==> 
____________________________________________________________
 
ensuite fais ceci =>

1)Désinstallation des outils de désinfection
Télécharges Delfix ici  Delfix 

Exécutes le en tant qu'administrateur(si tu es sous xp double clic sur le fichier téléchargé) puis une fois sur l'interface coches les cases suivantes


=> Réactive l'Uac (juste pour Vista, Seven et W8)
=> Supprimer les outils de désinfection (coché par défaut)
=> Réinitialisation des paramètres système 
=> purger la restauration du système 

Cliques ensuite sur Exécuter puis patientes pendant le processus de suppression.

Le rapport sera enregistré dans le presse-papier et sur le disque dur (C:\DelFix.txt).
Poste le rapport ==> https://www.cjoint.com/ 

2)N'oublies pas de mettre à jour java adobe reader et flashplayer pour IE (chrome l'intègre déjà)
Un lien utile à lire https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite java => https://www.java.com/fr/download/
N'oublies pas aussi de maintenir Windows à jour via Windows update

voici le lien officiel "adobe" pour le télécharger flashplayer ;) (sauf pour google chrome(lui intègre directement 
https://get.adobe.com/flashplayer/?loc=fr pour la version firefox
http://get.adobe.com/fr/flashplayer/otherversions/ pour les autres versions
Adobe Reader => https://get2.adobe.com/fr/reader/otherversions/

==> N'oubliez pas décochez Macfee !!!



3)Pour nettoyer les fichiers temporaires tu peux utiliser Ccleaner avec tuto pour bien le configurer (https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/#tutoriel-ccleaner
Lien du téléchargement https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
Tu peux aussi utiliser le nettoyeur de disque windows
N'oublies pas de défragmenter de temps en temps ton disque dur soit par le biais de l'utilitaire soit par le biais d'un logiciel tiers comme par exemple Deffagler ou auslogic Disk Defrag

Oublies les genres de nettoyeurs comme Tuneup ,Glary et autre nettoyeurs miracles ils ne te feront que ralentir ta machine et nettoyer plus blanc que blanc peut provoquer de graves dysfonctionnements



4)Sécurise tes navigateurs par exemple avec WOT et simple adblock pour Internet explorer
Pour télécharger WOT pour ie c'est par ici https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
Pour simple adblock c'est par ici http://simple-adblock.com/downloadpage/ (cliques sur Download Installer et pas le lien en dessous !)
Pour chrome(si tu possèdes Chrome)

Wot disponible ici https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=fr
ou ici => https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp

Adblock disponible ici https://www.commentcamarche.net/telecharger/web-internet/2555-adblock-plus-pour-chrome/


Lien du téléchargement pour wot sur firefox
https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/

Lien pour télécharger adblock +

ou ici => https://adblockplus.org/

https://addons.mozilla.org/fr/firefox/addon/adblock-plus/?src=ss


5)Fais attention à ce que tu télécharges où et comment
Evites si possible de télécharger sur O1net,tom's guide,télécharger.com et Softonic et compagnie car ils repackent les logiciels avec des programmes potientellement indésirables
A lire
http://www.stoppublicites.fr/
https://www.malekal.com/adwares-pup-protection/
https://www.malekal.com/qvo6-en-v9-com-isafe-et-trojan-win32-staser/

6)Pourquoi faut-il éviter de télécharger sur du p2p

Les risques sont gros la machine risque de devenir un pc zombie
Un peu de lecture concernant les dangers et le risque
https://forum.malekal.com/viewtopic.php?t=3208&start=
https://forum.malekal.com/viewtopic.php?t=893&start= 
https://www.commentcamarche.net/faq/2981-j-utilise-une-version-piratee-de-windows

7) Sécurisation du PC des logiciels potentiellement indésirables , toolbars , etc...

Lorsqu'on est sous Windows et qu'on adore installer tout un tas de softs étranges, il faut savoir rester vigilant. En effet, certains programmes d'install proposent durant l'installation des toolbars et autres adware qui seront difficiles par la suite à retirer de votre système.

En général, on fait attention, et on décoche les cases qui vont bien, mais il suffit d'une fois, d'un petit coup de barre et on laisse passer la toolbar fatale.

Mais pourquoi se prendre la tête alors qu'un petit soft peut faire le travail pour vous ?

Télécharge : http://unchecky.com/files/upload/unchecky_setup.exe un service qui tourne en tâche de fond sous Windows, qui détectera automatiquement les logiciels additionnels dans les programmes d'installation et qui décochera les cases qu'il faut pour éviter de se faire polluer.

image 1) ici => https://korben.info/app/uploads/2013/12/2013-12-03-11_36_46-Unchecky.png/img
image 2) ici =>  https://korben.info/app/uploads/2013/12/introdution-unchecks-preview.png/img 

inscrive toi sur le forum pour mettre le sujet en résolu si tu ne l'a pas déjà fait !
N'oubliez pas de mettre votre sujet en résolu merci.=>
https://www.commentcamarche.net/infos/25917-forum-ccm-mode-d-emploi-marquer-mon-sujet-comme-resolu/

Sois prudent et bon surf!

Iris1045 · Answer

Super!
Voici déjà le premier lien pour le  rapport SFTGC : http://cjoint.com/?3Blppc6WtAr

kingk06 · Answer

ok la suite  DelFix

Iris1045 · Answer

Voila pour Delfix : http://cjoint.com/?3BlpFPB4LmA

kingk06 · Answer

tu te trompe de rapport tu ma poste le rapport de Shortcut_Module :) 

regarde sur le disque dur (C:\DelFix.txt). 
 
Allez jusqu'au bout de votre désinfection, même si vous notez une amélioration après les premiers outils passés.

Iris1045 · Answer

Sorry !!!! Voila Delfix : 	http://cjoint.com/?3BlruAbKh6j

kingk06 · Answer

ok tt et bon pour moi ;)

N'oubliez pas de mettre votre sujet en résolu merci.=>
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/

Sois prudent et bon surf!

Virus?

77 réponses

Discussions similaires