Pc virus fichier windows
denver
-
Marou81 Messages postés 4472 Statut Membre -
Marou81 Messages postés 4472 Statut Membre -
Bonjour,
en fesant un scan avec avast au demarage il a trouver un fichier infecter mais ses dans un fichier windows d autant plus que mon pc ram enormement et l historique de l utillisation de l'uc monte chaque 100% que fair svp
en fesant un scan avec avast au demarage il a trouver un fichier infecter mais ses dans un fichier windows d autant plus que mon pc ram enormement et l historique de l utillisation de l'uc monte chaque 100% que fair svp
A voir également:
- Pc virus fichier windows
- Fichier bin - Guide
- Fichier epub - Guide
- Fichier rar - Guide
- Comment réduire la taille d'un fichier - Guide
- Reinitialiser pc - Guide
4 réponses
Bonsoir,
Utilise ce logiciel de désinfection généraliste :
▶ Télécharge et installe Malwarebytes' Anti-Malware
▶ A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. Par contre, il n'est pas nécessaire d'activer l'essai gratuit pour la protection.
▶ Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
▶ Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
▶ Sélectionne tes disques durs puis clique sur "Lancer l'examen"
▶ A la fin de l'analyse, clique sur Afficher les résultats
▶ Coche tous les éléments détectés puis clique sur Supprimer la sélection
▶ S'il t'est demandé de redémarrer l'ordinateur, accepte.
▶ Poste dans ta prochaine réponse le rapport apparaissant après la suppression.
A+
Utilise ce logiciel de désinfection généraliste :
▶ Télécharge et installe Malwarebytes' Anti-Malware
▶ A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. Par contre, il n'est pas nécessaire d'activer l'essai gratuit pour la protection.
▶ Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
▶ Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
▶ Sélectionne tes disques durs puis clique sur "Lancer l'examen"
▶ A la fin de l'analyse, clique sur Afficher les résultats
▶ Coche tous les éléments détectés puis clique sur Supprimer la sélection
▶ S'il t'est demandé de redémarrer l'ordinateur, accepte.
▶ Poste dans ta prochaine réponse le rapport apparaissant après la suppression.
A+
Tu les as supprimé ou tu n'as pas pu ? Sinon tu fais le mode rapide (ou complet) en mode sans echec avec prise réseau.
~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par RASOR (29/01/2014 09:22:01)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v32.0.1700.76
---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
CCleaner v4.03 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 7.0.7 - Français
Java 7 Update 51
---\\ Informations sur le système
~ Processor: x86 Family 15 Model 6 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 43 GB (36%) free of 115 GB
---\\ Mode de connexion au système
~ Computer Name: ZOULOU
~ User Name: RASOR
~ All Users Names: SUPPORT_388945a0, RASOR, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\RASOR\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\RASOR\Application Data\
~ %Desktop% : C:\Documents and Settings\RASOR\Bureau\
~ %Favorites% : C:\Documents and Settings\RASOR\Favoris\
~ %LocalAppData% : C:\Documents and Settings\RASOR\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\RASOR\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 43 Go of 115 Go)
D: Hard drive, Flash drive, Thumb drive (Free 86 Go of 112 Go)
E: Hard drive, Flash drive, Thumb drive (Free 4 Go of 6 Go)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.897CA9DA6F568E24549719D5676385A1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.29/10/2013 - 08:57:02.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/188
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 1/13
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 1/540
~ Mon Bureau (My Desktop) : 0/5
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 06s
---\\ Processus lancés
[MD5.471087B5E1E01CC82604E81EA14781D8] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112] [PID.780]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1120]
[MD5.F720502AAA03FAB627A96E5EAADAA28D] - (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) -- C:\Program Files\WinZipper\winzipersvc.exe [424104] [PID.1320]
[MD5.7E48B4958C131E9643DDCD2E7CA3FE9F] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [67584] [PID.2012]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\RunDll32.exe [0] [PID.2032]
[MD5.6B87742F27B087AF7FD4ADC2DB685DE0] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.180]
[MD5.48E6868781B4E8BF4B77DBEC7694BCE8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\program files\real\realplayer\update\realsched.exe [295072] [PID.176]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.188]
[MD5.3CE3A83B39F83B03CF6B722C32F40DB6] - (.Labtec Inc, - Communications Manager.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [488984] [PID.220]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [254336] [PID.320]
[MD5.B03BCD810A2EE089FA08E47B5200BE31] - (.Microsoft Corporation - Media Center Receiver Service.) -- C:\WINDOWS\eHome\ehRecvr.exe [237568] [PID.608]
[MD5.980EEEA91776357518892C5544768E2B] - (.Microsoft Corporation - Service de planification Media Center.) -- C:\WINDOWS\eHome\ehSched.exe [103424] [PID.996]
[MD5.0B66A9A2137213075F753579E7D573A5] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [86140] [PID.1808]
[MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.1928]
[MD5.4C08FB7ACB28689B586D986D3F5826CF] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [49152] [PID.2320]
[MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.2400]
[MD5.5A0C788C5BC5F2C993CB60940ADCF95E] - (.X10 - X10 Module.) -- C:\Program Files\Common Files\X10\Common\X10nets.exe [20480] [PID.2704]
[MD5.39CA47D6A60F8C5CD4A7E17DDD64A13B] - (.Intel Corporation - Pas de description.) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe [176128] [PID.2796]
[MD5.52404CC76E9D53843BDF97564BB16BED] - (.Microsoft Corporation - MCRD Device Service.) -- C:\WINDOWS\ehome\mcrdsvc.exe [99328] [PID.2948]
[MD5.DAEFB050AC8FEE4F1097FCF7CB97220E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\WINDOWS\eHome\ehmsas.exe [46592] [PID.3656]
[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.3980]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2816]
[MD5.3B0BA44D5691E00088B956394FDE64B6] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [866584] [PID.1904]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.3716]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\RASOR\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.nationzoom.com =>Hijacker.NationZoom
G2 - GCE: Preference [User Data\Default] [ahmilhmcinpmpohfoiccaplbhgelbnim] Torntv V6.0 v.1.26.71, (Activé) =>Hijacker.TornTV
G2 - GCE: Preference [User Data\Default] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Désactivé) =>PUP.CacaoWeb
G2 - GCE: Preference [User Data\Default] [mbcjjdjanpccmehilicphhmeobiljcpk] FTdownloader 2 v.2.0 (Désactivé) =>Adware.Downware
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 14 Legitimates Filtered in 00mn 04s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\0\prefs.js
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\0\user.js
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\extensions\user.js
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\oi9effd1.default\prefs.js
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\oi9effd1.default\user.js
M3 - MFPP: Plugins - [RASOR] -- C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\0\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [RASOR] -- C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\extensions\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [RASOR] -- C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\oi9effd1.default\searchplugins\conduit-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [RASOR] -- C:\Program Files\Mozilla FireFox\searchplugins\delta-homes.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [RASOR] -- C:\Program Files\Mozilla FireFox\searchplugins\nationzoom.xml =>Hijacker.NationZoom
M3 - MFPP: Plugins - [RASOR] -- C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml =>Hijacker.Qvo6
M0 - MFSP: prefs.js [RASOR - 0] http://start.mysearchdial.com =>Adware.MyWebSearch
M0 - MFSP: prefs.js [RASOR - extensions] http://start.mysearchdial.com =>Adware.MyWebSearch
M2 - MFEP: prefs.js [RASOR - 0\***@***] [] cacaoweb v1.0.33 (..) =>PUP.CacaoWeb
M2 - MFEP: prefs.js [RASOR - extensions\***@***] [] cacaoweb v1.0.33 (..) =>PUP.CacaoWeb
M2 - MFEP: prefs.js [RASOR - oi9effd1.default\***@***] [] Torntv V6.0 v (..) =>Hijacker.TornTV
P2 - FPN: [HKLM] [@viewpoint.com/VMP] - (.Pas de propriétaire - MetaStream 3 Plugin r4.) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll =>Adware.MetaStream
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.awesomehp.com =>PUP.Awesomehp
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pas de propriétaire - MetaStream 3 Plugin r4.) (No version) -- (.not file.) =>Adware.MetaStream
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 62
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{4982D40A-C53B-4615-B15B-B5B5E98D167C} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: Visionneuse Journal Windows.lnk . (.InstallShield Software Corp. - InstallShield.) -- C:\WINDOWS\Installer\{43DCF766-6838-4F9A-8C91-D92DA586DFA8}\_C68C351F090F4EF39AFB6B7B54014C9E.exe
O4 - GS\Program [AllUsers]: Windows Media Connect.lnk . (.Microsoft Corporation - Microsoft Windows Media Component Removal F.) -- C:\Program Files\Windows Media Connect 2\WMCCFG.exe
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [AllUsers]: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - GS\Program [RASOR]: Badoo Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\Documents and Settings\All Users\Application Data\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - GS\Program [RASOR]: CHAT CARAMELO.lnk . (...) -- C:\chat.CARAMELO\chat.exe
O4 - GS\Program [RASOR]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
~ Global Startup: 20 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - HKLM\..\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] . (.Windows (R) Server 2003 DDK provider - High Definition Audio Property Page Shortcu.) -- C:\WINDOWS\system32\HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] Clé orpheline
O4 - HKLM\..\Run: [Adobe] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\program files\real\realplayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] . (.Labtec Inc, - Communications Manager.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\RunOnce: [20131224] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\cf11f77b-5bcb-4ad9-a78f-3ea9f48fa65e.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1779987661-4062504325-259977925-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL="http://www.carrefour.fr/"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1370282137453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1372762170640
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D8AE549-F014-4430-B4AF-919BD3908615}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D8AE549-F014-4430-B4AF-919BD3908615}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D8AE549-F014-4430-B4AF-919BD3908615}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{3D8AE549-F014-4430-B4AF-919BD3908615}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - C:\Program Files\WinZipper\winzipersvc.exe
O23 - Service: X10 Device Network Service (x10nets) . (.X10 - X10 Module.) - C:\Program Files\Common Files\X10\Common\X10nets.exe
~ Services: 12 Legitimates Filtered in 00mn 15s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\RASOR\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\RASOR\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoforFilesUpdate.job [282] =>P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
~ Scheduled Task: 23 Legitimates Filtered in 00mn 01s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (iSafeNetFilter) . (. - .) - C:\Program Files\iSafe\iSafeNetFilter.sys (.not file.) =>Trojan.Staser
~ Drivers: 106 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\586d9dae738eb48] =>Hijacker.Eazel
[HKCU\Software\AOLToolbar]
[HKCU\Software\BI]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Cr_Installer] =>PUP.CrossRider
[HKCU\Software\Delta]
[HKCU\Software\Duuqu] =>PUP.Duuqu
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\IM]
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\LyricsContainer] =>Adware.AddLyrics
[HKCU\Software\SecretSauce] =>Adware.SecretSauce
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\586d9dae738eb48] =>Hijacker.Eazel
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Deal Boat] =>PUP.RewardsArcade
[HKLM\Software\Delta]
[HKLM\Software\Duuqu] =>PUP.Duuqu
[HKLM\Software\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\MetaStream] =>Adware.MetaStream
[HKLM\Software\Pyro]
[HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\SProtector] =>PUP.Mocaflix
[HKLM\Software\SecretSauce] =>Adware.SecretSauce
[HKLM\Software\TENCENT] =>Adware.TencentAddressBar
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\V9]
[HKLM\Software\Vittalia] =>PUP.Vittalia
[HKLM\Software\deskSvc]
[HKLM\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\mysearchdial] =>Adware.MyWebSearch
[HKLM\Software\supWPM] =>PUP.WpManager
~ Key Software: 327 Legitimates Filtered in 00mn 03s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/09/2013 - 20:15:31 - [0] ----D C:\Program Files\BrowseFox =>Adware.BrowseFox
O43 - CFD: 27/01/2014 - 23:59:23 - [0,001] ----D C:\Program Files\Browsersafeguard =>PUP.BrowserSafeguard
O43 - CFD: 20/12/2013 - 19:20:14 - [0,450] ----D C:\Program Files\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 28/01/2014 - 20:17:56 - [0] ----D C:\Program Files\Duuqu =>PUP.Duuqu
O43 - CFD: 28/01/2014 - 18:53:48 - [0] ----D C:\Program Files\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 27/01/2014 - 23:59:21 - [0,287] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 27/01/2014 - 23:59:21 - [1,115] ----D C:\Program Files\SupTab
O43 - CFD: 28/01/2014 - 19:04:54 - [0,688] ----D C:\Program Files\tuto4pc_fr_46 =>PUP.Eorezo
O43 - CFD: 28/01/2014 - 09:42:41 - [0] ----D C:\Program Files\Fichiers communs\337
O43 - CFD: 17/03/2013 - 00:59:45 - [0] ----D C:\Documents and Settings\All Users\Application Data\Babylon =>PUP.Babylon
O43 - CFD: 07/12/2013 - 16:37:58 - [0,082] ----D C:\Documents and Settings\All Users\Application Data\BitGuard =>PUP.BitGuard
O43 - CFD: 09/01/2014 - 12:55:15 - [1,815] ----D C:\Documents and Settings\All Users\Application Data\eSafe
O43 - CFD: 28/01/2014 - 00:03:38 - [0] ----D C:\Documents and Settings\All Users\Application Data\IePluginService =>Trojan.SProtector
O43 - CFD: 19/09/2013 - 13:11:51 - [2,794] ----D C:\Documents and Settings\All Users\Application Data\InstallMate
O43 - CFD: 09/01/2014 - 17:40:19 - [1,044] ----D C:\Documents and Settings\All Users\Application Data\Tarma Installer =>PUP.Tarma
O43 - CFD: 28/01/2014 - 00:03:38 - [0] ----D C:\Documents and Settings\All Users\Application Data\WPM =>PUP.WpManager
O43 - CFD: 21/01/2014 - 09:45:05 - [-1159,186] ----D C:\Documents and Settings\RASOR\Application Data\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 19/07/2013 - 22:57:05 - [0] ----D C:\Documents and Settings\RASOR\Application Data\eIntaller
O43 - CFD: 04/11/2013 - 20:04:28 - [0,002] ----D C:\Documents and Settings\RASOR\Application Data\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 26/01/2014 - 09:04:00 - [0,460] ----D C:\Documents and Settings\RASOR\Application Data\iSafe =>Trojan.Staser
O43 - CFD: 17/03/2013 - 19:58:42 - [0] ----D C:\Documents and Settings\RASOR\Application Data\NCdownloader
O43 - CFD: 25/12/2013 - 19:20:01 - [0] ----D C:\Documents and Settings\RASOR\Application Data\wp_update =>PUP.WpManager
O43 - CFD: 09/01/2014 - 17:49:26 - [0] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\Deal Boat =>PUP.RewardsArcade
O43 - CFD: 19/07/2013 - 22:56:04 - [0] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\Duuqu =>PUP.Duuqu
O43 - CFD: 28/01/2014 - 09:13:33 - [1,224] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\genienext
O43 - CFD: 21/03/2013 - 11:49:03 - [0] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\MediaGet2 =>PUP.MediaGet
O43 - CFD: 09/04/2013 - 20:45:16 - [0,001] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\PutLockerDownloader =>Spyware.PutLocker
O43 - CFD: 26/01/2014 - 10:20:09 - [0] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\Torntv V6.0 =>Hijacker.TornTV
O43 - CFD: 27/01/2014 - 11:52:07 - [0] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\tuto4pc_fr_46 =>PUP.Eorezo
O43 - CFD: 15/09/2013 - 20:14:24 - [0,001] ----D C:\Documents and Settings\RASOR\Menu Démarrer\Programmes\TornTV.com =>Hijacker.TornTV
~ Program Folder: 204 Legitimates Filtered in 00mn 32s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.07D61111FBC7220F9111C109FA331E38] - 19/01/2014 - 20:08:54 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [17150]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 26/01/2014 - 01:39:56 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.6979C5AD7A636C736EDFD0CD3B241E44] - 26/01/2014 - 01:42:25 ---A- . (...) -- C:\WINDOWS\win.ini [849]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 26/01/2014 - 01:42:37 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 26/01/2014 - 01:42:37 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.94A8EBD816A366041F8CCF5AFD3AB7DE] - 26/01/2014 - 12:11:18 ----- . (...) -- C:\WINDOWS\system32\iyvu9_32.dll [56320]
O44 - LFC:[MD5.AB7194719DF1D202CB6653C2D0357E64] - 26/01/2014 - 14:52:43 ---A- . (...) -- C:\WINDOWS\system32\Repository.reg [13398]
O44 - LFC:[MD5.2F82EF5627DE1730E815C9F62D53C519] - 26/01/2014 - 14:52:43 ---A- . (...) -- C:\WINDOWS\system32\lvcoinst.ini [51370]
O44 - LFC:[MD5.0039497C6F76983CCC79E101D0B489FD] - 29/01/2014 - 00:31:39 ---A- . (...) -- C:\WINDOWS\system32\lvcoinst.log [3792]
O44 - LFC:[MD5.6DD9B143D3BF9D0859C336AF607BA1A4] - 29/01/2014 - 00:32:18 ---A- . (...) -- C:\WINDOWS\wmsetup.log [790]
O44 - LFC:[MD5.ADC57965DD15232989B3CDF054ADF01E] - 29/01/2014 - 00:32:37 ---A- . (...) -- C:\WINDOWS\updspapi.log [1936]
O44 - LFC:[MD5.57C02F0BDE9469CDD9265B9FCBD4B857] - 29/01/2014 - 00:32:38 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.F320995398AB2C50F7D27603D57BE998] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [43115]
O44 - LFC:[MD5.69A2FA98FF267692E05E5A7A5A67E1AA] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\comsetup.log [14178]
O44 - LFC:[MD5.EA8B98CC64958A2AF72C457A4E20E3D3] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\iis6.log [47114]
O44 - LFC:[MD5.FEAE51E6E78058CC287A2020439306D3] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.78B6D3E6A56A0D50C01B4C48200D9828] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\msgsocm.log [2163]
O44 - LFC:[MD5.548E3833BA07FBF524A1AA2EF6944A48] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\msmqinst.log [13172]
O44 - LFC:[MD5.B8ADEE7E5462DBA442CF1A6F5FD381C0] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\netfxocm.log [7581]
O44 - LFC:[MD5.17E8542108E1E3BE7C836E1E4EBB9D2E] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [8701]
O44 - LFC:[MD5.45964178647FFE929E5A16243C27DAA6] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\ocgen.log [20692]
O44 - LFC:[MD5.DDCE0910015198AD493C7071144BA60F] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\ocmsn.log [2394]
O44 - LFC:[MD5.D5639681281C81D068E16F15242EECF7] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\plusoc.log [4823]
O44 - LFC:[MD5.1F1FA0E7C7C7C757E9A9E69D0DDA13FF] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\tabletoc.log [2177]
O44 - LFC:[MD5.898F0F8EE883A50CF955A934046F349C] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\tsoc.log [19748]
O44 - LFC:[MD5.55682F1BFD7B9A050D9A1997C6A9D3C4] - 29/01/2014 - 00:32:46 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [3010]
O44 - LFC:[MD5.8CA18BBA4B6DBB1EA8A3FA67E633A156] - 29/01/2014 - 00:32:46 ---A- . (...) -- C:\WINDOWS\ehOCGen.log [2366]
O44 - LFC:[MD5.420CAF9095309D7DEB8E3A19A850A917] - 29/01/2014 - 00:34:14 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [1492]
O44 - LFC:[MD5.D5E6448859774F2EA72B295B2604F82F] - 29/01/2014 - 09:01:32 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.BD53ABF5FAEBEDC2B7E714DF71BB0925] - 29/01/2014 - 09:01:33 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
~ Files: 74 Legitimates Filtered in 00mn 15s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe" [Enabled] .(...) -- C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" [Enabled] .(...) -- C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Games\Age of Empires III\age3.EXE" [Enabled] .(...) -- C:\Program Files\Microsoft Games\Age of Empires III\age3.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dmwu.exe" [Enabled] .(...) -- C:\WINDOWS\system32\dmwu.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\GoforFiles\goforfilesdl.exe" [Enabled] .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O47 - AAKE:Key Export SP - "C:\Program Files\GoforFiles\GoforFiles.exe" [Enabled] .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.524\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.524\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Games\Diablo.III.Collectors.Edition\Diablo III.exe" [Enabled] .(...) -- C:\Program Files\Games\Diablo.III.Collectors.Edition\Diablo III.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" [Enabled] .(...) -- C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2006\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2006\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
O47 - AAKE:Key Export SP - "C:\Program Files\TornTV.com\TornTV Downloader.exe" [Enabled] .(...) -- C:\Program Files\TornTV.com\TornTV Downloader.exe (.not file.) =>Hijacker.TornTV
O47 - AAKE:Key Export SP - "C:\Program Files\ExpressFiles\expressdl.exe" [Enabled] .(...) -- C:\Program Files\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O47 - AAKE:Key Export SP - "C:\Program Files\ExpressFiles\ExpressFiles.exe" [Enabled] .(...) -- C:\Program Files\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O47 - AAKE:Key Export SP - "C:\Program Files\cacaoweb\cacaoweb.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O47 - AAKE:Key Export DP - "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe" [Enabled] .(...) -- C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe (.not file.)
~ Keys Export: 50 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2811a45d-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- J:\CDCheck.exe (.not file.)
O51 - MPSK:{2811a461-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- K:\autorun.exe (.not file.)
O51 - MPSK:{2811a463-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- L:\CDCheck.exe (.not file.)
O51 - MPSK:{2811a46b-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- M:\autorun.exe (.not file.)
O51 - MPSK:{2811a472-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- N:\autorun.exe (.not file.)
O51 - MPSK:{2811a48c-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- Q:\MafiaLauncher.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\cacaoweb [Key] . (...) -- C:\Program Files\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O53 - SMSR:HKLM\...\startupreg\FrameFox Extensions [Key] . (...) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe (.not file.) =>PUP.FrameFox
O53 - SMSR:HKLM\...\startupreg\mobilegeni daemon [Key] . (...) -- C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O53 - SMSR:HKLM\...\startupreg\Torntv Downloader [Key] . (...) -- C:\Program Files\TornTV.com\Torntv Downloader.exe (.not file.) =>Hijacker.TornTV
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Documents and Settings\RASOR\Application Data\uTorrent\uTorrent.exe (.not file.) =>P2P.µTorrent
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "InstallVisualStyle"=1
O55 - MWPS:[HKLM\...\Policies\System] - "InstallTheme"=1
~ MWPS: 7 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 09/01/2014 - 18:08:47 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 09/01/2014 - 18:08:47 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 10/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.D7FCADA6833A0E243CA89C03BD559BD9] - 12/05/2005 - 14:39:56 ---A- . (.C-Media Inc. - C-Media Audio WDM Driver.) -- C:\WINDOWS\system32\Drivers\cmudax.sys [1287296]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 08:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.160B24FD894E79E71C983EA403A6E6E7] - 17/03/2004 - 15:10:40 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [113664]
O58 - SDL:[MD5.B72E763EB92B8DBE45C455BA6E4BABD0] - 06/03/2007 - 17:50:30 ---A- . (...) -- C:\WINDOWS\system32\Drivers\Lvckap.sys [1669664]
O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 13/04/2008 - 10:23:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 13/04/2008 - 10:23:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 13/04/2008 - 08:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 13/04/2008 - 10:23:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 10/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 13/04/2008 - 10:23:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 13/04/2008 - 10:23:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 13/04/2008 - 10:23:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 13/04/2008 - 10:23:48 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 13/04/2008 - 10:23:48 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 10/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.B8F745105DB057CB32DE5D1152D47975] - 13/06/2005 - 10:50:38 ---A- . (.X10 Wireless Technology, Inc. - X10 HID Control Interface.) -- C:\WINDOWS\system32\Drivers\x10hid.sys [7040]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 7 Legitimates Filtered in 00mn 04s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 22/08/2013 - C:\Program Files\WinZipper\winzipersvc.exe (winzipersvc) .(.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - LEGACY_WINZIPERSVC
~ Legacy: 145 Legitimates Filtered in 00mn 01s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [RASOR - 0] user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzutDtDtCyCtCyByD0Czy0AzytA0C[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - 0] user_pref("browser.search.selectedEngine", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - 0] user_pref("browser.search.defaultenginename", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - extensions] user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzutDtDtCyCtCyByD0Czy0AzytA0C[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - extensions] user_pref("browser.search.selectedEngine", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - extensions] user_pref("browser.search.defaultenginename", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - oi9effd1.default] user_pref("extensions.crossrider.bic", "143ce8839771a031e8be1317f08e87d8"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {6E5E71DE-C30D-4C06-FB4F-6AE65DBC697A} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {F0091187-00CD-4A7A-822B-1D64E628B3B2} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} - (BasicServe) - http://www.basicserve.com =>Adware.BasicScan
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} - (BasicServe) - http://www.basicserve.com =>Adware.BasicScan
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.7F9B295FDF0ED9FB4B94E08F201CDE6B] [SPRF][28/12/2012] (...) -- C:\Documents and Settings\RASOR\Local Settings\Application Data\fusioncache.dat [128]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\586d9dae738eb48\2.6.1519.190\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\2.6.1673.238\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\2.6.1694.246\upd]:="upd=" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\2.7.1769.27\upd]:="upd=" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\2.7.1832.68\upd]:="upd=" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:exeName="BrowserDefender.exe" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:folderName="BrowserDefender" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:exeName="BrowserDefender.exe" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:folderName="BrowserDefender" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:version="2.6.1694.246" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:version="2.7.1769.27" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48]:version="2.7.1832.68" =>Hijacker.Eazel
[HKLM\Software\586d9dae738eb48]:version="2.7.1832.68" =>Hijacker.Eazel
~ Export Key Software: Scanned in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.B404E030216F6500B94E71A87FD53703] [WIS][24/01/2014] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\653910d.msi [1610240]
~ WIS: 77 Legitimates Filtered in 00mn 05s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/02/2010 593920 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 26/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 26/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 06/03/2007 105248 | (LVSrvLauncher) . (.Labtec Inc..) - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
SS - | Demand 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 16/03/2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Fichiers communs\Steam\SteamService.exe
SR - | Auto 11/02/2010 602112 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SR - | Auto 09/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/12/2005 176128 | (ELService) . (.Intel Corporation.) - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
SR - | Auto 12/10/2005 86140 | (IAANTMon) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
SR - | Auto 26/01/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 29/11/2012 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 22/08/2013 424104 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files\WinZipper\winzipersvc.exe
SR - | Auto 12/11/2001 20480 | (x10nets) . (.X10.) - C:\Program Files\Common Files\X10\Common\X10nets.exe
~ Services: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 108
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 40
Fichiers trouvés (Files found) : 22
[HKLM\Software\Google\Chrome\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim] =>Hijacker.TornTV^
[HKLM\Software\Google\Chrome\Extensions\leahdjjpjmnamomgpojikeapflgbmjab] =>PUP.CacaoWeb^
[HKLM\Software\Google\Chrome\Extensions\mbcjjdjanpccmehilicphhmeobiljcpk] =>Adware.Downware^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb] =>PUP.CacaoWeb^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\FrameFox Extensions] =>PUP.FrameFox^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon] =>PUP.Mobogenie^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Torntv Downloader] =>Hijacker.TornTV^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.µTorrent^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Cl
~ Lancé par RASOR (29/01/2014 09:22:01)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v32.0.1700.76
---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
CCleaner v4.03 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 7.0.7 - Français
Java 7 Update 51
---\\ Informations sur le système
~ Processor: x86 Family 15 Model 6 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 43 GB (36%) free of 115 GB
---\\ Mode de connexion au système
~ Computer Name: ZOULOU
~ User Name: RASOR
~ All Users Names: SUPPORT_388945a0, RASOR, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\RASOR\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\RASOR\Application Data\
~ %Desktop% : C:\Documents and Settings\RASOR\Bureau\
~ %Favorites% : C:\Documents and Settings\RASOR\Favoris\
~ %LocalAppData% : C:\Documents and Settings\RASOR\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\RASOR\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 43 Go of 115 Go)
D: Hard drive, Flash drive, Thumb drive (Free 86 Go of 112 Go)
E: Hard drive, Flash drive, Thumb drive (Free 4 Go of 6 Go)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.897CA9DA6F568E24549719D5676385A1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.29/10/2013 - 08:57:02.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/188
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 1/13
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 1/540
~ Mon Bureau (My Desktop) : 0/5
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 06s
---\\ Processus lancés
[MD5.471087B5E1E01CC82604E81EA14781D8] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112] [PID.780]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1120]
[MD5.F720502AAA03FAB627A96E5EAADAA28D] - (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) -- C:\Program Files\WinZipper\winzipersvc.exe [424104] [PID.1320]
[MD5.7E48B4958C131E9643DDCD2E7CA3FE9F] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [67584] [PID.2012]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\RunDll32.exe [0] [PID.2032]
[MD5.6B87742F27B087AF7FD4ADC2DB685DE0] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.180]
[MD5.48E6868781B4E8BF4B77DBEC7694BCE8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\program files\real\realplayer\update\realsched.exe [295072] [PID.176]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.188]
[MD5.3CE3A83B39F83B03CF6B722C32F40DB6] - (.Labtec Inc, - Communications Manager.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [488984] [PID.220]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [254336] [PID.320]
[MD5.B03BCD810A2EE089FA08E47B5200BE31] - (.Microsoft Corporation - Media Center Receiver Service.) -- C:\WINDOWS\eHome\ehRecvr.exe [237568] [PID.608]
[MD5.980EEEA91776357518892C5544768E2B] - (.Microsoft Corporation - Service de planification Media Center.) -- C:\WINDOWS\eHome\ehSched.exe [103424] [PID.996]
[MD5.0B66A9A2137213075F753579E7D573A5] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [86140] [PID.1808]
[MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.1928]
[MD5.4C08FB7ACB28689B586D986D3F5826CF] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [49152] [PID.2320]
[MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.2400]
[MD5.5A0C788C5BC5F2C993CB60940ADCF95E] - (.X10 - X10 Module.) -- C:\Program Files\Common Files\X10\Common\X10nets.exe [20480] [PID.2704]
[MD5.39CA47D6A60F8C5CD4A7E17DDD64A13B] - (.Intel Corporation - Pas de description.) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe [176128] [PID.2796]
[MD5.52404CC76E9D53843BDF97564BB16BED] - (.Microsoft Corporation - MCRD Device Service.) -- C:\WINDOWS\ehome\mcrdsvc.exe [99328] [PID.2948]
[MD5.DAEFB050AC8FEE4F1097FCF7CB97220E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\WINDOWS\eHome\ehmsas.exe [46592] [PID.3656]
[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.3980]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2816]
[MD5.3B0BA44D5691E00088B956394FDE64B6] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [866584] [PID.1904]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.3716]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\RASOR\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.nationzoom.com =>Hijacker.NationZoom
G2 - GCE: Preference [User Data\Default] [ahmilhmcinpmpohfoiccaplbhgelbnim] Torntv V6.0 v.1.26.71, (Activé) =>Hijacker.TornTV
G2 - GCE: Preference [User Data\Default] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Désactivé) =>PUP.CacaoWeb
G2 - GCE: Preference [User Data\Default] [mbcjjdjanpccmehilicphhmeobiljcpk] FTdownloader 2 v.2.0 (Désactivé) =>Adware.Downware
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 14 Legitimates Filtered in 00mn 04s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\0\prefs.js
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\0\user.js
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\extensions\user.js
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\oi9effd1.default\prefs.js
C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\oi9effd1.default\user.js
M3 - MFPP: Plugins - [RASOR] -- C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\0\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [RASOR] -- C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\extensions\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [RASOR] -- C:\Documents and Settings\RASOR\Application Data\Mozilla\Firefox\Profiles\oi9effd1.default\searchplugins\conduit-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [RASOR] -- C:\Program Files\Mozilla FireFox\searchplugins\delta-homes.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [RASOR] -- C:\Program Files\Mozilla FireFox\searchplugins\nationzoom.xml =>Hijacker.NationZoom
M3 - MFPP: Plugins - [RASOR] -- C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml =>Hijacker.Qvo6
M0 - MFSP: prefs.js [RASOR - 0] http://start.mysearchdial.com =>Adware.MyWebSearch
M0 - MFSP: prefs.js [RASOR - extensions] http://start.mysearchdial.com =>Adware.MyWebSearch
M2 - MFEP: prefs.js [RASOR - 0\***@***] [] cacaoweb v1.0.33 (..) =>PUP.CacaoWeb
M2 - MFEP: prefs.js [RASOR - extensions\***@***] [] cacaoweb v1.0.33 (..) =>PUP.CacaoWeb
M2 - MFEP: prefs.js [RASOR - oi9effd1.default\***@***] [] Torntv V6.0 v (..) =>Hijacker.TornTV
P2 - FPN: [HKLM] [@viewpoint.com/VMP] - (.Pas de propriétaire - MetaStream 3 Plugin r4.) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll =>Adware.MetaStream
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.awesomehp.com =>PUP.Awesomehp
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pas de propriétaire - MetaStream 3 Plugin r4.) (No version) -- (.not file.) =>Adware.MetaStream
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 62
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{4982D40A-C53B-4615-B15B-B5B5E98D167C} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: Visionneuse Journal Windows.lnk . (.InstallShield Software Corp. - InstallShield.) -- C:\WINDOWS\Installer\{43DCF766-6838-4F9A-8C91-D92DA586DFA8}\_C68C351F090F4EF39AFB6B7B54014C9E.exe
O4 - GS\Program [AllUsers]: Windows Media Connect.lnk . (.Microsoft Corporation - Microsoft Windows Media Component Removal F.) -- C:\Program Files\Windows Media Connect 2\WMCCFG.exe
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [AllUsers]: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - GS\Program [RASOR]: Badoo Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\Documents and Settings\All Users\Application Data\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - GS\Program [RASOR]: CHAT CARAMELO.lnk . (...) -- C:\chat.CARAMELO\chat.exe
O4 - GS\Program [RASOR]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
~ Global Startup: 20 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - HKLM\..\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] . (.Windows (R) Server 2003 DDK provider - High Definition Audio Property Page Shortcu.) -- C:\WINDOWS\system32\HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] Clé orpheline
O4 - HKLM\..\Run: [Adobe] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\program files\real\realplayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] . (.Labtec Inc, - Communications Manager.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\RunOnce: [20131224] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\cf11f77b-5bcb-4ad9-a78f-3ea9f48fa65e.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1779987661-4062504325-259977925-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL="http://www.carrefour.fr/"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1370282137453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1372762170640
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D8AE549-F014-4430-B4AF-919BD3908615}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D8AE549-F014-4430-B4AF-919BD3908615}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D8AE549-F014-4430-B4AF-919BD3908615}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{3D8AE549-F014-4430-B4AF-919BD3908615}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - C:\Program Files\WinZipper\winzipersvc.exe
O23 - Service: X10 Device Network Service (x10nets) . (.X10 - X10 Module.) - C:\Program Files\Common Files\X10\Common\X10nets.exe
~ Services: 12 Legitimates Filtered in 00mn 15s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\RASOR\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\RASOR\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoforFilesUpdate.job [282] =>P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
~ Scheduled Task: 23 Legitimates Filtered in 00mn 01s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (iSafeNetFilter) . (. - .) - C:\Program Files\iSafe\iSafeNetFilter.sys (.not file.) =>Trojan.Staser
~ Drivers: 106 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\586d9dae738eb48] =>Hijacker.Eazel
[HKCU\Software\AOLToolbar]
[HKCU\Software\BI]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Cr_Installer] =>PUP.CrossRider
[HKCU\Software\Delta]
[HKCU\Software\Duuqu] =>PUP.Duuqu
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\IM]
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\LyricsContainer] =>Adware.AddLyrics
[HKCU\Software\SecretSauce] =>Adware.SecretSauce
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\586d9dae738eb48] =>Hijacker.Eazel
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Deal Boat] =>PUP.RewardsArcade
[HKLM\Software\Delta]
[HKLM\Software\Duuqu] =>PUP.Duuqu
[HKLM\Software\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\MetaStream] =>Adware.MetaStream
[HKLM\Software\Pyro]
[HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\SProtector] =>PUP.Mocaflix
[HKLM\Software\SecretSauce] =>Adware.SecretSauce
[HKLM\Software\TENCENT] =>Adware.TencentAddressBar
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\V9]
[HKLM\Software\Vittalia] =>PUP.Vittalia
[HKLM\Software\deskSvc]
[HKLM\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\mysearchdial] =>Adware.MyWebSearch
[HKLM\Software\supWPM] =>PUP.WpManager
~ Key Software: 327 Legitimates Filtered in 00mn 03s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/09/2013 - 20:15:31 - [0] ----D C:\Program Files\BrowseFox =>Adware.BrowseFox
O43 - CFD: 27/01/2014 - 23:59:23 - [0,001] ----D C:\Program Files\Browsersafeguard =>PUP.BrowserSafeguard
O43 - CFD: 20/12/2013 - 19:20:14 - [0,450] ----D C:\Program Files\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 28/01/2014 - 20:17:56 - [0] ----D C:\Program Files\Duuqu =>PUP.Duuqu
O43 - CFD: 28/01/2014 - 18:53:48 - [0] ----D C:\Program Files\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 27/01/2014 - 23:59:21 - [0,287] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 27/01/2014 - 23:59:21 - [1,115] ----D C:\Program Files\SupTab
O43 - CFD: 28/01/2014 - 19:04:54 - [0,688] ----D C:\Program Files\tuto4pc_fr_46 =>PUP.Eorezo
O43 - CFD: 28/01/2014 - 09:42:41 - [0] ----D C:\Program Files\Fichiers communs\337
O43 - CFD: 17/03/2013 - 00:59:45 - [0] ----D C:\Documents and Settings\All Users\Application Data\Babylon =>PUP.Babylon
O43 - CFD: 07/12/2013 - 16:37:58 - [0,082] ----D C:\Documents and Settings\All Users\Application Data\BitGuard =>PUP.BitGuard
O43 - CFD: 09/01/2014 - 12:55:15 - [1,815] ----D C:\Documents and Settings\All Users\Application Data\eSafe
O43 - CFD: 28/01/2014 - 00:03:38 - [0] ----D C:\Documents and Settings\All Users\Application Data\IePluginService =>Trojan.SProtector
O43 - CFD: 19/09/2013 - 13:11:51 - [2,794] ----D C:\Documents and Settings\All Users\Application Data\InstallMate
O43 - CFD: 09/01/2014 - 17:40:19 - [1,044] ----D C:\Documents and Settings\All Users\Application Data\Tarma Installer =>PUP.Tarma
O43 - CFD: 28/01/2014 - 00:03:38 - [0] ----D C:\Documents and Settings\All Users\Application Data\WPM =>PUP.WpManager
O43 - CFD: 21/01/2014 - 09:45:05 - [-1159,186] ----D C:\Documents and Settings\RASOR\Application Data\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 19/07/2013 - 22:57:05 - [0] ----D C:\Documents and Settings\RASOR\Application Data\eIntaller
O43 - CFD: 04/11/2013 - 20:04:28 - [0,002] ----D C:\Documents and Settings\RASOR\Application Data\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 26/01/2014 - 09:04:00 - [0,460] ----D C:\Documents and Settings\RASOR\Application Data\iSafe =>Trojan.Staser
O43 - CFD: 17/03/2013 - 19:58:42 - [0] ----D C:\Documents and Settings\RASOR\Application Data\NCdownloader
O43 - CFD: 25/12/2013 - 19:20:01 - [0] ----D C:\Documents and Settings\RASOR\Application Data\wp_update =>PUP.WpManager
O43 - CFD: 09/01/2014 - 17:49:26 - [0] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\Deal Boat =>PUP.RewardsArcade
O43 - CFD: 19/07/2013 - 22:56:04 - [0] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\Duuqu =>PUP.Duuqu
O43 - CFD: 28/01/2014 - 09:13:33 - [1,224] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\genienext
O43 - CFD: 21/03/2013 - 11:49:03 - [0] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\MediaGet2 =>PUP.MediaGet
O43 - CFD: 09/04/2013 - 20:45:16 - [0,001] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\PutLockerDownloader =>Spyware.PutLocker
O43 - CFD: 26/01/2014 - 10:20:09 - [0] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\Torntv V6.0 =>Hijacker.TornTV
O43 - CFD: 27/01/2014 - 11:52:07 - [0] ----D C:\Documents and Settings\RASOR\Local Settings\Application Data\tuto4pc_fr_46 =>PUP.Eorezo
O43 - CFD: 15/09/2013 - 20:14:24 - [0,001] ----D C:\Documents and Settings\RASOR\Menu Démarrer\Programmes\TornTV.com =>Hijacker.TornTV
~ Program Folder: 204 Legitimates Filtered in 00mn 32s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.07D61111FBC7220F9111C109FA331E38] - 19/01/2014 - 20:08:54 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [17150]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 26/01/2014 - 01:39:56 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.6979C5AD7A636C736EDFD0CD3B241E44] - 26/01/2014 - 01:42:25 ---A- . (...) -- C:\WINDOWS\win.ini [849]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 26/01/2014 - 01:42:37 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 26/01/2014 - 01:42:37 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.94A8EBD816A366041F8CCF5AFD3AB7DE] - 26/01/2014 - 12:11:18 ----- . (...) -- C:\WINDOWS\system32\iyvu9_32.dll [56320]
O44 - LFC:[MD5.AB7194719DF1D202CB6653C2D0357E64] - 26/01/2014 - 14:52:43 ---A- . (...) -- C:\WINDOWS\system32\Repository.reg [13398]
O44 - LFC:[MD5.2F82EF5627DE1730E815C9F62D53C519] - 26/01/2014 - 14:52:43 ---A- . (...) -- C:\WINDOWS\system32\lvcoinst.ini [51370]
O44 - LFC:[MD5.0039497C6F76983CCC79E101D0B489FD] - 29/01/2014 - 00:31:39 ---A- . (...) -- C:\WINDOWS\system32\lvcoinst.log [3792]
O44 - LFC:[MD5.6DD9B143D3BF9D0859C336AF607BA1A4] - 29/01/2014 - 00:32:18 ---A- . (...) -- C:\WINDOWS\wmsetup.log [790]
O44 - LFC:[MD5.ADC57965DD15232989B3CDF054ADF01E] - 29/01/2014 - 00:32:37 ---A- . (...) -- C:\WINDOWS\updspapi.log [1936]
O44 - LFC:[MD5.57C02F0BDE9469CDD9265B9FCBD4B857] - 29/01/2014 - 00:32:38 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.F320995398AB2C50F7D27603D57BE998] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [43115]
O44 - LFC:[MD5.69A2FA98FF267692E05E5A7A5A67E1AA] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\comsetup.log [14178]
O44 - LFC:[MD5.EA8B98CC64958A2AF72C457A4E20E3D3] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\iis6.log [47114]
O44 - LFC:[MD5.FEAE51E6E78058CC287A2020439306D3] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.78B6D3E6A56A0D50C01B4C48200D9828] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\msgsocm.log [2163]
O44 - LFC:[MD5.548E3833BA07FBF524A1AA2EF6944A48] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\msmqinst.log [13172]
O44 - LFC:[MD5.B8ADEE7E5462DBA442CF1A6F5FD381C0] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\netfxocm.log [7581]
O44 - LFC:[MD5.17E8542108E1E3BE7C836E1E4EBB9D2E] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [8701]
O44 - LFC:[MD5.45964178647FFE929E5A16243C27DAA6] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\ocgen.log [20692]
O44 - LFC:[MD5.DDCE0910015198AD493C7071144BA60F] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\ocmsn.log [2394]
O44 - LFC:[MD5.D5639681281C81D068E16F15242EECF7] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\plusoc.log [4823]
O44 - LFC:[MD5.1F1FA0E7C7C7C757E9A9E69D0DDA13FF] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\tabletoc.log [2177]
O44 - LFC:[MD5.898F0F8EE883A50CF955A934046F349C] - 29/01/2014 - 00:32:45 ---A- . (...) -- C:\WINDOWS\tsoc.log [19748]
O44 - LFC:[MD5.55682F1BFD7B9A050D9A1997C6A9D3C4] - 29/01/2014 - 00:32:46 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [3010]
O44 - LFC:[MD5.8CA18BBA4B6DBB1EA8A3FA67E633A156] - 29/01/2014 - 00:32:46 ---A- . (...) -- C:\WINDOWS\ehOCGen.log [2366]
O44 - LFC:[MD5.420CAF9095309D7DEB8E3A19A850A917] - 29/01/2014 - 00:34:14 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [1492]
O44 - LFC:[MD5.D5E6448859774F2EA72B295B2604F82F] - 29/01/2014 - 09:01:32 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.BD53ABF5FAEBEDC2B7E714DF71BB0925] - 29/01/2014 - 09:01:33 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
~ Files: 74 Legitimates Filtered in 00mn 15s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe" [Enabled] .(...) -- C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" [Enabled] .(...) -- C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Games\Age of Empires III\age3.EXE" [Enabled] .(...) -- C:\Program Files\Microsoft Games\Age of Empires III\age3.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dmwu.exe" [Enabled] .(...) -- C:\WINDOWS\system32\dmwu.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\GoforFiles\goforfilesdl.exe" [Enabled] .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O47 - AAKE:Key Export SP - "C:\Program Files\GoforFiles\GoforFiles.exe" [Enabled] .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.524\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.524\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Games\Diablo.III.Collectors.Edition\Diablo III.exe" [Enabled] .(...) -- C:\Program Files\Games\Diablo.III.Collectors.Edition\Diablo III.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" [Enabled] .(...) -- C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2006\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2006\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
O47 - AAKE:Key Export SP - "C:\Program Files\TornTV.com\TornTV Downloader.exe" [Enabled] .(...) -- C:\Program Files\TornTV.com\TornTV Downloader.exe (.not file.) =>Hijacker.TornTV
O47 - AAKE:Key Export SP - "C:\Program Files\ExpressFiles\expressdl.exe" [Enabled] .(...) -- C:\Program Files\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O47 - AAKE:Key Export SP - "C:\Program Files\ExpressFiles\ExpressFiles.exe" [Enabled] .(...) -- C:\Program Files\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O47 - AAKE:Key Export SP - "C:\Program Files\cacaoweb\cacaoweb.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O47 - AAKE:Key Export DP - "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe" [Enabled] .(...) -- C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe (.not file.)
~ Keys Export: 50 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2811a45d-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- J:\CDCheck.exe (.not file.)
O51 - MPSK:{2811a461-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- K:\autorun.exe (.not file.)
O51 - MPSK:{2811a463-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- L:\CDCheck.exe (.not file.)
O51 - MPSK:{2811a46b-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- M:\autorun.exe (.not file.)
O51 - MPSK:{2811a472-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- N:\autorun.exe (.not file.)
O51 - MPSK:{2811a48c-8e63-11e2-bcda-00038a000015}\AutoRun\command. (...) -- Q:\MafiaLauncher.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\cacaoweb [Key] . (...) -- C:\Program Files\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O53 - SMSR:HKLM\...\startupreg\FrameFox Extensions [Key] . (...) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe (.not file.) =>PUP.FrameFox
O53 - SMSR:HKLM\...\startupreg\mobilegeni daemon [Key] . (...) -- C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O53 - SMSR:HKLM\...\startupreg\Torntv Downloader [Key] . (...) -- C:\Program Files\TornTV.com\Torntv Downloader.exe (.not file.) =>Hijacker.TornTV
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Documents and Settings\RASOR\Application Data\uTorrent\uTorrent.exe (.not file.) =>P2P.µTorrent
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "InstallVisualStyle"=1
O55 - MWPS:[HKLM\...\Policies\System] - "InstallTheme"=1
~ MWPS: 7 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 09/01/2014 - 18:08:47 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 09/01/2014 - 18:08:47 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 10/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.D7FCADA6833A0E243CA89C03BD559BD9] - 12/05/2005 - 14:39:56 ---A- . (.C-Media Inc. - C-Media Audio WDM Driver.) -- C:\WINDOWS\system32\Drivers\cmudax.sys [1287296]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 08:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.160B24FD894E79E71C983EA403A6E6E7] - 17/03/2004 - 15:10:40 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [113664]
O58 - SDL:[MD5.B72E763EB92B8DBE45C455BA6E4BABD0] - 06/03/2007 - 17:50:30 ---A- . (...) -- C:\WINDOWS\system32\Drivers\Lvckap.sys [1669664]
O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 13/04/2008 - 10:23:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 13/04/2008 - 10:23:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 13/04/2008 - 08:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 13/04/2008 - 10:23:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 10/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 13/04/2008 - 10:23:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 13/04/2008 - 10:23:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 13/04/2008 - 10:23:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 13/04/2008 - 10:23:48 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 13/04/2008 - 10:23:48 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 10/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.B8F745105DB057CB32DE5D1152D47975] - 13/06/2005 - 10:50:38 ---A- . (.X10 Wireless Technology, Inc. - X10 HID Control Interface.) -- C:\WINDOWS\system32\Drivers\x10hid.sys [7040]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 10/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 7 Legitimates Filtered in 00mn 04s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 22/08/2013 - C:\Program Files\WinZipper\winzipersvc.exe (winzipersvc) .(.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - LEGACY_WINZIPERSVC
~ Legacy: 145 Legitimates Filtered in 00mn 01s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [RASOR - 0] user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzutDtDtCyCtCyByD0Czy0AzytA0C[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - 0] user_pref("browser.search.selectedEngine", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - 0] user_pref("browser.search.defaultenginename", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - extensions] user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzutDtDtCyCtCyByD0Czy0AzytA0C[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - extensions] user_pref("browser.search.selectedEngine", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - extensions] user_pref("browser.search.defaultenginename", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [RASOR - oi9effd1.default] user_pref("extensions.crossrider.bic", "143ce8839771a031e8be1317f08e87d8"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {6E5E71DE-C30D-4C06-FB4F-6AE65DBC697A} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {F0091187-00CD-4A7A-822B-1D64E628B3B2} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} - (BasicServe) - http://www.basicserve.com =>Adware.BasicScan
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} - (BasicServe) - http://www.basicserve.com =>Adware.BasicScan
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.7F9B295FDF0ED9FB4B94E08F201CDE6B] [SPRF][28/12/2012] (...) -- C:\Documents and Settings\RASOR\Local Settings\Application Data\fusioncache.dat [128]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\586d9dae738eb48\2.6.1519.190\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\2.6.1673.238\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\2.6.1694.246\upd]:="upd=" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\2.7.1769.27\upd]:="upd=" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\2.7.1832.68\upd]:="upd=" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:exeName="BrowserDefender.exe" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:folderName="BrowserDefender" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:exeName="BrowserDefender.exe" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:folderName="BrowserDefender" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:version="2.6.1694.246" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:version="2.7.1769.27" =>Hijacker.Eazel
[HKCU\Software\586d9dae738eb48]:version="2.7.1832.68" =>Hijacker.Eazel
[HKLM\Software\586d9dae738eb48]:version="2.7.1832.68" =>Hijacker.Eazel
~ Export Key Software: Scanned in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.B404E030216F6500B94E71A87FD53703] [WIS][24/01/2014] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\653910d.msi [1610240]
~ WIS: 77 Legitimates Filtered in 00mn 05s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/02/2010 593920 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 26/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 26/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 06/03/2007 105248 | (LVSrvLauncher) . (.Labtec Inc..) - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
SS - | Demand 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 16/03/2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Fichiers communs\Steam\SteamService.exe
SR - | Auto 11/02/2010 602112 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SR - | Auto 09/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/12/2005 176128 | (ELService) . (.Intel Corporation.) - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
SR - | Auto 12/10/2005 86140 | (IAANTMon) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
SR - | Auto 26/01/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 29/11/2012 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 22/08/2013 424104 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files\WinZipper\winzipersvc.exe
SR - | Auto 12/11/2001 20480 | (x10nets) . (.X10.) - C:\Program Files\Common Files\X10\Common\X10nets.exe
~ Services: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 108
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 40
Fichiers trouvés (Files found) : 22
[HKLM\Software\Google\Chrome\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim] =>Hijacker.TornTV^
[HKLM\Software\Google\Chrome\Extensions\leahdjjpjmnamomgpojikeapflgbmjab] =>PUP.CacaoWeb^
[HKLM\Software\Google\Chrome\Extensions\mbcjjdjanpccmehilicphhmeobiljcpk] =>Adware.Downware^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb] =>PUP.CacaoWeb^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\FrameFox Extensions] =>PUP.FrameFox^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon] =>PUP.Mobogenie^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Torntv Downloader] =>Hijacker.TornTV^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.µTorrent^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Cl
Bonsoir,
Refais tout ce qui est demandé et n'installe rien d'autres pendant la désinfection.
Utilise cet outil de désinfection spécifique aux logiciels publicitaires :
▶ Télécharge AdwCleaner (de Xplode) sur ton Bureau.
▶ Lance le, clique sur Nettoyer puis patiente le temps du scan.
▶ Une fois le nettoyage terminée, un message de prévention va s'afficher, je te conseille de le lire attentivement (n'hésite pas à me poser des questions si tu n'as pas compris certaines choses dans ce message).
▶ Ensuite, le rapport s'ouvrira : poste le dans ta prochaine réponse.
Ensuite télécharge Junk Removal Tool. Suis ce tuto et poste moi le rapport :
https://forum.security-x.fr/tutoriels-317/tutoriel-junkware-removal-tool
Utilise ce logiciel de désinfection généraliste :
▶ Télécharge et installe Malwarebytes' Anti-Malware
▶ A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. Par contre, il n'est pas nécessaire d'activer l'essai gratuit pour la protection.
▶ Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
▶ Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
▶ A la fin de l'analyse, clique sur Afficher les résultats
▶ Coche tous les éléments détectés puis clique sur Supprimer la sélection
▶ S'il t'est demandé de redémarrer l'ordinateur, accepte.
▶ Poste dans ta prochaine réponse le rapport apparaissant après la suppression.
Reparamètre tes navigateurs WEB :
▶ Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
▶ Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
▶ Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
A+
Refais tout ce qui est demandé et n'installe rien d'autres pendant la désinfection.
Utilise cet outil de désinfection spécifique aux logiciels publicitaires :
▶ Télécharge AdwCleaner (de Xplode) sur ton Bureau.
▶ Lance le, clique sur Nettoyer puis patiente le temps du scan.
▶ Une fois le nettoyage terminée, un message de prévention va s'afficher, je te conseille de le lire attentivement (n'hésite pas à me poser des questions si tu n'as pas compris certaines choses dans ce message).
▶ Ensuite, le rapport s'ouvrira : poste le dans ta prochaine réponse.
Ensuite télécharge Junk Removal Tool. Suis ce tuto et poste moi le rapport :
https://forum.security-x.fr/tutoriels-317/tutoriel-junkware-removal-tool
Utilise ce logiciel de désinfection généraliste :
▶ Télécharge et installe Malwarebytes' Anti-Malware
▶ A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. Par contre, il n'est pas nécessaire d'activer l'essai gratuit pour la protection.
▶ Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
▶ Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
▶ A la fin de l'analyse, clique sur Afficher les résultats
▶ Coche tous les éléments détectés puis clique sur Supprimer la sélection
▶ S'il t'est demandé de redémarrer l'ordinateur, accepte.
▶ Poste dans ta prochaine réponse le rapport apparaissant après la suppression.
Reparamètre tes navigateurs WEB :
▶ Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
▶ Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
▶ Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
A+
