Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par soniatsen
#71361
bonjour :hello:
plusieurs pb me préoccupent qui ont sà»rement à  voir avec l'infection du PC
1) quand j'ouvre une session une fenêtre me dit "impossible d'exécuter un programme windows 16 bits mémoire disponible insuffisante pour cette application" (alors que je ne demande rien!)je pense que c'est depuis que cyber patrol a colonisé mon ordi
2) je voudrais ERADIQUER :faché15: cyber patrol et mysearchdial de mon ordi
j'ai essayé de différentes façons avec la doc que j'ai trouvé sur le site "comment ça marche" mais rien ne fonctionne
je n'ai jamais demandé d'aide personnalisée sur d'autre site
j'ai les rapports de Adwcleaner de malewarebytes et de Zhpdiag que je vous envoie
(pour adwcleaner j'ai eu une fenêtre qui m'a indiqué "accès limité du à  la présence de cyber patrol") :faché15:

rapport ADWcleaner
Code: Tout sélectionner
# AdwCleaner v3.017 - Rapport créé le 26/01/2014 à  13:34:55
# Mis à  jour le 12/01/2014 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : l'autre - C-210574CA3F824
# Exécuté depuis : C:\Documents and Settings\l'autre\Local Settings\Temporary Internet Files\Content.IE5\95B9BKY2\adwcleaner[1].exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [37132 octets] - [08/10/2013 10:45:09]
AdwCleaner[R1].txt - [3906 octets] - [08/10/2013 12:01:51]
AdwCleaner[R2].txt - [948 octets] - [24/10/2013 09:40:20]
AdwCleaner[R3].txt - [3522 octets] - [03/12/2013 15:31:46]
AdwCleaner[R4].txt - [1484 octets] - [21/12/2013 16:23:14]
AdwCleaner[R5].txt - [1243 octets] - [22/12/2013 09:46:49]
AdwCleaner[R6].txt - [1626 octets] - [24/01/2014 08:21:06]
AdwCleaner[R7].txt - [1535 octets] - [26/01/2014 13:20:36]
AdwCleaner[S0].txt - [35867 octets] - [08/10/2013 11:06:56]
AdwCleaner[S1].txt - [3903 octets] - [08/10/2013 12:03:51]
AdwCleaner[S2].txt - [3439 octets] - [03/12/2013 15:45:53]
AdwCleaner[S3].txt - [1548 octets] - [21/12/2013 16:46:11]
AdwCleaner[S4].txt - [1305 octets] - [22/12/2013 10:24:02]
AdwCleaner[S5].txt - [1693 octets] - [24/01/2014 08:23:19]
AdwCleaner[S6].txt - [1456 octets] - [26/01/2014 13:34:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1516 octets] ##########
rapport malewarebytes
Code: Tout sélectionner
Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Version de la base de données: v2014.01.24.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
[administrateur]

24/01/2014 09:39:27
mbam-log-2014-01-24 (09-39-27).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM | P2P
Options d'examen désactivées:
Elément(s) analysé(s): 310358
Temps écoulé: 43 minute(s), 18 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
rapport ZHPDiag
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.1.17.19 - Nicolas Coolman (17/01/2014)
~ Lancé par l'autre (24/01/2014 10:50:00)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à  la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
GCIE: Google Chrome

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du système
Trusteer Sécurité des points d'accès v3.5.1304.15
Malwarebytes Anti-Malware version 1.75.0.1300
Norton AntiVirus v21.1.0.18
ESET Online Scanner v3

---\\ Logiciels d'optimisation du système
CCleaner v3.23 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2302 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 33 GB (44%) free of 74 GB

---\\ Mode de connexion au système
~ Computer Name:
~ User Name: l'autre
~ All Users Names: timothée, SUPPORT_388945a0, l'autre, HelpAssistant, cécile, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\l'autre\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\l'autre\Application Data\
~ %Desktop% : C:\Documents and Settings\l'autre\Bureau\
~ %Favorites% : C:\Documents and Settings\l'autre\Favoris\
~ %LocalAppData% : C:\Documents and Settings\l'autre\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\l'autre\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 33 Go of 74 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.897CA9DA6F568E24549719D5676385A1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.29/10/2013 - 08:57:02.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/21
~ Mes musiques (My Musics) : 2/10
~ Mes Videos (My Videos) : 0/54
~ Mes Favoris (My Favorites) : 1/3447
~ Mes Documents (My Documents) : 3/2247
~ Mon Bureau (My Desktop) : 1/2754
~ Menu demarrer (Programs) : 1/129
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.68CCF9573DF16BCE2236E07C430E607D] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [360448] [PID.1000]
[MD5.D11162F92258E1F09CFB4054941F2E24] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120] [PID.1228]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.332]
[MD5.E076BAE968916E9D2980814CA7E7AB8C] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [1786704] [PID.1196]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176] [PID.1204]
[MD5.BECDDA0990DEBD72A30096533521AD73] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe [213384] [PID.1272]
[MD5.4BA84C832E0741A294C4444556DFE993] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928] [PID.924]
[MD5.AC91A8C861299897DAA5F2D48A83DF89] - (.Symantec Corporation - Norton AntiVirus.) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [262288] [PID.1972]
[MD5.3E3A97C7C7E79DF8F08F22F0666D9E03] - (.Symantec Corporation - Norton Identity Safe.) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424] [PID.2040]
[MD5.89525CC2DBAD44F7199B9CC188B3F9C5] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.452]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.4040]
[MD5.F530202CBFCD03173973FD08B5E90883] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe [2480408] [PID.2756]
[MD5.3146161FDD10943C81E49ACF3E2ACBE9] - (.Microsoft Corporation - NTVDM.EXE.) -- C:\WINDOWS\system32\ntvdm.exe [421888] [PID.3928]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\rundll32.exe [0] [PID.2512]
[MD5.CA8D92758501F9BF7726711A87A539C2] - (...) -- C:\WINDOWS\TSNTX.exe [19456] [PID.2628]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.3744]
[MD5.E98D0D64BD25EDCFD3AE0B90514099BA] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [233048] [PID.3612]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.976]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8336896] [PID.3844]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr" onclick="window.open(this.href);return false;
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F3 - REG:win.ini: load=c:\patrol\cp.exe ic.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Identity Safe Toolbar - [HKLM]{A13C2648-91D4-4bf3-BC6D-0079707C4389} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{34EA1C70-42CC-42C5-AA29-EC58B95A343E} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0FC85F5D-6207-4515-A490-45A549D285C0} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{A13C2648-91D4-4BF3-BC6D-0079707C4389} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: SWiSH Max2.lnk . (.SWiSHzone.com Pty Ltd - SWiSH Max2 Application.) -- C:\Program Files\SWiSH Max2\SwishMax2.exe
O4 - GS\Program [timothée]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [l'autre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [l'autre]: Windows Install Clean Up.lnk . (...) -- C:\Documents and Settings\l'autre\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
O4 - GS\Program [cécile]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 28 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [timothée]: OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - GS\Program [timothée]: Uninstall LastPass RunOnce.lnk . (...) -- C:\Program Files\Fichiers communs\lpuninstall.exe (.not file.)
O4 - GS\Program [cécile]: OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] Clé orpheline
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\Run: [Norton Download Manager{NAV211018-SHPD-FSD40014}] C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [Norton Download Manager{NAV211018-SHPD-FSD40014}] C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} . (...) -- C:\deskotp\minecraft\IE_Toolbar.ico"
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -- C:\Program Files\Messenger\msmsgs.exe (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://freebox.free.fr/
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB" onclick="window.open(this.href);return false;
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} ((no name)) - http://www.apple.com/qtactivex/qtplugin.cab" onclick="window.open(this.href);return false;
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} ((no name)) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100330133817" onclick="window.open(this.href);return false;
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} ((no name)) - http://www.m6video.fr/1click/install/files/installer2.cab" onclick="window.open(this.href);return false;
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab" onclick="window.open(this.href);return false;
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab" onclick="window.open(this.href);return false;
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab" onclick="window.open(this.href);return false;
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ((no name)) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab" onclick="window.open(this.href);return false;
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab" onclick="window.open(this.href);return false;
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} ((no name)) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab" onclick="window.open(this.href);return false;
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} ((no name)) - http://quickscan.bitdefender.com/qsax/qsax.cab" onclick="window.open(this.href);return false;
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} ((no name)) - http://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB" onclick="window.open(this.href);return false;
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} ((no name)) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab" onclick="window.open(this.href);return false;
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) - http://go.divx.com/plugin/DivXBrowserPlugin.cab" onclick="window.open(this.href);return false;
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} ((no name)) - https://webdl.symantec.com/activex/symdlmgr.cab" onclick="window.open(this.href);return false;
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175964905828" onclick="window.open(this.href);return false;
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} ((no name)) - http://www3.snapfish.fr/SnapfishActivia2.cab" onclick="window.open(this.href);return false;
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers2.touslesdrivers.com/maconfig/MaConfig_6_5_0_3.cab" onclick="window.open(this.href);return false;
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} ((no name)) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab" onclick="window.open(this.href);return false;
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab" onclick="window.open(this.href);return false;
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} ((no name)) - http://support.euro.dell.com/systemprofiler/DellSystemLite.CAB" onclick="window.open(this.href);return false;
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} ((no name)) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab" onclick="window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{61C515C7-B64F-467A-9261-8162EFAE3690}: DhcpNameServer = 212.27.53.252 212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{693F11B7-66AA-46EC-B8D7-18ED0E0CCD42}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB463B1A-9B41-4758-A5C2-E1F5C1C22A5C}: DhcpNameServer = 212.27.54.252 212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{61C515C7-B64F-467A-9261-8162EFAE3690}: DhcpNameServer = 212.27.53.252 212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{AB463B1A-9B41-4758-A5C2-E1F5C1C22A5C}: DhcpNameServer = 212.27.54.252 212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{B3943116-9502-4660-93F2-97717C6F04ED}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{61C515C7-B64F-467A-9261-8162EFAE3690}: DhcpNameServer = 212.27.53.252 212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{693F11B7-66AA-46EC-B8D7-18ED0E0CCD42}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{AB463B1A-9B41-4758-A5C2-E1F5C1C22A5C}: DhcpNameServer = 212.27.54.252 212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{61C515C7-B64F-467A-9261-8162EFAE3690}: DhcpNameServer = 212.27.53.252 212.27.54.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{693F11B7-66AA-46EC-B8D7-18ED0E0CCD42}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{AB463B1A-9B41-4758-A5C2-E1F5C1C22A5C}: DhcpNameServer = 212.27.54.252 212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe (.not file.)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\l'autre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\l'autre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tà¢ches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [430]
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\DOCUME~1\l'autre\APPLIC~1\MySearchDial\UpdateProc\UpdateTask.exe (.not file.) [0] =>Adware.MyWebSearch
~ Scheduled Task: 60 Legitimates Filtered in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (BHDrvx86) . (. - .) - C:\WINDOWS\system32\Drivers\NIS\1002000.007\BHDrvx86.sys (.not file.)
O41 - Driver: (ccHP) . (. - .) - C:\WINDOWS\system32\Drivers\NIS\1002000.007\ccHPx86.sys (.not file.)
O41 - Driver: (IDSxpx86) . (. - .) - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090206.001\IDSxpx86.sys (.not file.)
O41 - Driver: (SRTSP) . (. - .) - C:\WINDOWS\system32\Drivers\NIS\1002000.007\SRTSP.sys (.not file.)
O41 - Driver: (SRTSPX) . (. - .) - C:\WINDOWS\system32\Drivers\NIS\1002000.007\SRTSPX.sys (.not file.)
O41 - Driver: (SYMTDI) . (. - .) - C:\WINDOWS\system32\Drivers\NIS\1002000.007\SYMTDI.sys (.not file.)
~ Drivers: 123 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: FreebieSMS - (.Open Merchant Account Ltd.) [HKLM] -- {7E70ED5B-DA34-428E-8D51-9BF79D197B81}
O42 - Logiciel: Playviz - (.Previznet.) [HKCU] -- Playviz
~ Logic: 40 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Radio_Bar_1]
[HKCU\Software\RegistryEasy]
[HKCU\Software\myBabylon] =>PUP.Babylon
[HKCU\Software\Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“ Æ’EÆ’BÆ’U[Æ’h‚à…¶¬‚³‚ꂽƒ[Æ’Jƒ‹ Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“]
[HKLM\Software\CBL]
[HKLM\Software\DK Multimedia]
~ Key Software: 437 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/05/2007 - 20:00:57 - [16,317] ----D C:\Program Files\Audio
O43 - CFD: 06/10/2010 - 07:28:10 - [9,372] ----D C:\Program Files\b4673df865f8ee48b339843151
O43 - CFD: 09/08/2009 - 22:19:53 - [6,094] ----D C:\Program Files\fa77c8bd311607e61f8bd9
O43 - CFD: 14/10/2013 - 03:47:47 - [14,487] ----D C:\Program Files\NoAdware5.0 =>Rogue.NoAdware
O43 - CFD: 04/05/2011 - 12:34:10 - [2,598] ----D C:\Program Files\Perfection
O43 - CFD: 01/03/2008 - 10:59:41 - [43,402] ----D C:\Program Files\ViaVoice
O43 - CFD: 06/03/2007 - 16:58:53 - [0] ----D C:\Program Files\Zanag
O43 - CFD: 09/10/2013 - 07:53:09 - [0,004] ----D C:\Documents and Settings\All Users\Application Data\9223B3E6-70DD-4e2f-965B-DD8E02D2E20B
O43 - CFD: 13/11/2013 - 21:26:05 - [0,002] ----D C:\Documents and Settings\All Users\Application Data\NCOTEMP
O43 - CFD: 27/08/2009 - 05:39:42 - [25,083] ----D C:\Documents and Settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
O43 - CFD: 20/01/2014 - 11:18:03 - [30,281] -SH-D C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 29/08/2008 - 10:46:03 - [33,915] ----D C:\Documents and Settings\l'autre\Local Settings\Application Data\Installer5532
O43 - CFD: 29/08/2008 - 11:08:59 - [30,447] ----D C:\Documents and Settings\l'autre\Local Settings\Application Data\Installer5808
~ Program Folder: 309 Legitimates Filtered in 00mn 08s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.11792102D2FA64E0B919482C074D2006] - 13/01/2014 - 12:26:09 ---A- . (...) -- C:\WINDOWS\imsins.BAK [4566]
O44 - LFC:[MD5.124E8A82F02C2BAA87729B3CD36DDA7C] - 14/01/2014 - 10:12:44 ---A- . (...) -- C:\WINDOWS\ie7_main.log [1118]
O44 - LFC:[MD5.8C443BC9EAA7C022528D27BA7C7C1E70] - 15/01/2014 - 21:39:38 ---A- . (...) -- C:\WINDOWS\msmqinst.log [55310]
O44 - LFC:[MD5.B89E303DD7E93271AD068831FA0A8D10] - 15/01/2014 - 21:39:40 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [189837]
O44 - LFC:[MD5.9F22EE9D6F99C0A3713F1783E8E68750] - 15/01/2014 - 21:39:40 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [11407]
O44 - LFC:[MD5.F1AD74DAB21604F9F6A50A8EC3513F6F] - 15/01/2014 - 21:39:40 ---A- . (...) -- C:\WINDOWS\msgsocm.log [8143]
O44 - LFC:[MD5.F9741E94F2E5E467CA19FC396736C914] - 15/01/2014 - 21:39:40 ---A- . (...) -- C:\WINDOWS\netfxocm.log [28153]
O44 - LFC:[MD5.4254820E16824C5DE12499B963263167] - 15/01/2014 - 21:39:40 ---A- . (...) -- C:\WINDOWS\ocgen.log [85322]
O44 - LFC:[MD5.23C4DC4F1DA2FEC6AEA06CFB7395D1E7] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\comsetup.log [53775]
O44 - LFC:[MD5.FC25235A4AA14FB03B72E58441ED6D13] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\iis6.log [207169]
O44 - LFC:[MD5.D3EDFB0C92849C8216D43E6CD558384D] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.1B8F0ED35BEA5834C93ECF1226F48FCD] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [33523]
O44 - LFC:[MD5.5A2A64597600DEEEACBAF968E0DA3C1F] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\ocmsn.log [9093]
O44 - LFC:[MD5.DB6BDF39AEE798198656A48867F13785] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\tabletoc.log [7775]
O44 - LFC:[MD5.C89A5E12B39F53CA2C2427EEE272ECD9] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\tsoc.log [75845]
O44 - LFC:[MD5.091437F81E299697D1B99D72B5AAC374] - 16/01/2014 - 08:55:01 ---A- . (...) -- C:\WINDOWS\wmsetup.log [35032]
O44 - LFC:[MD5.10D00C91382E7B543B3F6106A89131CF] - 16/01/2014 - 12:59:32 ---A- . (...) -- C:\WINDOWS\RESULT.QTW [30]
O44 - LFC:[MD5.90C802AF2E57349CA97A71FDE99C9B36] - 16/01/2014 - 13:00:21 ---A- . (...) -- C:\WINDOWS\QT$INST$.~32 [832]
O44 - LFC:[MD5.CB492B7DF9B5C170D7C87527940EFF3B] - 16/01/2014 - 13:01:20 ---A- . (...) -- C:\WINDOWS\!ic.exe [4]
O44 - LFC:[MD5.F7F5A13AE44CA0AE939F070847257B2C] - 16/01/2014 - 13:01:20 ---A- . (...) -- C:\WINDOWS\icp.log [2744]
O44 - LFC:[MD5.96969B54888D044B7F1FAE11A8739D5B] - 16/01/2014 - 13:01:20 RSHA- . (...) -- C:\WINDOWS\ic.exe [78336]
O44 - LFC:[MD5.BA84EB7B65FD8400E3ADFB9749F74443] - 16/01/2014 - 13:01:20 RSHA- . (...) -- C:\WINDOWS\icfire.exe [81408]
O44 - LFC:[MD5.67384288CFF620EEF69A227EA91C332D] - 16/01/2014 - 13:01:21 ---A- . (...) -- C:\WINDOWS\nt16.dll [4238]
O44 - LFC:[MD5.53D3A2EDC4785745E55FAA0D1D7743D4] - 16/01/2014 - 13:01:21 ---A- . (...) -- C:\WINDOWS\tsnt.dll [49152]
O44 - LFC:[MD5.CA8D92758501F9BF7726711A87A539C2] - 16/01/2014 - 13:01:21 ---A- . (...) -- C:\WINDOWS\tsntx.exe [19456]
O44 - LFC:[MD5.943B40385C9D67AC0ECC70A5089663C0] - 16/01/2014 - 13:01:21 ---A- . (...) -- C:\WINDOWS\unwise.dll [30304]
O44 - LFC:[MD5.720C9C68CCB5A718756FCFC158C82C55] - 16/01/2014 - 13:01:21 ---A- . (.Softel vdm - Softel vdm SftTabs Custom Control.) -- C:\WINDOWS\sfttb.dll [235584]
O44 - LFC:[MD5.84A0D7D98E3D33B35FED032C473EA6A3] - 16/01/2014 - 13:01:21 RSHA- . (...) -- C:\WINDOWS\ts.dll [11618]
O44 - LFC:[MD5.6349F707B3F90766FFAA0C233E35848A] - 16/01/2014 - 13:01:35 ---A- . (...) -- C:\WINDOWS\USAGE.LOG [2022]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 20/01/2014 - 10:50:31 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.602BFC259E52760206F1395CBE4C7E42] - 20/01/2014 - 12:25:28 ---A- . (...) -- C:\WINDOWS\win.ini [662]
O44 - LFC:[MD5.CD18E303B47E126EAACDEFAD26B006B2] - 24/01/2014 - 08:37:36 ---A- . (.Pas de propriétaire - Setup/Uninstall.) -- C:\WINDOWS\isRS-000.tmp [712264]
O44 - LFC:[MD5.92982324F185544D97D4188C0231E8BB] - 24/01/2014 - 09:26:26 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.FE8FE5DA109E806885B60FCA95D31867] - 24/01/2014 - 09:28:10 ---A- . (...) -- C:\WINDOWS\wiadebug.log [300]
~ Files: 54 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.FB05C6B93D4099760D07D837F2D3DF66] - 24/01/2014 - 09:27:02 ---A- - C:\WINDOWS\Prefetch\NST.EXE-0B59D0BF.pf
O45 - LFCP:[MD5.A9C973AE605021ABDE2EC12EC4EB0C07] - 24/01/2014 - 09:27:03 ---A- - C:\WINDOWS\Prefetch\NAV.EXE-262BF0C0.pf
O45 - LFCP:[MD5.1E355ED07580798E71FB3D2C2B16194F] - 24/01/2014 - 09:27:03 ---A- - C:\WINDOWS\Prefetch\NST.EXE-0B59D0BE.pf
O45 - LFCP:[MD5.1BD0B984B063CE9755EAB63964DB480C] - 24/01/2014 - 09:27:04 ---A- - C:\WINDOWS\Prefetch\NAV.EXE-262BF0BF.pf
O45 - LFCP:[MD5.339CF02FD5C3065B7F928509C9676290] - 24/01/2014 - 09:28:16 ---A- - C:\WINDOWS\Prefetch\IS-M6371.EXE-2BF1A4FC.pf
O45 - LFCP:[MD5.0E873360FAFF8D393706F12B033D7EEA] - 24/01/2014 - 09:28:52 ---A- - C:\WINDOWS\Prefetch\TSNTX.EXE-27FFAF17.pf
~ Prefetcher: 75 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\l'autre\Local Settings\Temporary Internet Files\Content.IE5\NMS51YNU\Facemoods[1].exe" [Enabled] .(...) -- C:\Documents and Settings\l'autre\Local Settings\Temporary Internet Files\Content.IE5\NMS51YNU\Facemoods[1].exe (.not file.) =>Adware.Facemoods
O47 - AAKE:Key Export SP - "C:\Documents and Settings\l'autre\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe" [Enabled] .(...) -- C:\Documents and Settings\l'autre\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\rundll32.exe" [Enabled] Clé orpheline
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe" [Disabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe" [Disabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe" [Disabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [Disabled] .(...) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\DNA\btdna.exe" [Disabled] .(...) -- C:\Program Files\DNA\btdna.exe (.not file.)
~ Keys Export: 39 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Updater12747.exe [Key] . (...) -- C:\Documents and Settings\l'autre\Local Settings\Application Data\Updater12747\Updater12747.exe (.not file.) =>PUP.CrossRider
~ SMSR Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInstrumentation"=
~ MWPE Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.3CAB16755639FA012D3E6BFE7AE005CD] - 11/12/2002 - 14:25:16 R--A- . (.FreeBox SA - USB to NDIS Miniport Driver.) -- C:\WINDOWS\system32\Drivers\fbxusb.sys [18953]
O58 - SDL:[MD5.504E93682655A7B3AF1FB5BFF3F44322] - 20/10/2004 - 13:23:34 ---A- . (.FreeBox SA - Carte réseau virtuelle FreeBox USB.) -- C:\WINDOWS\system32\Drivers\fbxusb32.sys [21344]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 17:36:05 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 03/08/2004 - 21:41:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 03/08/2004 - 21:41:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 03/08/2004 - 21:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 03/08/2004 - 21:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:[MD5.0057F29323C393A35903B4C5DAF9A144] - 09/05/2007 - 14:16:40 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\WINDOWS\system32\Drivers\sncduvc.sys [28160]
O58 - SDL:[MD5.0A0E0A9F9C658FDE4CCCCC39928B0CF9] - 16/05/2007 - 12:02:54 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\WINDOWS\system32\Drivers\snp2uvc.sys [9602944]
O58 - SDL:[MD5.698ECD717FFA57FFE0B20D07BA4BD8E3] - 18/03/2006 - 06:23:46 R--A- . (.VM - Video streaming and Capture Device Driver.) -- C:\WINDOWS\system32\Drivers\usbVM31b.sys [194933]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 21/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\06.04.2014 vacanciel.url [475]
O61 - LFC: 21/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\BIBOLE\Bibliothèques de prêt de la Ville de Paris - Portail général.url [544]
O61 - LFC: 21/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\e-cigarette\4.90€ clearomizer CE4 vapo club.url [318]
O61 - LFC: 21/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\e-cigarette\COMPOSITION DU KITCigarette electronique eGo C.url [1099]
O61 - LFC: 21/01/2014 - 10:50:59 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\Liens\Portail Free.url [367]
O61 - LFC: 21/01/2014 - 10:50:59 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\Used B&H Photo.url [457]
O61 - LFC: 21/01/2014 - 10:51:18 ---A- . (...) -- C:\Documents and Settings\l'autre\Recent\MOT DE PASSE.wps.lnk [575]
O61 - LFC: 22/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\DANS LE VENTRE DE L'ORDI\IMPORTANT PAGE ACCUEIL - SosVirus.url [1728]
O61 - LFC: 22/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\DANS LE VENTRE DE L'ORDI\IMPORTANT mysearch dial search [Résolu].url [358] =>Adware.MyWebSearch
O61 - LFC: 22/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\DANS LE VENTRE DE L'ORDI\SOS Virus - suspicion d'infection.url [929]
O61 - LFC: 22/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\IMPORTANT PAGE D'ACCUIEUL SosVirus - SosVirus.url [1728]
O61 - LFC: 22/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\chants revolutionnaires\IPORTANT PADE ACCUEIL - SosVirus.url [1728]
O61 - LFC: 23/01/2014 - 10:50:46 ---A- . (...) -- C:\Documents and Settings\l'autre\Application Data\Microsoft\Internet Explorer\UserData\ZQHCRNNL\VSStatCookie[10].xml [186]
O61 - LFC: 23/01/2014 - 10:50:46 ---A- . (...) -- C:\Documents and Settings\l'autre\Application Data\Microsoft\Internet Explorer\UserData\ZQHCRNNL\VSStatCookie[7].xml [186]
O61 - LFC: 23/01/2014 - 10:50:46 -SHA- . (...) -- C:\Documents and Settings\l'autre\Application Data\Microsoft\Internet Explorer\UserData\index.dat [49152]
O61 - LFC: 23/01/2014 - 10:50:59 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\Programme TV.url [1475]
O61 - LFC: 23/01/2014 - 10:50:59 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\RBC assurances.com-voyages-pdf-baggages-effets-personnels_f.pdf.url [226]
O61 - LFC: 23/01/2014 - 10:50:59 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\RECETTE VIETNAMIENNE\Omelette vietnamienne à  la vapeur.url [7346]
O61 - LFC: 23/01/2014 - 10:50:59 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\RECETTE VIETNAMIENNE\Sauce nuoc mam préparée (à  la fin de la recette).url [7918]
O61 - LFC: 23/01/2014 - 10:50:59 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\RECETTE VIETNAMIENNE\legumes aigre-doux.url [7139]
O61 - LFC: 23/01/2014 - 10:50:59 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\Soumission d'assurance voyage – RBC Assurances.url [468]
O61 - LFC: 23/01/2014 - 10:51:18 ---A- . (...) -- C:\Documents and Settings\l'autre\Recent\dans le ventre de l'ordi.htm.lnk [580]
O61 - LFC: 24/01/2014 - 10:50:45 -SHA- . (...) -- C:\Documents and Settings\l'autre\Application Data\Microsoft\Credentials\S-1-5-21-448539723-879983540-682003330-1004\Credentials [372]
O61 - LFC: 24/01/2014 - 10:50:48 ---A- . (...) -- C:\Documents and Settings\l'autre\Application Data\ZHP\Log.txt [113997] =>.Nicolas Coolman
O61 - LFC: 24/01/2014 - 10:50:48 ---A- . (...) -- C:\Documents and Settings\l'autre\Application Data\ZHP\TestsZHPDiag.txt [3313] =>.Nicolas Coolman
O61 - LFC: 24/01/2014 - 10:50:48 ---A- . (...) -- C:\Documents and Settings\l'autre\Application Data\ZHP\ZHPDiag.txt [265448] =>.Nicolas Coolman
O61 - LFC: 24/01/2014 - 10:50:49 ---A- . (...) -- C:\Documents and Settings\l'autre\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 24/01/2014 - 10:50:49 ---A- . (...) -- C:\Documents and Settings\l'autre\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 24/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\DANS LE VENTRE DE L'ORDI\SOS Virus - SosVirus.url [1132]
O61 - LFC: 24/01/2014 - 10:51:00 -SHA- . (...) -- C:\Documents and Settings\l'autre\IETldCache\index.dat [262144]
O61 - LFC: 24/01/2014 - 10:51:10 -SHA- . (...) -- C:\Documents and Settings\l'autre\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-448539723-879983540-682003330-1004\Credentials [378]
O61 - LFC: 24/01/2014 - 10:51:11 ---A- . (...) -- C:\Documents and Settings\l'autre\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [18178]
O61 - LFC: 24/01/2014 - 10:51:18 ---A- . (...) -- C:\Documents and Settings\l'autre\Recent\AdwCleaner.lnk [395]
O61 - LFC: 24/01/2014 - 10:51:18 ---A- . (...) -- C:\Documents and Settings\l'autre\Recent\AdwCleaner[S5].txt.lnk [574]
O61 - LFC: 24/01/2014 - 10:51:18 ---A- . (...) -- C:\Documents and Settings\l'autre\Recent\Logs.lnk [1011]
O61 - LFC: 24/01/2014 - 10:51:18 ---A- . (...) -- C:\Documents and Settings\l'autre\Recent\Mes images.lnk [447]
O61 - LFC: 24/01/2014 - 10:51:18 ---A- . (...) -- C:\Documents and Settings\l'autre\Recent\ZHPDiag.txt.lnk [477] =>.Nicolas Coolman
O61 - LFC: 24/01/2014 - 10:51:18 ---A- . (...) -- C:\Documents and Settings\l'autre\Recent\mbam-log-2014-01-24 (08-39-44).txt.lnk [1450]
O61 - LFC: 24/01/2014 - 10:51:18 ---A- . (...) -- C:\Documents and Settings\l'autre\Recent\mysearchdial.bmp.lnk [608] =>Adware.MyWebSearch
O61 - LFC: 24/01/2014 - 10:51:18 -SHA- . (...) -- C:\Documents and Settings\l'autre\PrivacIE\index.dat [16187392]
~ 30 Fichiers temporaires (Temporary files)
~ 1196 Fichiers cookies (Cookies files)
~ Files: 565 Legitimates Filtered in 00mn 34s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: OTL - (.OldTimer.)
O63 - Logiciel: RSIT - (.random/random.)
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 27/09/2013 - C:\WINDOWS\system32\drivers\NAV\1501000.012\Ironx86.sys (SymIRON) .(.Symantec Corporation - Iron Driver.) - LEGACY_SYMIRON
~ Legacy: 216 Legitimates Filtered in 00mn 01s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {A3867493-3030-4088-813F-6FB2EC7FF2F8} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {F1541CE4-713E-4095-A42E-3653B97C737B} - (Google) - http://www.google.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {F1541CE4-713E-4095-A42E-3653B97C737B} - (Google) - http://www.google.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.E26BE6FA3834472ED98AD6865946A537] [SPRF][23/10/2008] (...) -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [32]
[MD5.7242492EF826B11C5F3371F7FD17751F] [SPRF][26/01/2007] (...) -- C:\Documents and Settings\l'autre\Local Settings\Application Data\fusioncache.dat [130]
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][18/02/2007] (...) -- C:\Documents and Settings\l'autre\Application Data\ezpinst.exe [87608]
[MD5.693E44D7B4F5FD5532DD2B47731C5F90] [SPRF][21/12/2013] (...) -- C:\Documents and Settings\l'autre\Bureau\adwcleaner-3.015.exe [1226802]
[MD5.4EB4BA2221FBE6C7AB923A6F48766832] [SPRF][26/05/2013] (...) -- C:\Documents and Settings\l'autre\Bureau\ccleaner 26.05.2013.reg [62888] =>Piriform Ltd
[MD5.6ECCCC287B0D0521D0CC198223951088] [SPRF][02/09/2013] (...) -- C:\Documents and Settings\l'autre\Bureau\CCleaner 02.09.2013.reg [36668] =>Piriform Ltd
[MD5.A5C9B50CC6FE42441135D05F2A3A1603] [SPRF][25/07/2012] (...) -- C:\Documents and Settings\l'autre\Bureau\ccleaner 2- 25.07.2012.reg [172] =>Piriform Ltd
[MD5.08EEFD4A952A58F1CE2D2400C4F07D5E] [SPRF][25/07/2012] (...) -- C:\Documents and Settings\l'autre\Bureau\ccleaner 25.07.2012.reg [43456] =>Piriform Ltd
[MD5.C3AB33FFBAC22763C385C42F9E2F363C] [SPRF][26/08/2013] (...) -- C:\Documents and Settings\l'autre\Bureau\ccleaner 25.08.2013.reg [104572] =>Piriform Ltd
[MD5.E267225347A4DFA7CF7EBE079861C01B] [SPRF][19/10/2012] (...) -- C:\Documents and Settings\l'autre\Bureau\cc_20121019_124449 19.10.2012.reg [24932]
[MD5.356E99951B401AB5874AAD61804154F8] [SPRF][09/03/2013] (...) -- C:\Documents and Settings\l'autre\Bureau\cc_20130309_152442.reg 09.03.2013.reg [62376]
[MD5.87CDB758078494951E427364C8A2B43E] [SPRF][09/03/2013] (...) -- C:\Documents and Settings\l'autre\Bureau\cc_20130309_152544.1.reg 09.03.2013.reg [1224]
[MD5.962BA07194CAB36D0AA00C1B395178C3] [SPRF][09/03/2013] (...) -- C:\Documents and Settings\l'autre\Bureau\cc_20130309_152832.reg.2.09.03.2013.reg [518]
[MD5.1685E9B41C2434B3BDED3C2D48EEAF90] [SPRF][08/06/2012] (.Blitware Technology Inc. - File Helper.) -- C:\Documents and Settings\l'autre\Bureau\filehelper_setup_ai.exe [7946320]
[MD5.A56288C66377FB2A086B19809668E530] [SPRF][18/05/2012] (.Pas de propriétaire - FreeMind Setup.) -- C:\Documents and Settings\l'autre\Bureau\FreeMind-Windows-Installer-0.9.0-max.exe [13655880]
[MD5.400426483D53C7573A784D5B85489F60] [SPRF][16/01/2012] (...) -- C:\Documents and Settings\l'autre\Bureau\sauvetage ccleaner.reg [113390] =>Piriform Ltd
[MD5.5B5E78F9E020A73CE1822347B2E6CCAC] [SPRF][16/01/2012] (...) -- C:\Documents and Settings\l'autre\Bureau\sauvetage ccleaner.reg 2.reg [1954] =>Piriform Ltd
[MD5.B52D1E24709F55126502A083AE2FEF7B] [SPRF][16/01/2012] (...) -- C:\Documents and Settings\l'autre\Bureau\sauvetage ccleaner.reg 3.reg [3420] =>Piriform Ltd
[MD5.DA960308757623730C4995BE874FACE2] [SPRF][16/01/2012] (...) -- C:\Documents and Settings\l'autre\Bureau\sauvetage ccleaner.reg 4.reg [910] =>Piriform Ltd
[MD5.032B4DE7EB0D4BA434532A2F92ED4EF3] [SPRF][09/04/2012] (...) -- C:\Documents and Settings\l'autre\Bureau\sauvetage ccleaner.reg 5.reg 09.04.2012.reg [31730] =>Piriform Ltd
~ Files: 26 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BAD8975D9543D21A8ED90BA6051071AC] [WIS][13/12/2013] (.Trusteer - Rapport.) -- C:\Windows\Installer\3c8b3.msi [2340864]
[MD5.371A9E131FF8B09865DC52407A53E624] [WIS][06/05/2007] (.Open Merchant Account Ltd - FreebieSMS.) -- C:\Windows\Installer\5b34d.msi [129536]
[MD5.32EDF0F691E5CAA09E39F6EA0580CF2F] [WIS][28/12/2012] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\b1f734.msi [24576] =>Adware.Boxore
~ WIS: 94 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 01/04/2007 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Auto 29/03/2005 516096 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 18/08/2005 7168 | (EverestDriver) . (...) - C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
SS - | Demand 26/08/2008 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 10/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 10/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 24/03/2009 183280 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 10/07/1658 0 | (PCDSRVC{E9D79540-57D5953E-06020101}_0) . (...) - c:\program files\dell support center\pcdsrvc.pkms
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 29/03/2005 360448 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 08/09/2013 1786704 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 05/12/2012 143928 | (MCLIENT) . (.Symantec Corporation.) - C:\Program Files\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
SR - | Auto 08/10/2013 262288 | (NAV) . (.Symantec Corporation.) - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
SR - | Auto 06/10/2013 129424 | (NCO) . (.Symantec Corporation.) - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
SR - | Auto 25/10/2013 1444120 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 06/03/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

~ Services: Scanned in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by l'autre at 24/01/2014 10:51:57

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13024 - (17/01/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Updater12747.exe] =>PUP.CrossRider^
[HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}] =>Adware.BHO
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit
[HKCU\Software\Radio_Bar_1] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpeedMaxPc] =>PUP.SpeedMaxPc
[HKCU\Software\USyndication] =>Trojan.USyndication
[HKCU\Software\usyndication.com] =>Trojan.USyndication
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111271147}] =>PUP.CrossRider
C:\Program Files\NoAdware5.0 =>Rogue.NoAdware^
C:\Program Files\vGrabber-software =>PUP.vGrabber
C:\Documents and Settings\l'autre\Local Settings\Application Data\Software =>Adware.Boxore
[HKCU\Software\myBabylon] =>PUP.Babylon^
C:\Windows\Installer\b1f734.msi =>Adware.Boxore^
~ Additionnel Scan: 303895 Items scanned in 00mn 48s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon" onclick="window.open(this.href);return false; =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/28291069-rogue-noadware" onclick="window.open(this.href);return false; =>Rogue.NoAdware
~ http://nicolascoolman.webs.com/apps/blog/show/26764465-adware-facemoods" onclick="window.open(this.href);return false; =>Adware.Facemoods
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider" onclick="window.open(this.href);return false; =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore" onclick="window.open(this.href);return false; =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit" onclick="window.open(this.href);return false; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/28947219-pup-speedmaxpc" onclick="window.open(this.href);return false; =>PUP.SpeedMaxPc
~ http://nicolascoolman.webs.com/apps/blog/show/27328365-trojan-usyndication" onclick="window.open(this.href);return false; =>Trojan.USyndication
~ http://nicolascoolman.webs.com/apps/blog/show/27632288-toolbar-vgrabber" onclick="window.open(this.href);return false; =>PUP.vGrabber
~ MSI: 10 link(s) detected in 00mn 48s



~ 2165 Legitimates filtered by white list
End of the scan (678 lines in 02mn 46s)(0)
il y a aussi 1chose bizarre dans le rapport ZHPDiag il est noté
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
GCIE: Google Chrome
alors que j'ai IE 5 et que je n'ai pas google chrome

en plus de tout ça évidemment ce qui m'a poussé à  prendre contact avec sos virus c'est la lenteur du PC .

voilà  tous mes malheurs je suis sà»re que vous allez m'aider à  résoudre tout cela
je vous en remercie d'avance
Avatar du membre
par HelperBot
#71362
Bonjour ,

Bienvenue sur SosVirus :)

Afin qu'un membre du groupe d'entraide (Helper) puisse t'aider au mieux, prend connaissance de ce qui suit :



Image La désinfection doit être suivie jusqu'à  la fin, même si tes problèmes ont disparu.
Image La désinfection sera terminée quand tu verras : Ce message (Clique sur le lien pour le visualiser)
Image Les Helper's sont tous bénévoles et ne peuvent pas toujours répondre de suite.
Image Les logiciels de désinfection devront être lancés uniquement depuis ton bureau.
Image Si tu as ouvert un sujet sur un autre forum, indique le lien de ce sujet afin que ton Helper puisse déjà  avoir une idée des problèmes.


  • Si tu as des questions sur les 'informations' ci-dessus, posent les en réponses :)
Image Message de l'administration :

[list][*] Les intervenants (Helper) sont en droit de fermer ton sujet s'ils constatent que ta version de Windows n'est pas légale.
[*] Les intervenants (Helper) sont en droit de refuser de t'aider s'ils constatent que tu utilises des cracks, keygens et autres systèmes de piratage.[/list]
Image Une fois que tu auras pris connaissance de ce qui est ci dessus et répondu,
un Helper prendra ton sujet en charge.

Bonne désinfection sur SosVirus
:)
Avatar du membre
par kink06
#71363
Bonjour,et bienvenue sur SoSVirus


Je vais te prendre en charge pour la désinfection. Il te suffira juste de te laisser guider par mes consignes, rien de plus :)

Informes moi quand tu as pris connaissance de ce qui est ci dessus :)
Avatar du membre
par soniatsen
#71366
:bravo1: et merci pour la réponse rapide
j'ai lu les règles du forum et j'y adhère à  100 %
Avatar du membre
par kink06
#71367
ok ce parti ;)

1) désinstaller =>
ESET Online Scanner v3 et Trusteer Sécurité des points d'accès v3.5.1304.15

puis fais ceci =>
  • Télécharge RogueKiller (de Tigzy) sur ton Bureau.
  • Lance RogueKiller, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista

    Note : Attends que le PreScan ait fini.
  • Clique sur Scan.
  • Une fois le scan terminé rends toi sur le bureau, le rapport RKreport[X]¤S¤.txt à  été créé.
  • Héberge le rapport RKreport[X]¤S¤.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
Image
Avatar du membre
par soniatsen
#71373
rebonjour
j'ai enlevé les 2 programmes et voici le rapport RK
Code: Tout sélectionner
RogueKiller V8.8.3 [Jan 24 2014] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/" onclick="window.open(this.href);return false;
Site Web : http://www.sur-la-toile.com/RogueKiller/" onclick="window.open(this.href);return false;
Blog : http://www.adlice.com" onclick="window.open(this.href);return false;

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : l'autre [Droits d'admin]
Mode : Recherche -- Date : 01/26/2014 16:14:43
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\WINDOWS\TSNT.dll [x] -> DECHARGà‰E
[SUSP PATH] tsntx.exe -- C:\WINDOWS\tsntx.exe [-] -> TUà‰ [TermProc]

¤¤¤ Entrees de registre : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVà‰

¤¤¤ Tà¢ches planifiées : 1 ¤¤¤
[V1][SUSP PATH] At1.job : C:\DOCUME~1\l'autre\APPLIC~1\MySearchDial\UpdateProc\UpdateTask.exe - /Check [x] -> TROUVà‰

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Addons navigateur : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x899EFBF0)
[Address] SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x899EFC88)
[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x89A12918)
[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x89A67F90)
[Address] SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x89F1A990)
[Address] SSDT[43] : NtCreateMutant @ 0x80617822 -> HOOKED (Unknown @ 0x899EFA18)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x89A67E60)
[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x89A5EA70)
[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643CB2 -> HOOKED (Unknown @ 0x899EF700)
[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x899EDA20)
[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x899EE3D8)
[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9362 -> HOOKED (Unknown @ 0x899EFAC0)
[Address] SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x899EFB58)
[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89DAD390)
[Address] SSDT[108] : unknown @ 0x805B206E -> HOOKED (Unknown @ 0x89A7B760)
[Address] SSDT[114] : NtOpenEvent @ 0x8060F1E0 -> HOOKED (Unknown @ 0x899EF980)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x89A5DA80)
[Address] SSDT[123] : NtOpenProcessToken @ 0x805EE030 -> HOOKED (Unknown @ 0x89A129A0)
[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x899EF850)
[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x89A3D9F0)
[Address] SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x89A67F08)
[Address] SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x899EFD20)
[Address] SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x899EFEE8)
[Address] SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x899EFF80)
[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (Unknown @ 0x899EF798)
[Address] SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x899EF8E8)
[Address] SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x899EFDB8)
[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x89A15650)
[Address] SSDT[258] : unknown @ 0x805D2502 -> HOOKED (Unknown @ 0x899EFE50)
[Address] SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x89A7B6E8)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x899EE480)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A167758)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x89EE5660)
[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A0ADA00)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89EE13F0)
[Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89A42A50)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89A676C8)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x89A716B0)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89E77720)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x899F0BB8)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A05B198)
[Inline] EAT @iexplore.exe (?_Clocptr@_Locimp@locale@std@@0PAV123@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x824AA589)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x71030022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x70FE0022)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x05CB0048)
[Inline] EAT @iexplore.exe (NtSetInformationProcess) : ntdll.dll -> HOOKED (Unknown @ 0x05CB012A)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x05CB0048)
[Inline] EAT @iexplore.exe (ZwSetInformationProcess) : ntdll.dll -> HOOKED (Unknown @ 0x05CB012A)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x05CB0CCA)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x71020022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x70FD0022)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x05570048)
[Inline] EAT @iexplore.exe (NtSetInformationProcess) : ntdll.dll -> HOOKED (Unknown @ 0x0557012A)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x05570048)
[Inline] EAT @iexplore.exe (ZwSetInformationProcess) : ntdll.dll -> HOOKED (Unknown @ 0x0557012A)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x05580048)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x71020022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x70FD0022)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380013AS +++++
--- User ---
[MBR] c3b2622c6f646be401a2261793e6d782
[BSP] 795a14b832cd706607cccac50ac6066c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_S_01262014_161443.txt >
merci
Avatar du membre
par kink06
#71376
  • (re)Lance RogueKiller, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista

    Note : Attends que le PreScan ait fini.
  • Clique sur Scan.
  • Clique sur Supression
  • Une fois le scan terminé rends toi sur le bureau, le rapport RKreport[X]¤D¤.txt à  été créé.
  • Héberge le rapport RKreport[X]¤D¤.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
Image


Pour la désinstallation de "CyberPatrol" comment as-tu procédé :interro: Si tu as désinstallé par la commande "ajout-suppression de programmes" dans le panneau de config, il est étonnant qu'il se lance de nouveau... S'est-il bien enlevé de la liste :interro: Si oui, vérifie dans la BR s'il y est encore et dans ce cas-là  supprime la clé correspondante. Mais avant, vérifie bien qu'il n'existe plus nulle part et en particulier dans le secteur "programsfiles".
Le cheminement de la BR est le suivant :
Regedit
Code : Tout sélectionner
/HKEY LOCAL MACHINE/SOFTWARE/MICROSOFT/WINDOWS/CURRENT VERSION/UNINSTALL.
Dis-moi ce qu'il en est... :interro:
Avatar du membre
par soniatsen
#71385
bonjour
quand je disais j'ai désinstallé les 2 programmes c'était trusteer et eset online
je n'ai pas désinstallé cyber patrol
d'ailleurs je ne le trouve nulle part ni dans programme files ni quand je fait regedit...uninstall il n'est pas là !
ni non plus dans ajout et suppression de programme
qu'en penses tu?
javais oublié de faire de faire suppression dans RK je l'ai fait et voilà  le rapport
Code: Tout sélectionner
RogueKiller V8.8.3 [Jan 24 2014] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/" onclick="window.open(this.href);return false;
Site Web : http://www.sur-la-toile.com/RogueKiller/" onclick="window.open(this.href);return false;
Blog : http://www.adlice.com" onclick="window.open(this.href);return false;

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : l'autre [Droits d'admin]
Mode : Suppression -- Date : 01/26/2014 16:41:12
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\WINDOWS\TSNT.dll [x] -> DECHARGà‰E
[SUSP PATH] tsntx.exe -- C:\WINDOWS\tsntx.exe [-] -> TUà‰ [TermProc]

¤¤¤ Entrees de registre : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACà‰ (0)

¤¤¤ Tà¢ches planifiées : 1 ¤¤¤
[V1][SUSP PATH] At1.job : C:\DOCUME~1\l'autre\APPLIC~1\MySearchDial\UpdateProc\UpdateTask.exe - /Check [x] -> SUPPRIMà‰

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Addons navigateur : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x899EFBF0)
[Address] SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x899EFC88)
[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x89A12918)
[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x89A67F90)
[Address] SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x89F1A990)
[Address] SSDT[43] : NtCreateMutant @ 0x80617822 -> HOOKED (Unknown @ 0x899EFA18)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x89A67E60)
[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x89A5EA70)
[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643CB2 -> HOOKED (Unknown @ 0x899EF700)
[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x899EDA20)
[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x899EE3D8)
[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9362 -> HOOKED (Unknown @ 0x899EFAC0)
[Address] SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x899EFB58)
[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89DAD390)
[Address] SSDT[108] : unknown @ 0x805B206E -> HOOKED (Unknown @ 0x89A7B760)
[Address] SSDT[114] : NtOpenEvent @ 0x8060F1E0 -> HOOKED (Unknown @ 0x899EF980)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x89A5DA80)
[Address] SSDT[123] : NtOpenProcessToken @ 0x805EE030 -> HOOKED (Unknown @ 0x89A129A0)
[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x899EF850)
[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x89A3D9F0)
[Address] SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x89A67F08)
[Address] SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x899EFD20)
[Address] SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x899EFEE8)
[Address] SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x899EFF80)
[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (Unknown @ 0x899EF798)
[Address] SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x899EF8E8)
[Address] SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x899EFDB8)
[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x89A15650)
[Address] SSDT[258] : unknown @ 0x805D2502 -> HOOKED (Unknown @ 0x899EFE50)
[Address] SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x89A7B6E8)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x899EE480)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A167758)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x89EE5660)
[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A0ADA00)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89EE13F0)
[Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89A42A50)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89A676C8)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x89A716B0)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89E77720)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x899F0BB8)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A05B198)
[Inline] EAT @iexplore.exe (?_Clocptr@_Locimp@locale@std@@0PAV123@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x824AA589)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x71030022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x70FE0022)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x05CB0048)
[Inline] EAT @iexplore.exe (NtSetInformationProcess) : ntdll.dll -> HOOKED (Unknown @ 0x05CB012A)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x05CB0048)
[Inline] EAT @iexplore.exe (ZwSetInformationProcess) : ntdll.dll -> HOOKED (Unknown @ 0x05CB012A)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x05CB0CCA)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x71020022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x70FD0022)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x05570048)
[Inline] EAT @iexplore.exe (NtSetInformationProcess) : ntdll.dll -> HOOKED (Unknown @ 0x0557012A)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x05570048)
[Inline] EAT @iexplore.exe (ZwSetInformationProcess) : ntdll.dll -> HOOKED (Unknown @ 0x0557012A)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x05580048)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x71020022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x70FD0022)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380013AS +++++
--- User ---
[MBR] c3b2622c6f646be401a2261793e6d782
[BSP] 795a14b832cd706607cccac50ac6066c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_D_01262014_164112.txt >>
RKreport[0]_S_01262014_161443.txt
je fais quoi pour cyber patrol et mysearchdial?

merci
Avatar du membre
par kink06
#71390
me tu le vois ou alors cyber patrol :interro:

fais ceci =>

  • Lances ZHPFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
    Image

    A l'aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l'encadré ci-dessous
    Code : Tout sélectionner
    Script ZHPFix =>
    ShortcutFix
    [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: Modified    => Infection Diverse (Trojan.Dropper)
    [MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\DOCUME~1\l'autre\APPLIC~1\MySearchDial\UpdateProc\UpdateTask.exe (.not file.) [0] =>Adware.MyWebSearch
    [HKCU\Software\myBabylon] =>PUP.Babylon
    O43 - CFD: 14/10/2013 - 03:47:47 - [14,487] ----D C:\Program Files\NoAdware5.0 =>Rogue.NoAdware
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\l'autre\Local Settings\Temporary Internet Files\Content.IE5\NMS51YNU\Facemoods[1].exe" [Enabled] .(...) -- C:\Documents and Settings\l'autre\Local Settings\Temporary Internet Files\Content.IE5\NMS51YNU\Facemoods[1].exe (.not file.) =>Adware.Facemoods
    O53 - SMSR:HKLM\...\startupreg\Updater12747.exe [Key] . (...) -- C:\Documents and Settings\l'autre\Local Settings\Application Data\Updater12747\Updater12747.exe (.not file.) =>PUP.CrossRider
    O61 - LFC: 22/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\DANS LE VENTRE DE L'ORDI\IMPORTANT mysearch dial search [Résolu].url [358] =>Adware.MyWebSearch
    O61 - LFC: 24/01/2014 - 10:51:18 ---A- . (...) -- C:\Documents and Settings\l'autre\Recent\mysearchdial.bmp.lnk [608] =>Adware.MyWebSearch
    O69 - SBI: SearchScopes [HKCU] {A3867493-3030-4088-813F-6FB2EC7FF2F8} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
    [MD5.32EDF0F691E5CAA09E39F6EA0580CF2F] [WIS][28/12/2012] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\b1f734.msi [24576] =>Adware.Boxore
    [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Updater12747.exe] =>PUP.CrossRider^
    [HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}] =>Adware.BHO
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpeedMaxPc] =>PUP.SpeedMaxPc
    [HKCU\Software\USyndication] =>Trojan.USyndication
    [HKCU\Software\usyndication.com] =>Trojan.USyndication
    [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111271147}] =>PUP.CrossRider
    C:\Program Files\NoAdware5.0 =>Rogue.NoAdware^
    C:\Program Files\vGrabber-software =>PUP.vGrabber
    C:\Documents and Settings\l'autre\Local Settings\Application Data\Software =>Adware.Boxore
    [HKCU\Software\myBabylon] =>PUP.Babylon^
    C:\Windows\Installer\b1f734.msi =>Adware.Boxore^
    OPT:O4 - GS\Program [timothée]: OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    OPT:O4 - GS\Program [cécile]: OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    OPT:O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
    OPT:O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
    OPT:O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
    OPT:O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
    OPT:O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
    OPT:SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
    O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} ((no name)) - http://www.m6video.fr/1click/install/fi ... aller2.cab    => Vérifier le nom du site
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline    => Toolbar.Google
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{34EA1C70-42CC-42C5-AA29-EC58B95A343E} Clé orpheline    => myBabylon Toolbar
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0FC85F5D-6207-4515-A490-45A549D285C0} Clé orpheline    => Radio Bar 1 Toolbar
    [HKCU\Software\Radio_Bar_1]    => Toolbar.Conduit
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit
    [HKCU\Software\Radio_Bar_1] =>Toolbar.Conduit
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1    => Internet Explorer Allows Proxy Settings Remotely
    ESET Online Scanner v3    => ESET
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{A13C2648-91D4-4BF3-BC6D-0079707C4389} Clé orpheline    => Orphean Key not necessary
    O4 - GS\Program [timothée]: Uninstall LastPass RunOnce.lnk . (...) -- C:\Program Files\Fichiers communs\lpuninstall.exe (.not file.)    => Fichier absent
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] Clé orpheline    => Orphean Key not necessary
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} ((no name)) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab    => Akamai Download Manager ActiveX
    O44 - LFC:[MD5.124E8A82F02C2BAA87729B3CD36DDA7C] - 14/01/2014 - 10:12:44 ---A- . (...) -- C:\WINDOWS\ie7_main.log [1118]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.8C443BC9EAA7C022528D27BA7C7C1E70] - 15/01/2014 - 21:39:38 ---A- . (...) -- C:\WINDOWS\msmqinst.log [55310]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.B89E303DD7E93271AD068831FA0A8D10] - 15/01/2014 - 21:39:40 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [189837]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.9F22EE9D6F99C0A3713F1783E8E68750] - 15/01/2014 - 21:39:40 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [11407]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.F9741E94F2E5E467CA19FC396736C914] - 15/01/2014 - 21:39:40 ---A- . (...) -- C:\WINDOWS\netfxocm.log [28153]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.4254820E16824C5DE12499B963263167] - 15/01/2014 - 21:39:40 ---A- . (...) -- C:\WINDOWS\ocgen.log [85322]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.23C4DC4F1DA2FEC6AEA06CFB7395D1E7] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\comsetup.log [53775]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.FC25235A4AA14FB03B72E58441ED6D13] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\iis6.log [207169]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.D3EDFB0C92849C8216D43E6CD558384D] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.1B8F0ED35BEA5834C93ECF1226F48FCD] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [33523]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.5A2A64597600DEEEACBAF968E0DA3C1F] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\ocmsn.log [9093]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.C89A5E12B39F53CA2C2427EEE272ECD9] - 15/01/2014 - 21:39:41 ---A- . (...) -- C:\WINDOWS\tsoc.log [75845]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.091437F81E299697D1B99D72B5AAC374] - 16/01/2014 - 08:55:01 ---A- . (...) -- C:\WINDOWS\wmsetup.log [35032]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.F7F5A13AE44CA0AE939F070847257B2C] - 16/01/2014 - 13:01:20 ---A- . (...) -- C:\WINDOWS\icp.log [2744]    => Fichiers de rapport (Log)
    O44 - LFC:[MD5.6349F707B3F90766FFAA0C233E35848A] - 16/01/2014 - 13:01:35 ---A- . (...) -- C:\WINDOWS\USAGE.LOG [2022]    => Fichiers de rapport (Log)
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\l'autre\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe" [Enabled] .(...) -- C:\Documents and Settings\l'autre\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe (.not file.)    => Fichier absent
    O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\rundll32.exe" [Enabled] Clé orpheline    => Orphean Key not necessary
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe" [Disabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe (.not file.)    => Fichier absent
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe" [Disabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe (.not file.)    => Fichier absent
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe" [Disabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe (.not file.)    => Fichier absent
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [430]    => Hewlett-Packard or Malware
    O47 - AAKE:Key Export SP - "C:\Program Files\DNA\btdna.exe" [Disabled] .(...) -- C:\Program Files\DNA\btdna.exe (.not file.)    => BitTorrent DNA%PeerToPeer
    [MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\DOCUME~1\l'autre\APPLIC~1\MySearchDial\UpdateProc\UpdateTask.exe (.not file.) [0] 
    [HKCU\Software\myBabylon] 
    O43 - CFD: 14/10/2013 - 03:47:47 - [14,487] ----D C:\Program Files\NoAdware5.0 
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\l'autre\Local Settings\Temporary Internet Files\Content.IE5\NMS51YNU\Facemoods[1].exe" [Enabled] .(...) -- C:\Documents and Settings\l'autre\Local Settings\Temporary Internet Files\Content.IE5\NMS51YNU\Facemoods[1].exe (.not file.) 
    O61 - LFC: 22/01/2014 - 10:50:58 ---A- . (...) -- C:\Documents and Settings\l'autre\Favoris\DANS LE VENTRE DE L'ORDI\IMPORTANT mysearch dial search [Résolu].url [358] 
    O61 - LFC: 24/01/2014 - 10:51:18 ---A- . (...) -- C:\Documents and Settings\l'autre\Recent\mysearchdial.bmp.lnk [608] 
    O69 - SBI: SearchScopes [HKCU] {A3867493-3030-4088-813F-6FB2EC7FF2F8} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com 
    [MD5.32EDF0F691E5CAA09E39F6EA0580CF2F] [WIS][28/12/2012] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\b1f734.msi [24576] 
    [HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}] 
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] 
    [HKCU\Software\Radio_Bar_1] 
    C:\Program Files\NoAdware5.0 
    C:\Documents and Settings\l'autre\Local Settings\Application Data\Software 
    [HKCU\Software\myBabylon] 
    C:\Windows\Installer\b1f734.msi 
    [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: Modified
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
    O41 - Driver: (IDSxpx86) . (. - .) - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090206.001\IDSxpx86.sys (.not file.)
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\l'autre\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe" [Enabled] .(...) -- C:\Documents and Settings\l'autre\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe (.not file.)
    O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\rundll32.exe" [Enabled] Clé orpheline
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe" [Disabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe (.not file.)
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe" [Disabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe (.not file.)
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe" [Disabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe (.not file.)
    O53 - SMSR:HKLM\...\startupreg\Updater12747.exe [Key] . (...) -- C:\Documents and Settings\l'autre\Local Settings\Application Data\Updater12747\Updater12747.exe (.not file.) 
    O61 - LFC: 23/01/2014 - 10:50:46 ---A- . (...) -- C:\Documents and Settings\l'autre\Application Data\Microsoft\Internet Explorer\UserData\ZQHCRNNL\VSStatCookie[10].xml [186]
    O61 - LFC: 23/01/2014 - 10:50:46 ---A- . (...) -- C:\Documents and Settings\l'autre\Application Data\Microsoft\Internet Explorer\UserData\ZQHCRNNL\VSStatCookie[7].xml [186]
    O61 - LFC: 23/01/2014 - 10:50:46 -SHA- . (...) -- C:\Documents and Settings\l'autre\Application Data\Microsoft\Internet Explorer\UserData\index.dat [49152]
    O61 - LFC: 24/01/2014 - 10:51:11 ---A- . (...) -- C:\Documents and Settings\l'autre\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [18178]
    [MD5.E26BE6FA3834472ED98AD6865946A537] [SPRF][23/10/2008] (...) -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [32]
    [MD5.7242492EF826B11C5F3371F7FD17751F] [SPRF][26/01/2007] (...) -- C:\Documents and Settings\l'autre\Local Settings\Application Data\fusioncache.dat [130]
    [MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][18/02/2007] (...) -- C:\Documents and Settings\l'autre\Application Data\ezpinst.exe [87608]
    [MD5.693E44D7B4F5FD5532DD2B47731C5F90] [SPRF][21/12/2013] (...) -- C:\Documents and Settings\l'autre\Bureau\adwcleaner-3.015.exe [1226802]
    [MD5.1685E9B41C2434B3BDED3C2D48EEAF90] [SPRF][08/06/2012] (.Blitware Technology Inc. - File Helper.) -- C:\Documents and Settings\l'autre\Bureau\filehelper_setup_ai.exe [7946320]
    [MD5.A56288C66377FB2A086B19809668E530] [SPRF][18/05/2012] (.Pas de propriétaire - FreeMind Setup.) -- C:\Documents and Settings\l'autre\Bureau\FreeMind-Windows-Installer-0.9.0-max.exe [13655880]
    [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.332]
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{34EA1C70-42CC-42C5-AA29-EC58B95A343E} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0FC85F5D-6207-4515-A490-45A549D285C0} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{A13C2648-91D4-4BF3-BC6D-0079707C4389} Clé orpheline
    O4 - GS\Program [timothée]: Uninstall LastPass RunOnce.lnk . (...) -- C:\Program Files\Fichiers communs\lpuninstall.exe (.not file.)
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] Clé orpheline
    O4 - HKUS\.DEFAULT\..\Run: [Norton Download Manager{NAV211018-SHPD-FSD40014}] C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (.not file.)
    O4 - HKUS\S-1-5-18\..\Run: [Norton Download Manager{NAV211018-SHPD-FSD40014}] C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (.not file.)
    O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
    O41 - Driver: (BHDrvx86) . (. - .) - C:\WINDOWS\system32\Drivers\NIS\1002000.007\BHDrvx86.sys (.not file.)
    O41 - Driver: (ccHP) . (. - .) - C:\WINDOWS\system32\Drivers\NIS\1002000.007\ccHPx86.sys (.not file.)
    O41 - Driver: (SRTSP) . (. - .) - C:\WINDOWS\system32\Drivers\NIS\1002000.007\SRTSP.sys (.not file.)
    O41 - Driver: (SRTSPX) . (. - .) - C:\WINDOWS\system32\Drivers\NIS\1002000.007\SRTSPX.sys (.not file.)
    O41 - Driver: (SYMTDI) . (. - .) - C:\WINDOWS\system32\Drivers\NIS\1002000.007\SYMTDI.sys (.not file.)
    O47 - AAKE:Key Export SP - "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [Disabled] .(...) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (.not file.)
    O47 - AAKE:Key Export SP - "C:\Program Files\DNA\btdna.exe" [Disabled] .(...) -- C:\Program Files\DNA\btdna.exe (.not file.)
    O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
    O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
    O4 - GS\Program [timothée]: OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - GS\Program [timothée]: Uninstall LastPass RunOnce.lnk . (...) -- C:\Program Files\Fichiers communs\lpuninstall.exe (.not file.)
    O4 - GS\Program [cécile]: OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] Clé orpheline
    O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
    [HKCU\Software\myBabylon] =>PUP.Babylon
    [HKCU\Software\Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“ Æ’EÆ’BÆ’U[Æ’h‚à…¶¬‚³‚ꂽƒ[Æ’Jƒ‹ Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“]
    O4 - HKUS\.DEFAULT\..\Run: [Norton Download Manager{NAV211018-SHPD-FSD40014}] C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (.not file.)
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
    O4 - HKUS\S-1-5-18\..\Run: [Norton Download Manager{NAV211018-SHPD-FSD40014}] C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (.not file.)
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} . (...) -- C:\deskotp\minecraft\IE_Toolbar.ico"
    O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
    O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -- C:\Program Files\Messenger\msmsgs.exe (.not file.)
    SysRestore 
    EmptyFlash
    ProxyFix
    EmptyCLSID
    Firewallraz
    EmptyTemp  
    1. Clique sur Importer
    2. Puis Clic sur "GO"
    Image

    Image
  • Confirmes les nettoyages des données en cliquant sur "Oui"
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à  été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
Avatar du membre
par soniatsen
#71397
bonsoir
merci pour tout
je dois absolument partir ,je n'ai pas le temps de faire ZHPDiag tout de suite .
je reprends ça demain matin

à  plus tard et bonne soirée

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)