- sam. 12 oct. 2013 18:49#11093
Bonjour,
Merci par avance de votre attention.
J'ai été infecté par le cheval de Troie HEURE:Exploit.Java.Generic.
J'ai exécuté les opérations demandées avant de poster et vous transmet mes rapports ci-dessous (impossible d'utiliser les attachements...).
J'espère que c'est bien ce dont vous avez besoin.
MBAM ZHPDiag A votre disposition.
Gilles.
Merci par avance de votre attention.
J'ai été infecté par le cheval de Troie HEURE:Exploit.Java.Generic.
J'ai exécuté les opérations demandées avant de poster et vous transmet mes rapports ci-dessous (impossible d'utiliser les attachements...).
J'espère que c'est bien ce dont vous avez besoin.
- Code: Tout sélectionner
# AdwCleaner v3.007 - Rapport créé le 12/10/2013 à 17:36:34
# Mis à jour le 09/10/2013 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : lipdubz - CHOISIRTOUJOURS
# Exécuté depuis : C:\Users\lipdubz\Downloads\adwcleaner.exe
# Option : Nettoyer
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
Dossier Supprimé : C:\ProgramData\Ask
Dossier Supprimé : C:\Program Files\Ask.com
Dossier Supprimé : C:\Users\lipdubz\AppData\Local\apn
Dossier Supprimé : C:\Users\lipdubz\AppData\Local\Temp\AskSearch
Dossier Supprimé : C:\Users\lipdubz\AppData\LocalLow\AskToolbar
Dossier Supprimé : C:\Users\lipdubz\AppData\Roaming\Mozilla\Firefox\Profiles\ks0kk842.default\jetpack
Dossier Supprimé : C:\Users\lipdubz\AppData\Roaming\Mozilla\Firefox\Profiles\ks0kk842.default\Extensions\toolbar@ask.com
Fichier Supprimé : C:\Users\lipdubz\AppData\Roaming\Mozilla\Firefox\Profiles\ks0kk842.default\searchplugins\Askcom.xml
Fichier Supprimé : C:\Users\lipdubz\AppData\Roaming\Mozilla\Firefox\Profiles\ks0kk842.default\searchplugins\askcomsearch.xml
Fichier Supprimé : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Fichier Supprimé : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Raccourcis ] *****
***** [ Registre ] *****
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEEEEA5E-86BB-4FB1-A6BF-A501AE44D2F1}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEEEEA5E-86BB-4FB1-A6BF-A501AE44D2F1}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Clé Supprimée : HKCU\Software\APN
Clé Supprimée : HKCU\Software\Ask.com
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\YahooPartnerToolbar
Clé Supprimée : HKCU\Software\AppDataLow\Software\AskToolbar
Clé Supprimée : HKCU\Software\AppDataLow\Software\smartbar
Clé Supprimée : HKLM\Software\APN
Clé Supprimée : HKLM\Software\AskToolbar
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Navigateurs ] *****
-\\ Internet Explorer v8.0.6001.19475
-\\ Mozilla Firefox v24.0 (fr)
[ Fichier : C:\Users\lipdubz\AppData\Roaming\Mozilla\Firefox\Profiles\ks0kk842.default\prefs.js ]
Ligne Supprimée : user_pref("browser.search.defaultengine", "Ask.com Search");
Ligne Supprimée : user_pref("browser.search.defaultenginename", "Ask.com Search");
Ligne Supprimée : user_pref("browser.search.order.1", "Ask.com Search");
Ligne Supprimée : user_pref("browser.search.selectedEngine", "Ask.com Search");
Ligne Supprimée : user_pref("extensions.asktb.ff-original-keyword-url", "");
-\\ Google Chrome v
[ Fichier : C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10445 octets] - [12/10/2013 17:33:34]
AdwCleaner[S0].txt - [10378 octets] - [12/10/2013 17:36:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10439 octets] ##########
MBAM
- Code: Tout sélectionner
Malwarebytes Anti-Malware 1.75.0.1300
https://www.malwarebytes.org
Version de la base de données: v2013.10.12.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19475
lipdubz :: CHOISIRTOUJOURS [administrateur]
12/10/2013 17:02:37
mbam-log-2013-10-12 (17-02-37).txt
Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 219957
Temps écoulé: 10 minute(s), 49 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 1
C:\Users\lipdubz\AppData\Local\temp\CT3285358 (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
Fichier(s) détecté(s): 1
C:\Users\lipdubz\AppData\Local\temp\CT3285358\ddt.csf (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
(fin)
- Code: Tout sélectionner
~ Rapport de ZHPDiag v2013.10.12.33 - Nicolas Coolman (12/10/2013)
~ Lancé par lipdubz (12/10/2013 17:51:20)
~ Adresse du Site Web https://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.19475
MFIE: Mozilla Firefox 24.0 (Defaut)
GCIE: Google Chrome v30.0.1599.69
OBIE: Safari v5.34.57.2
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RJ34F
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Kaspersky Internet Security 2013 v13.0.1.4190
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 - Français
Java 7 Update 25
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3069 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 27 GB (18%) free of 149 GB
---\\ Mode de connexion au système
~ Computer Name: CHOISIRTOUJOURS
~ User Name: lipdubz
~ All Users Names: lipdubz, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\lipdubz\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\lipdubz\AppData\Roaming\
~ %Desktop% : C:\Users\lipdubz\Desktop\
~ %Favorites% : C:\Users\lipdubz\Favorites\
~ %LocalAppData% : C:\Users\lipdubz\AppData\Local\
~ %StartMenu% : C:\Users\lipdubz\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 27 Go of 149 Go)
E: Hard drive, Flash drive, Thumb drive (Free 142 Go of 148 Go)
F: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.1853004D970C5F6C298711A2C105EB64] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/09/2013 - 13:57:49.) -- C:\Windows\System32\wininet.dll [916992]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/120
~ Mes musiques (My Musics) : 1/294
~ Mes Videos (My Videos) : 1/6
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 1/587
~ Mon Bureau (My Desktop) : 0/7576
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 41s
---\\ Processus lancés
[MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128] [PID.1480]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.1728]
[MD5.B2387FD351A3D4780A917E4C00A83310] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3256]
[MD5.1E164CF26C71C5648A3FFECAA18BBF59] - (.TOSHIBA - CD/DVD Drive Acoustic Silencer.) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [435512] [PID.3432]
[MD5.CAD76DEE2311C5FFF840A2EB7B058143] - (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe [6158240] [PID.3088]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3588]
[MD5.0D3745CA2F064F2D6B6388C6AA5D3BC7] - (.Google Inc. - Google Chrome.) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\Application\chrome.exe [844752] [PID.3268]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3084]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [274840] [PID.2704]
[MD5.C5F101D7E53AA530BB0496EB9556807C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8076288] [PID.5776]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3252]
[MD5.761F38EE3C1146A7434AD72763382544] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [176128] [PID.1236]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1496]
[MD5.319B8F8CDD5DDB40B39E198148A0A2AE] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [303104] [PID.1576]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1340]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1684]
[MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448] [PID.1720]
[MD5.721D8DF7BE216946367255DE91529AB8] - (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104] [PID.2068]
[MD5.FB8448D1B0DA00D70C28ADF9282B31BB] - (.TOSHIBA Corporation - TSS TMachInfo Service.) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776] [PID.2276]
[MD5.22E83B887E6A40FD401EE70EC45F8307] - (.TOSHIBA Corporation - TOSHIBA Navi Support Service.) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312] [PID.2312]
[MD5.C5AC715B65B01788ABC22D10749DDDD8] - (.TOSHIBA Corporation - TDCSrv Application.) -- C:\Windows\system32\TODDSrv.exe [129632] [PID.2332]
[MD5.5557E7F940CBCF09BE43379F551F6689] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [464224] [PID.2356]
[MD5.8EB3988C74FD9D0E0934977E36B5F9E6] - (.Toshiba - Service for SmartFaceV.) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [77824] [PID.2824]
[MD5.C00149A7027081539A66DC5A46695EAD] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.2832]
[MD5.C5A75EB48E2344ABDC162BDA79E16841] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384] [PID.3952]
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - (.Microsoft Corporation - Programme d‚installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [39424] [PID.6124]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bjgfdlplhmndoonmofmflcbiohgbkifn] HootSuite Hootlet v.3.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [dpiomfbhmjedaadgkpjibgbmmjmiofog] Tiroir Cultcut v.1.0.1.2 (Activé)
G2 - GCE: Preference [User Data\Default] [hfjhlpgahgkpncekpdkgfoeppikldble] Slinky Classique v.19.7 (Activé)
G2 - GCE: Preference [User Data\Default] [hjcccdngnaailhnoflbeficiokgcfaah] Pearltrees v.1.0.23 (Activé)
~ Google Browser: 24 Legitimates Filtered in 00mn 27s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\lipdubz\AppData\Roaming\Mozilla\Firefox\Profiles\ks0kk842.default\prefs.js
M2 - MFEP: prefs.js [lipdubz - ks0kk842.default\collector@broceliand.fr] [] pearltrees v (..)
P2 - FPN: [HKCU] [@us-w1.rockmelt.com/RockMelt Update;version=8] - (.RockMelt Inc. - RockMelt Update.) -- C:\Users\lipdubz\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
~ Firefox Browser: 37 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.RockMelt Inc. - RockMelt Update.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
O4 - GS\Program [Public]: SocialBro.lnk . (...) -- C:\Program Files\SocialBro\SocialBro.exe
O4 - GS\QuickLaunch [lipdubz]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
O4 - GS\QuickLaunch [lipdubz]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [lipdubz]: Internet Explorer - Raccourci.lnk - Clé orpheline
O4 - GS\QuickLaunch [lipdubz]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [lipdubz]: mini PDF to PowerPoint Converter v2.0.lnk . (.mini PDF to PowerPoint Converter (https://ww - mini PDF to PowerPoint Converter (https://ww.) -- C:\Program Files\mini PDF to PowerPoint Converter v2.0\pdf2ppt.exe
O4 - GS\QuickLaunch [lipdubz]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [lipdubz]: Ordinateur - Raccourci.lnk - Clé orpheline
O4 - GS\Program [lipdubz]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [lipdubz]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [lipdubz]: Corbeille - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [lipdubz]: Donate.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe https://www.paypal.com =>Hijacker.Browsers
O4 - GS\Desktop [lipdubz]: Free Disinfection.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe https://www.sosvirus.net =>Hijacker.Browsers
O4 - GS\Desktop [lipdubz]: g3n-h@ckm@n's tools.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe https://security-helpzone.com =>Hijacker.Browsers
O4 - GS\Desktop [lipdubz]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [lipdubz]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [lipdubz]: Skin Prezi.pdf.lnk . (...) -- C:\Users\lipdubz\Documents\Skin Prezi.pdf
O4 - GS\Desktop [lipdubz]: slide 2.pdf.lnk . (...) -- C:\Users\lipdubz\Documents\slide 2.pdf
~ Global Startup: 60 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.exe
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\lipdubz\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [scheduler_monitor] . (...) -- C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RockMelt Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\lipdubz\AppData\Local\RockMelt\Update\RockMeltUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_8FD3B2B346B9D4E2AB31D9E18EAAE2A2] . (.Google Inc. - Google Chrome.) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-21-1363155397-4145936558-3493671463-1000\..\Run: [TOSCDSPD] TOSCDSPD.exe
O4 - HKUS\S-1-5-21-1363155397-4145936558-3493671463-1000\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-21-1363155397-4145936558-3493671463-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\lipdubz\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-1363155397-4145936558-3493671463-1000\..\Run: [scheduler_monitor] . (...) -- C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKUS\S-1-5-21-1363155397-4145936558-3493671463-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-1363155397-4145936558-3493671463-1000\..\Run: [RockMelt Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\lipdubz\AppData\Local\RockMelt\Update\RockMeltUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-1363155397-4145936558-3493671463-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1363155397-4145936558-3493671463-1000\..\Run: [GoogleChromeAutoLaunch_8FD3B2B346B9D4E2AB31D9E18EAAE2A2] . (.Google Inc. - Google Chrome.) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} . (...) -- C:\Program Files\eBay\ebay.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A751F38-6FDB-43BC-A935-B7BCE32DE616}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{7A751F38-6FDB-43BC-A935-B7BCE32DE616}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{7A751F38-6FDB-43BC-A935-B7BCE32DE616}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Google - Google Desktop.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{1FEB5A14-59AF-466C-BA99-49EBB1F262F4}] (...) -- C:\Users\lipdubz\Downloads\FastStoneCapture-5.3Fr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{613C4B7F-3DCE-4F36-83C2-80A8E8927329}] (...) -- C:\Users\lipdubz\Downloads\converter.exe (.not file.) [0]
~ Scheduled Task: 9 Legitimates Filtered in 00mn 04s
---\\ Logiciels installés (O42)
O42 - Logiciel: SocialBro - (.equipo24 S.L..) [HKLM] -- com.socialbro.air
O42 - Logiciel: SocialBro - (.equipo24 S.L..) [HKLM] -- {B05F2B41-43E1-C567-6B06-ADABB2DA57A7}
O42 - Logiciel: Stop Motion Animator 1.1.XP - (...) [HKLM] -- Stop Motion Animator 1.1.XP
~ Logic: 143 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Full Tilt Poker]
[HKCU\Software\ONISEP]
[HKCU\Software\PartyGaming]
[HKCU\Software\SB2Languages]
[HKLM\Software\ClamWin]
[HKLM\Software\Full Tilt Poker]
[HKLM\Software\OfficialVideoConverter]
[HKLM\Software\Yahoo]
~ Key Software: 235 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/04/2010 - 13:24:32 - [8,232] ----D C:\Program Files\ClamWin
O43 - CFD: 12/07/2011 - 16:53:59 - [8,239] ----D C:\Program Files\List_Kill'em
O43 - CFD: 28/06/2011 - 23:23:42 - [79,365] ----D C:\Program Files\OfficialVideoConverter
O43 - CFD: 19/01/2012 - 12:53:37 - [4,099] ----D C:\Program Files\SocialBro
O43 - CFD: 22/08/2010 - 21:38:35 - [1,219] ----D C:\Program Files\Stop Motion Animator
O43 - CFD: 21/03/2010 - 19:17:59 - [0,060] ----D C:\Program Files\Tournament Indicator
O43 - CFD: 12/07/2011 - 15:39:46 - [0,001] ----D C:\Users\lipdubz\AppData\Roaming\20B73154E3B249297343669B02CE9E1A
O43 - CFD: 19/01/2012 - 12:53:57 - [1,641] ----D C:\Users\lipdubz\AppData\Roaming\com.socialbro.air
O43 - CFD: 14/12/2009 - 21:36:29 - [0] ----D C:\Users\lipdubz\AppData\Roaming\itr.ecochallenger.5D3844AC855FD842782777DD74797D9EBFB1EF59.1
O43 - CFD: 22/07/2012 - 15:06:48 - [0,020] ----D C:\Users\lipdubz\AppData\Roaming\RCP 5
O43 - CFD: 12/10/2013 - 14:54:41 - [0,448] ----D C:\Users\lipdubz\AppData\Local\FullTiltPoker
O43 - CFD: 21/09/2013 - 21:55:24 - [0] ----D C:\Users\lipdubz\AppData\Local\SpaceKace
O43 - CFD: 08/07/2011 - 05:12:39 - [0,001] ----D C:\Users\lipdubz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Fix
~ Program Folder: 238 Legitimates Filtered in 02mn 39s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.47DFA8A93191E981A26599A4E1061F25] - 12/10/2013 - 14:26:30 R--A- . (...) -- C:\Pre_Scan_12_10_2013_15_26_30.txt [715043]
O44 - LFC:[MD5.B0F2471943C9CC30339DD4A783252D0C] - 12/10/2013 - 15:10:59 R--A- . (...) -- C:\Pre_script_16_11_00.txt [338]
O44 - LFC:[MD5.3A7ED9E0C65032ACEF5437EEAB90789D] - 12/10/2013 - 15:34:19 R--A- . (...) -- C:\Pre_Diag_12_10_2013_16_34_19.txt [576443]
~ Files: 72 Legitimates Filtered in 01mn 10s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.40446E7DD73F21C5A63AB3E71050B5E5] - 06/10/2013 - 18:38:55 ---A- - C:\Windows\Prefetch\30.0.1599.69_29.0.1547.76_CHR-26D8E1CD.pf
O45 - LFCP:[MD5.63AF211436EBAABA7E82E581132583FA] - 12/10/2013 - 15:05:28 ---A- - C:\Windows\Prefetch\WMIAV.EXE-0F990C7E.pf
O45 - LFCP:[MD5.D5DE92EA2CA8E4D41150A8FFAF8E680B] - 12/10/2013 - 15:13:08 ---A- - C:\Windows\Prefetch\PRE_SCAN.EXE-EFDB2018.pf
O45 - LFCP:[MD5.809C6B5AE09523564BE65F436187FBC3] - 12/10/2013 - 16:14:15 ---A- - C:\Windows\Prefetch\NS9639.TMP-9E1B2824.pf
~ Prefetcher: 85 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\eHmcHPSHLtmC [Key] . (...) -- C:\ProgramData\eHmcHPSHLtmC.exe (.not file.)
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 17 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 09/10/2013 - 17:59:22 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF150e5b3.TMP [44551]
O61 - LFC: 09/10/2013 - 17:59:43 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF22d1197.TMP [44724]
O61 - LFC: 09/10/2013 - 17:59:44 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF2460078.TMP [44724]
O61 - LFC: 09/10/2013 - 17:59:47 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF268de88.TMP [44724]
O61 - LFC: 09/10/2013 - 17:59:52 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF2a1700e.TMP [44724]
O61 - LFC: 09/10/2013 - 17:59:56 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF2d33550.TMP [44724]
O61 - LFC: 09/10/2013 - 18:00:13 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF3cbf106.TMP [45753]
O61 - LFC: 09/10/2013 - 18:00:45 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF75145c.TMP [44550]
O61 - LFC: 09/10/2013 - 18:01:06 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RFbf9752.TMP [44550]
O61 - LFC: 09/10/2013 - 18:05:15 ---A- . (...) -- C:\Users\lipdubz\Downloads\2_pages_laurent.pdf [709510]
O61 - LFC: 09/10/2013 - 18:05:27 ---A- . (...) -- C:\Users\lipdubz\Recent\2_pages_laurent.pdf.lnk [582]
O61 - LFC: 09/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\Présentation Permis de Bouger 071013.ppt.lnk [894]
O61 - LFC: 09/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\Présentation Permis de Bouger 081013.ppt.lnk [894]
O61 - LFC: 09/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\Srezo.lnk [728]
O61 - LFC: 09/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\Srezo_prez.ppt.lnk [993]
O61 - LFC: 10/10/2013 - 17:59:18 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF129a920.TMP [44722]
O61 - LFC: 10/10/2013 - 17:59:22 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF14bca85.TMP [44722]
O61 - LFC: 10/10/2013 - 17:59:23 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF15722e2.TMP [44722]
O61 - LFC: 10/10/2013 - 17:59:40 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF20afee.TMP [44721]
O61 - LFC: 10/10/2013 - 17:59:44 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF246fa60.TMP [44722]
O61 - LFC: 10/10/2013 - 18:00:45 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF75056e.TMP [44721]
O61 - LFC: 10/10/2013 - 18:00:58 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF9c2d2a.TMP [44721]
O61 - LFC: 10/10/2013 - 18:01:00 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RFa5cb4d.TMP [44721]
O61 - LFC: 10/10/2013 - 18:01:00 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RFa7c7e3.TMP [44721]
O61 - LFC: 10/10/2013 - 18:01:14 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RFe8d6f2.TMP [44722]
O61 - LFC: 10/10/2013 - 18:05:27 ---A- . (...) -- C:\Users\lipdubz\Recent\Illustr présentation.lnk [1101]
O61 - LFC: 10/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\Proposition SEO Aquabains.pdf.lnk [570]
O61 - LFC: 10/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\Présentation Permis de Bouger 091013.ppt.lnk [894]
O61 - LFC: 10/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\Présentation Permis de Bouger 101013.pdf.lnk [894]
O61 - LFC: 10/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\montage nuage.ppt.lnk [1479]
O61 - LFC: 11/10/2013 - 17:59:39 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF1f211a6.TMP [45933]
O61 - LFC: 11/10/2013 - 17:59:42 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF21c5ba1.TMP [45933]
O61 - LFC: 11/10/2013 - 18:00:18 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF4452d1.TMP [45934]
O61 - LFC: 11/10/2013 - 18:00:28 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF550964.TMP [45934]
O61 - LFC: 11/10/2013 - 18:01:02 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RFadfc2c.TMP [45934]
O61 - LFC: 11/10/2013 - 18:05:15 ---A- . (...) -- C:\Users\lipdubz\Downloads\contrat SEO Aquabains.docx [68205]
O61 - LFC: 11/10/2013 - 18:05:27 ---A- . (...) -- C:\Users\lipdubz\Recent\Downloads.lnk [360]
O61 - LFC: 11/10/2013 - 18:05:27 ---A- . (...) -- C:\Users\lipdubz\Recent\contrat SEO Aquabains.docx.lnk [617]
O61 - LFC: 12/10/2013 - 17:57:21 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [262573]
O61 - LFC: 12/10/2013 - 17:59:13 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State [45834]
O61 - LFC: 12/10/2013 - 17:59:23 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF157455.TMP [45878]
O61 - LFC: 12/10/2013 - 17:59:25 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF165909.TMP [45878]
O61 - LFC: 12/10/2013 - 18:00:02 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF3148f2.TMP [45878]
O61 - LFC: 12/10/2013 - 18:00:05 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF33ddb2.TMP [45880]
O61 - LFC: 12/10/2013 - 18:00:05 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF34954d.TMP [45878]
O61 - LFC: 12/10/2013 - 18:00:06 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF350f7b.TMP [45878]
O61 - LFC: 12/10/2013 - 18:00:15 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF3f630.TMP [45834]
O61 - LFC: 12/10/2013 - 18:00:38 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF66c78.TMP [45876]
O61 - LFC: 12/10/2013 - 18:00:45 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RF74385.TMP [45878]
O61 - LFC: 12/10/2013 - 18:01:04 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\User Data\Local State~RFb43b3.TMP [45878]
O61 - LFC: 12/10/2013 - 18:01:26 ---A- . (...) -- C:\Users\lipdubz\AppData\Local\Google\Update\1.3.21.165\goopdateres_fi.dll [862088]
O61 - LFC: 12/10/2013 - 18:04:56 ---A- . (...) -- C:\Users\lipdubz\AppData\Roaming\ZHP\Log.txt [19774] =>.Nicolas Coolman
O61 - LFC: 12/10/2013 - 18:04:56 ---A- . (...) -- C:\Users\lipdubz\AppData\Roaming\ZHP\TestsZHPDiag.txt [2872] =>.Nicolas Coolman
O61 - LFC: 12/10/2013 - 18:05:15 ---A- . (...) -- C:\Users\lipdubz\Downloads\adwcleaner.exe [1048960]
O61 - LFC: 12/10/2013 - 18:05:27 ---A- . (...) -- C:\Users\lipdubz\Recent\AdwCleaner.lnk [440]
O61 - LFC: 12/10/2013 - 18:05:27 ---A- . (...) -- C:\Users\lipdubz\Recent\AdwCleaner[S0].txt.lnk [521]
O61 - LFC: 12/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\MBAM-log-2013-10-12 (16-57-09).txt.lnk [521]
O61 - LFC: 12/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\Permis de bouger.lnk [529]
O61 - LFC: 12/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\Présentation Permis de Bouger 101013.ppt.lnk [894]
O61 - LFC: 12/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\Présentation Permis de Bouger 121013.ppt.lnk [894]
O61 - LFC: 12/10/2013 - 18:05:28 ---A- . (...) -- C:\Users\lipdubz\Recent\mbam-log-2013-10-12 (17-02-37).txt.lnk [521]
~ 96 Fichiers temporaires (Temporary files)
~ 2 Fichiers cookies (Cookies files)
~ Files: 461 Legitimates Filtered in 08mn 29s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: List_Kill'em - (.g3n-h@ckm@n.) [HKLM] -- {E88BA4E8-6B36-4D39-9499-C10B439819E1}_is1
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\lipdubz\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {04962786-709E-4EE7-8074-505754722ED3} - (Ask Search) - https://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {1323EEF8-240E-4ED0-ADB2-6716DC46D09D} - (Google) - https://www.google.com
O69 - SBI: SearchScopes [HKCU] {B92A7B66-6407-407D-B16B-D9954C3831EE} - (Yahoo! Search) - https://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.6EA18C193AAF14F9EDFF65EED8EFAB2C] [SPRF][09/10/2013] (...) -- C:\Users\lipdubz\AppData\Local\Temp\Quarantine.exe [344355]
[MD5.7BE0B65D2F4D40349BD6FA979C17B1E5] [SPRF][12/10/2013] (.Pas de propriétaire - g3n-h@ckm@n.) -- C:\Users\lipdubz\Desktop\Pre_Scan.exe [2577479]
~ Files: 3 Legitimates Filtered in 00mn 02s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{14BBAD21-B8FD-4690-91CB-93BE3B53BE13}C:\program files\fontforge\bin\xming-6.9.0.31\xming.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files\fontforge\bin\xming-6.9.0.31\xming.exe
O87 - FAEL: "UDP Query User{EC22ECC7-49F0-45F0-96F7-B38ADB15D275}C:\program files\fontforge\bin\xming-6.9.0.31\xming.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files\fontforge\bin\xming-6.9.0.31\xming.exe
~ Firewall: 183 Legitimates Filtered in 00mn 01s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "320059FC57C93484B886DFA8D546B1B4" . (.SendBlaster 2.) -- C:\Windows\Installer\{CF950023-9C75-4843-8B68-FD8A5D641B4B}\ARPPRODUCTICON.exe
~ Update Products: 142 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.166D9A8F9E1121FD397EFF0DBF185960] [WIS][01/04/2010] (.eDisplay srl - SendBlaster 2.) -- C:\Windows\Installer\232dbfd.msi [12210176]
[MD5.E18D317CDB173F94281359581989342C] [WIS][19/01/2012] (.equipo24 S.L. - SocialBro.) -- C:\Windows\Installer\a63de5.msi [29696]
~ WIS: 147 Legitimates Filtered in 00mn 09s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/04/2009 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 10/10/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 10/03/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
SS - | Demand 11/02/2009 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
SS - | Demand 21/06/2010 30192 | (GoogleDesktopManager-051210-111108) . (.Google.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
SS - | Demand 25/06/2009 137200 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 17/09/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 12/10/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 30/11/2007 558592 | (rcp_service) . (.ReaSoft.) - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
SS - | Auto 07/06/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Demand 25/08/2008 77824 | (SmartFaceVWatchSrv) . (.Toshiba.) - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
SR - | Auto 23/03/2009 116104 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SR - | Auto 01/04/2009 62776 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 27/05/2009 83312 | (TNaviSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
SR - | Auto 21/11/2007 129632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 06/03/2009 464224 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, https://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by lipdubz at 12/10/2013 18:06:29
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 05s
---\\ Scan Additionnel (O88)
Database Version : 12946 - (12/10/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKCU\Software\PartyGaming] =>Casino.OnlineGames
[HKLM\Software\OfficialVideoConverter] =>PUP.OfficialVideoConverter
[HKLM\Software\Classes\Installer\Features\95FA1DD41215F1249BD2EEFBF30243A5] =>PUP.OfficialVideoConverter
[HKLM\Software\Classes\Installer\Products\95FA1DD41215F1249BD2EEFBF30243A5] =>PUP.OfficialVideoConverter
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\95FA1DD41215F1249BD2EEFBF30243A5] =>PUP.OfficialVideoConverter
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4DD1AF59-5121-421F-B92D-EEBF3F20345A}] =>PUP.OfficialVideoConverter
C:\Program Files\officialvideoconverter =>PUP.OfficialVideoConverter
C:\Program Files\OneStopSoft.com =>PUP.Dealio
~ Additionnel Scan: 342771 Items scanned in 00mn 28s
---\\ Récapitulatif des détections trouvées sur votre station
~ https://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser =>Hijacker.Browsers
~ https://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ https://nicolascoolman.webs.com/apps/blog/show/29286660-pup-officialvideoconverter =>PUP.OfficialVideoConverter
~ https://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ MSI: 4 link(s) detected in 00mn 28s
~ 1812 Legitimates filtered by white list
End of the scan (568 lines in 15mn 37s)(0)
Gilles.
,
