bonjour!
voila le rapport
~ Rapport de ZHPDiag v2013.11.9.20 - Nicolas Coolman (09/11/2013)
~ Lancé par Rébecca (10/11/2013 12:29:44)
~ Adresse du Site Web
https://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection :
https://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v30.0.1599.101 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : JX9VK
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2006
---\\ Logiciels d'optimisation du système
CCleaner v3.07 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
eMule
Pando Media Booster v2.6.0.1
---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3035 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 11 GB (7%) free of 144 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-CHAUFOUR
~ User Name: Rébecca
~ All Users Names: Rébecca, Evelyne, Chaufour, Bryan, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Rébecca\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Rébecca\AppData\Roaming\
~ %Desktop% : C:\Users\Rébecca\Desktop\
~ %Favorites% : C:\Users\Rébecca\Favorites\
~ %LocalAppData% : C:\Users\Rébecca\AppData\Local\
~ %StartMenu% : C:\Users\Rébecca\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 11 Go of 144 Go)
D: Hard drive, Flash drive, Thumb drive (Free 106 Go of 144 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 14:18:30.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.C8ADAA6948993D839D14524847EA5B75] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 11:13:22.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 14:18:46.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 14:18:00.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 14:18:00.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 14:18:02.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 14:18:50.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parallèle.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.943B18305EAE3935598A9B4A3D560B4C] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/04/2009 - 14:18:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [248320]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 14:18:50.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 14:18:47.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4044
~ Mes musiques (My Musics) : 131/1838
~ Mes Videos (My Videos) : 5/148
~ Mes Favoris (My Favorites) : 1/113
~ Mes Documents (My Documents) : 5/296
~ Mon Bureau (My Desktop) : 12/1130
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 06s
---\\ Processus lancés
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.64080]
[MD5.ABBB8C380A24BC4E3D9EF916CAC3596D] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7547424] [PID.64092]
[MD5.C482C535CBFEFE722EC1EB7F11F680A3] - (.America Online, Inc. - AOL.) -- C:\Program Files\Common Files\aol\1265362316\ee\aolsoftware.exe [50736] [PID.64120]
[MD5.1029B84ECBE4B95ACB8491A3FE63D70F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.113124]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.64140]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.64160]
[MD5.95D0EA1BECAD6D781C3D09AEC1295E8F] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.64172]
[MD5.4777ED40233E42F69F0DAE68013FE310] - (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI\CardDetector.exe [274432] [PID.64252]
[MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896] [PID.64288]
[MD5.7C0704D4523BA671AFE6D028399942D3] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [3567800] [PID.64308]
[MD5.5B3994A919BDEF4BFE192C05A5B3D2A1] - (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe [3082320] [PID.4348]
[MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [275768] [PID.64412]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.6016]
[MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.65184]
[MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.65216]
[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.65244]
[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [844752] [PID.10368]
[MD5.0C3C47124215C5E566F92C3F2E31D86A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8192512] [PID.8316]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.8700]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1344]
[MD5.4BE7EC02133544CDE7A580875E130208] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1708]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.1960]
[MD5.85180CF88C5EBAD73B452A43A004CA51] - (.AOL LLC - AOL Connectivity Service.) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640] [PID.1916]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.776]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.836]
[MD5.4F4F94777D3DE647FD67E2145EAC1260] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [69632] [PID.2084]
[MD5.506B0B498216371D64ABB69145B70E4C] - (...) -- C:\Program Files\Tor\tor.exe [3233806] [PID.2368]
[MD5.CF7B0E597C1F34E528285495721DEEE9] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe [237960] [PID.3684]
[MD5.10E89F598469C60D8C87A8218089A87D] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Bryan\AppData\Local\Akamai\netsession_win.exe [4489472] [PID.64396]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Rébecca\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default]
https://www.searchgol.com =>Hijacker.SearchGol
G0 - GCSP: Preference [User Data\Default]
https://www.searchgol.com =>Hijacker.SearchGol
~ Google Browser: 8 Legitimates Filtered in 00mn 13s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://startpage.com
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL - Librairie de lien dynamique AOL Toolbar pou.) -- C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: AOL Toolbar - [HKLM]{DE9C389F-3316-41A7-809B-AA305ED9D922} . (.AOL - Librairie de lien dynamique AOL Toolbar pou.) -- C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: AOL 9.0 VR.lnk . (.AOL - AOL.) -- D:\AOL 9.0 VR\aol.exe
O4 - GS\Desktop [Public]: eMule.lnk . (.
https://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files\OpenOffice 4\program\soffice.exe
O4 - GS\Program [Public]: More Great Games.lnk - Clé orpheline
O4 - GS\QuickLaunch [Rébecca]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Rébecca]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Rébecca]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Rébecca]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Rébecca]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
https://www.sosvirus.net
O4 - GS\Desktop [Rébecca]: SosVirus sur Facebook.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
https://www.facebook.com
O4 - GS\QuickLaunch [Evelyne]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
https://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch [Evelyne]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
https://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch [Evelyne]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
https://feed.snapdo.com =>Hijacker.SmartBar
O4 - GS\Program [Evelyne]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
https://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Program [Evelyne]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
https://feed.snapdo.com =>Hijacker.SmartBar
O4 - GS\SystemTools [Evelyne]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
https://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Desktop [Evelyne]: bs_simple_annee_incomplete_-_a_compter_aout_2012_-_11--1 - Raccourci.lnk . (...) -- C:\Users\Rébecca\Documents\salaire hadrien.xls (.not file.)
O4 - GS\Desktop [Evelyne]: Documents - Raccourci.lnk . (...) -- C:\Users\Rébecca\Documents
O4 - GS\Desktop [Evelyne]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
https://feed.snapdo.com =>Hijacker.SmartBar
O4 - GS\QuickLaunch [Chaufour]: AOL 9.0 VR.lnk . (.AOL - AOL.) -- D:\AOL 9.0 VR\aol.exe
O4 - GS\QuickLaunch [Chaufour]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Chaufour]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Chaufour]: Titan Poker.lnk . (...) -- C:\Poker\Titan Poker\casino.exe (.not file.) =>Adware.Casino
O4 - GS\Program [Chaufour]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Chaufour]: Titan Poker.lnk . (...) -- C:\Poker\Titan Poker\casino.exe (.not file.) =>Adware.Casino
O4 - GS\SystemTools [Chaufour]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Chaufour]: Everest Poker.fr.lnk . (...) -- C:\Program Files\Everest Poker.fr\CStart.exe (.not file.) =>PUP.Casino
O4 - GS\QuickLaunch [Bryan]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Bryan]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Bryan]: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Bryan]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Bryan]: S4League.lnk . (.(c) Neowiz Games - S4 League Game Launcher.) -- C:\Program Files\alaplaya\S4League\patcher_s4.exe
O4 - GS\Program [Bryan]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Bryan]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Bryan]: Aquarium exotique Screensaver.lnk . (.Axialis Software - Screen Saver.) -- C:\Windows\System32\Aquarium Exotique.scr
O4 - GS\Desktop [Bryan]: Images - Raccourci.lnk . (...) -- C:\Users\Rébecca\Pictures
O4 - GS\Desktop [Bryan]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 127 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [Rébecca]: OpenOffice.org 3.1.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe (.not file.)
O4 - GS\Startup [Evelyne]: Lanceur.lnk . (.Micro Application - Pas de description.) -- C:\Program Files\Micro Application\LauncherMA.exe
O4 - GS\Startup [Evelyne]: OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe (.not file.)
O4 - GS\Startup [Bryan]: OpenOffice.org 3.1.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe (.not file.)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [HostManager] . (.America Online, Inc. - AOL.) -- C:\Program Files\Common Files\AOL\1265362316\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (.not file.) =>Adware.IMBooster
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [CardDetectorHUAWEI] . (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (.not file.) =>Toolbar.Google
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Pando Media Booster] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (.not file.) =>Toolbar.Google
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\Run: [AOL Fast Start] . (.AOL - AOL.) -- D:\AOL 9.0 VR\AOL.exe
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (.not file.) =>Adware.MegaSearch
O4 - HKUS\S-1-5-21-3385765646-2502414165-3692084876-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} . (.AOL - AOL Toolbar.) -- c:\program files\aol\aol toolbar 4.0\resources\fr-FR\aoltbres.dll
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} ((no name)) -
https://assets.photobox.com/assets/aurig ... 0728060044
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) -
https://copainsdavant.linternaute.com/fr ... oader5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) -
https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\bitguard\271769~1.27\{c16c1~1\bitguard.dll (.not file.) =>PUP.BitGuard
~ AppInit DLL: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Tor Win32 Service (tor) . (...) - C:\Program Files\Tor\tor.exe
~ Services: 8 Legitimates Filtered in 00mn 05s
---\\ Tàches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DMEPeriodicTask.job [304]
[MD5.00000000000000000000000000000000] [APT] [{208A3873-FE23-4176-8E18-4119AA0C2B68}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{71F025F2-2FE1-4D16-ABF5-985ABB27027A}] (...) -- c:\Users\Rébecca\Downloads\photofiltre.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Akamai NetSession Interface Service - (...) [HKLM] -- Akamai
O42 - Logiciel: Culture Gé Avancé mon coach particulier - (...) [HKLM] -- {8569BE3A-9F93-41A0-A59D-F58E9AFA553E}
O42 - Logiciel: Dans les secrets de l'art - (...) [HKLM] -- {4549B8D8-E4FD-418E-B238-D898C06E8DEC}
O42 - Logiciel: Holly 2 - Le pays magique - (...) [HKLM] -- {38374155-1720-4D43-AF0D-E11B0675B8A7}
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {B5A7A63A-EE4A-4735-A8E5-D2E242611E55} =>Adware.IMBooster
O42 - Logiciel: SweetIM for Messenger 3.6 - (.SweetIM Technologies Ltd..) [HKLM] -- {0D5BBB2B-F044-46C3-877B-6A6BE1E08D19} =>PUP.SweetIM
~ Logic: 89 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Pando Networks]
[HKLM\Software\Pando Networks]
~ Key Software: 145 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/09/2010 - 17:21:07 - [7,174] ----D C:\Program Files\Pando Networks
O43 - CFD: 23/05/2013 - 14:56:23 - [0,043] ----D C:\Program Files\Uninstaller
~ 540 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 720 Legitimates Filtered in 00mn 37s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.FD93DE34E4636DB9EB702385927E4354] - 04/11/2013 - 19:53:45 ----- . (...) -- C:\UsbFix [Scan 3] PC-DE-CHAUFOUR.txt [16387]
O44 - LFC:[MD5.AE74ED07562F3918AA89006D60989E70] - 09/11/2013 - 19:51:05 ----- . (...) -- C:\UsbFix [Clean 3] PC-DE-CHAUFOUR.txt [14890]
O44 - LFC:[MD5.A20DE33FAAB95A88086DBBFCBED39452] - 09/11/2013 - 20:10:17 ----- . (...) -- C:\UsbFix [Clean 4] PC-DE-CHAUFOUR.txt [9683]
O44 - LFC:[MD5.45B102D50E9800A5B28150AF32A1DAC6] - 09/11/2013 - 20:54:21 ---A- . (...) -- C:\UsbFix [Clean 5] PC-DE-CHAUFOUR.txt [11996]
~ Files: 57 Legitimates Filtered in 00mn 23s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.FCA9C4FC1BB131DFC21DCB77C1AC3824] - 10/11/2013 - 08:11:26 ---A- - C:\Windows\Prefetch\HPQPHOTOCRM.EXE-3FC4DE4E.pf
O45 - LFCP:[MD5.9226C89D33DCF75F2EF62739E4D583FC] - 10/11/2013 - 08:18:19 ---A- - C:\Windows\Prefetch\SHELLRESTART.EXE-8234B0D0.pf
O45 - LFCP:[MD5.E3C35134ACD2355ECCC80ADB5B29CD24] - 10/11/2013 - 08:18:20 ---A- - C:\Windows\Prefetch\WAOL.EXE-6897E6A6.pf
O45 - LFCP:[MD5.41FC697C991A4F25E4B11F74AA7AC9EE] - 10/11/2013 - 08:18:22 ---A- - C:\Windows\Prefetch\AOL.EXE-9A2184F3.pf
O45 - LFCP:[MD5.1FB4E186C25D0D1F6235F5E10E36F77D] - 10/11/2013 - 08:18:32 ---A- - C:\Windows\Prefetch\SHELLMON.EXE-FEF06B49.pf
O45 - LFCP:[MD5.8AFA712F95C970544C9D2A73A3DDF9CF] - 10/11/2013 - 08:18:45 ---A- - C:\Windows\Prefetch\AOLTPSD3.EXE-F1BCE065.pf
O45 - LFCP:[MD5.CB4BC40B8927AB36488C945E54CA20A3] - 10/11/2013 - 10:42:08 ---A- - C:\Windows\Prefetch\PATCHER_S4.EXE-0D924D66.pf
O45 - LFCP:[MD5.B988681BD17374F0599772C892E99428] - 10/11/2013 - 10:42:18 ---A- - C:\Windows\Prefetch\HGWC.EXE-04861EA2.pf
O45 - LFCP:[MD5.59E5C3F353D9BD5B3D6CD466B608CA71] - 10/11/2013 - 10:42:31 ---A- - C:\Windows\Prefetch\XTRAP.XT-B4B251B1.pf
O45 - LFCP:[MD5.145057AFE9A9146F1CFA421F0A267943] - 10/11/2013 - 12:09:27 ---A- - C:\Windows\Prefetch\INSTUP.EXE-52AC782A.pf
~ Prefetcher: 94 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 21/10/2013 - 06:31:42 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 09/11/2013 - 12:31:45 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [260408]
O61 - LFC: 09/11/2013 - 12:31:45 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\avgchrome\avgp [99779]
O61 - LFC: 09/11/2013 - 12:32:12 ---A- . (...) -- C:\Users\Rébecca\Documents\liste mangas.odt [18918]
O61 - LFC: 09/11/2013 - 12:33:14 ---A- . (...) -- C:\Users\Rébecca\telechargement\adwcleaner.exe [1073262]
O61 - LFC: 10/11/2013 - 12:31:49 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\Google\Chrome\User Data\Local State [45917]
O61 - LFC: 10/11/2013 - 12:31:51 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\PMB Files\cert\cert8.db [65536] =>P2P.Pando
O61 - LFC: 10/11/2013 - 12:31:51 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\PMB Files\cert\key3.db [16384] =>P2P.Pando
O61 - LFC: 10/11/2013 - 12:31:51 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\PMB Files\cert\secmod.db [16384] =>P2P.Pando
O61 - LFC: 10/11/2013 - 12:31:51 ---A- . (...) -- C:\Users\Rébecca\AppData\Local\PMB Files\pando.save [1125] =>P2P.Pando
O61 - LFC: 10/11/2013 - 12:32:11 ---A- . (...) -- C:\Users\Rébecca\AppData\Roaming\ZHP\Log.txt [20787] =>.Nicolas Coolman
O61 - LFC: 10/11/2013 - 12:32:11 ---A- . (...) -- C:\Users\Rébecca\AppData\Roaming\ZHP\TestsZHPDiag.txt [2900] =>.Nicolas Coolman
~ 3 Fichiers temporaires (Temporary files)
~ Files: 131 Legitimates Filtered in 01mn 32s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido -
https://www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <aol.exe> <>[HKLM\..\Shell\open\Command] (...) -- D:\AOL9~1.0VR\aol.exe
https://www.qvo6.com =>Hijacker.Qvo6
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {1615CDA5-C909-4415-BEFC-970AC3956881} - (Google) -
https://www.google.com
O69 - SBI: SearchScopes [HKCU] {4748B98B-7174-434f-9C7D-9EAFF2F37D8B} - (Bing) -
https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) -
https://www.google.com
O69 - SBI: SearchScopes [HKCU] {FB56CED7-3ECA-4609-8586-B91EFB70AB07} - (Yahoo) -
https://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\Rébecca\AppData\Local\Temp\Quarantine.exe [350259]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D97C371A-699C-49D3-9928-D4479D5D060B}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{14A84F40-472E-48DE-A052-5E7FD009794E}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{23EDC2B4-D84A-42A3-AA2C-958AFD0D7762}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\MMServer\Iminent.MMServer.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{42BBF812-402C-4E7B-B32C-7342C555022E}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\MMServer\Iminent.MMServer.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{A925AF45-8331-4D95-898E-8E97428B4FFA}" |In - Public - P6 - TRUE | .(...) -- C:\jeux\Elsword_FR\data\x2.exe (.not file.)
O87 - FAEL: "{4D717F40-99CD-4A61-84AA-91C134C5F2EF}" |In - Public - P17 - TRUE | .(...) -- C:\jeux\Elsword_FR\data\x2.exe (.not file.)
O87 - FAEL: "{2DE0D176-AF52-4AD3-B1ED-68F143F52C1F}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
~ Firewall: 219 Legitimates Filtered in 00mn 01s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "A36A7A5BA4EE53748A5E2D2E2416E155" . (.Iminent.) -- C:\Windows\Installer\{B5A7A63A-EE4A-4735-A8E5-D2E242611E55}\imbooster.ico =>Adware.IMBooster
O90 - PUC: "A6A9B7407E12FC548852A060E1FEB932" . (.SweetIM Toolbar for Internet Explorer 4.3.) -- C:\Windows\Installer\{047B9A6A-21E7-45CF-8825-0A061EEF9B23}\ARPPRODUCTICON.exe =>PUP.SweetIM
O90 - PUC: "BA172DB42E6685D4FA8808EFB370074C" . (.Fissa.) -- C:\Windows\Installer\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}\ARPPRODUCTICON.exe =>PUP.OfferBox
~ Update Products: 100 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.54EB55922213B6DD04896E6F781FDCF1] [WIS][03/06/2011] (.Iminent - Iminent.) -- C:\Windows\Installer\1465d47.msi [993280] =>Adware.IMBooster
[MD5.173D38427980E12E08829C35D8DD679E] [WIS][02/03/2011] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\1fa024c.msi [459264]
[MD5.248B3A1E05B4C347F5372C40DD8B7F73] [WIS][06/02/2012] (.SweetIM Technologies Ltd. - SweetIM for Messenger 3.6.) -- C:\Windows\Installer\2a6cd4f.msi [1947136] =>PUP.SweetIM
[MD5.D8B82ABBC1C82768978FBE17F58AFA66] [WIS][06/02/2012] (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer 4.0.) -- C:\Windows\Installer\2a6cd55.msi [1838592] =>PUP.SweetIM
[MD5.117E509FE6FF7257E1242EB56D4B7B5B] [WIS][04/11/2013] (.ReSoft Ltd. - Snap.Do.) -- C:\Windows\Installer\48c68.msi [1708032] =>Hijacker.SmartBar
~ WIS: 102 Legitimates Filtered in 00mn 04s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/01/2008 21504 | c:\program files\common files\akamai\netsession_win_8fa3539.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 23/10/2006 46640 | (AOL ACS) . (.AOL LLC.) - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 21/10/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 03/12/2008 69632 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SS - | Auto 06/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 20/02/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 24/02/2010 3432444 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/09/2013 3233806 | (tor) . (...) - C:\Program Files\Tor\tor.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
https://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13,
https://ad13.geekstog
Run by Rébecca at 10/11/2013 12:34:19
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 12993 - (09/11/2013)
Clés trouvées (Keys found) : 25
Valeurs trouvées (Values found) : 12
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B5A7A63A-EE4A-4735-A8E5-D2E242611E55}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}] =>PUP.SweetIM^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Classes\Installer\Features\A6A9B7407E12FC548852A060E1FEB932] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\A6A9B7407E12FC548852A060E1FEB932] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6A9B7407E12FC548852A060E1FEB932] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Classes\Installer\Features\B2BBB5D0440F3C6478B7A6B61E0ED891] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\B2BBB5D0440F3C6478B7A6B61E0ED891] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2BBB5D0440F3C6478B7A6B61E0ED891] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{047B9A6A-21E7-45CF-8825-0A061EEF9B23}] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Classes\AOLTB.AOLToolBand.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:IMBooster =>Adware.IMBooster^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Windows\Installer\1465d47.msi =>Adware.IMBooster^
C:\Windows\Installer\2a6cd4f.msi =>PUP.SweetIM^
C:\Windows\Installer\2a6cd55.msi =>PUP.SweetIM^
C:\Windows\Installer\48c68.msi =>Hijacker.SmartBar^
~ Additionnel Scan: 320790 Items scanned in 00mn 28s
---\\ Récapitulatif des détections trouvées sur votre station
~
https://nicolascoolman.webs.com/apps/blo ... -searchgol =>Hijacker.SearchGol
~
https://nicolascoolman.webs.com/apps/blo ... acker-qvo6 =>Hijacker.Qvo6
~
https://nicolascoolman.webs.com/apps/blo ... r-smartbar =>Hijacker.SmartBar
~
https://nicolascoolman.webs.com/apps/blo ... are-casino =>Adware.Casino
~
https://nicolascoolman.webs.com/apps/blo ... -imbooster =>Adware.IMBooster
~
https://nicolascoolman.webs.com/apps/blo ... bar-google =>Toolbar.Google
~
https://nicolascoolman.webs.com/apps/blo ... megasearch =>Adware.MegaSearch
~
https://nicolascoolman.webs.com/apps/blo ... p-bitguard =>PUP.BitGuard
~
https://nicolascoolman.webs.com/apps/blo ... up-sweetim =>PUP.SweetIM
~
https://nicolascoolman.webs.com/apps/blo ... fesecurity =>PUP.eSafeSecurity
~
https://nicolascoolman.webs.com/apps/blo ... p-offerbox =>PUP.OfferBox
~
https://nicolascoolman.webs.com/apps/blo ... e-spointer =>Adware.SPointer
~
https://nicolascoolman.webs.com/apps/blo ... eltasearch =>Toolbar.DeltaSearch
~
https://nicolascoolman.webs.com/apps/blo ... p-funmoods =>PUP.Funmoods
~
https://nicolascoolman.webs.com/apps/blo ... lbar-yahoo =>Toolbar.Yahoo
~
https://nicolascoolman.webs.com/apps/blo ... crossrider =>PUP.CrossRider
~ MSI: 16 link(s) detected in 00mn 28s
~ 1869 Legitimates filtered by white list
End of the scan (614 lines in 05mn 04s)(0)